Juan Lang wrote:
Now you tell me :-).
I've something in place already to get rid of the stray registry keys. Just needs some more thought and tweaking.
Well that's even better! Feel free to send here for comments :) --Juan
It's a new function that just changes the permissions:
static void change_reg_permissions(CHAR *regkey) { HKEY hkey; SID_IDENTIFIER_AUTHORITY ident = { SECURITY_WORLD_SID_AUTHORITY }; SECURITY_DESCRIPTOR sd; PSID EveryoneSid; PACL pacl = NULL;
RegOpenKeyExA(HKEY_LOCAL_MACHINE, regkey, 0, WRITE_DAC, &hkey);
/* Initialize the 'Everyone' sid */ AllocateAndInitializeSid(&ident, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
pacl = HeapAlloc(GetProcessHeap(), 0, 256); InitializeAcl(pacl, 256, ACL_REVISION);
/* Add 'Full Control' for 'Everyone' */ AddAccessAllowedAce(pacl, ACL_REVISION, KEY_ALL_ACCESS, EveryoneSid);
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE);
/* Set the new security on the registry key */ RegSetKeySecurity(hkey, DACL_SECURITY_INFORMATION, &sd);
RegCloseKey(hkey);
HeapFree(GetProcessHeap(), 0, pacl); if (EveryoneSid) FreeSid(EveryoneSid); }
Now we are able to remove the registry keys. Works fine on NT4, didn't test on Vista yet.
I didn't find a way yet (and didn't look to hard) to make the subkeys inherit these new permissions. Otherwise I have to do this for every key.