What registry access can you get without Administrator privileges?

情到浓时终转凉″ 提交于 2019-12-17 08:45:09

问题


I know that we shouldn't being using the registry to store Application Data anymore, but in updating a Legacy application (and wanting to do the fewest changes), what Registry Hives are non-administrators allowed to use?

Can I access all of HKEY_CURRENT_USER (the application currently access HKEY_LOCAL_MACHINE) without Administrator privileges?


回答1:


In general, a non-administrator user has this access to the registry:

Read/Write to:

  • HKEY_CURRENT_USER

Read Only:

  • HKEY_LOCAL_MACHINE
  • HKEY_CLASSES_ROOT (which is just a link to HKEY_LOCAL_MACHINE\Software\Classes)

It is possible to change some of these permissions on a key-by-key basis, but it's extremely rare. You should not have to worry about that.

For your purposes, your application should be writing settings and configuration to HKEY_CURRENT_USER. The canonical place is anywhere within HKEY_CURRENT_USER\Software\YourCompany\YourProduct\

You could potentially hold settings that are global (for all users) in HKEY_LOCAL_MACHINE. It is very rare to need to do this, and you should avoid it. The problem is that any user can "read" those, but only an administrator (or by extension, your setup/install program) can "set" them.

Other common source of trouble: your application should not write to anything in the Program files or the Windows directories. If you need to write to files, there are several options at hand; describing all of them would be a longer discussion. All of the options end up writing to a subfolder or another under %USERPROFILE% for the user in question.

Finally, your application should stay out of HKEY_CURRENT_CONFIG. This hive holds hardware configuration, services configurations and other items that 99.9999% of applications should not need to look at (for example, it holds the current plug-and-play device list). If you need anything from there, most of the information is available through supported APIs elsewhere.




回答2:


Yes, you should be able to write to any place under HKEY_CURRENT_USER without having Administrator privileges. But this is effectively a private store that no other user on this machine will be able to access, so you can't put any shared configuration there.



来源:https://stackoverflow.com/questions/53135/what-registry-access-can-you-get-without-administrator-privileges

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!