I am running into what I believe is a security problem trying to access the registry via WMI using stdregprov. I am trying to access the HKEY_CURRENT_USER\Control Panel\International key, specifically the value sDecimal. The following is the javascript snippet I am using:
var ls_regKey = "Control Panel\\International";
var HKCU = 0x80000001;
refRegistry = GetObject("winMgmts:{impersonationLevel=impersonate}!root\\fit1cd666\default:StdRegProv");
// determine if we can access the registry
var numAccessMask = 1;
var boolAllowed;
if ( refRegistry.CheckAccess(HKCU, ls_regKey, numAccessMask, boolAllowed) == 0 ) {
Svc.Trace(TRACE_DEBUG, TRACE_SOURCE + " registry access PERMITTED!");
} else {
Svc.Trace(TRACE_DEBUG, TRACE_SOURCE + " registry access DENIED or some other error");
}
refMethod = refRegistry.Methods_.Item("GetStringValue");
refInParam = refMethod.InParameters.SpawnInstance_();
refInParam.hDefKey = HKCU;
refInParam.sSubKeyName = ls_regKey;
refInParam.sValueName = "sDecimal";
refOutParam = refRegistry.ExecMethod_(refMethod.Name, refInParam);
decimalSep = refOutParam.sValue;
The script errors out on the CheckAccess stmt. Here is what I see in the wbemcore.log:
(Tue Feb 14 00:46:58 2006.-1308329406) : CALL
ConnectionLogin::NTLMLogin
wszNetworkResource = \\.\root\default
pPreferredLocale = (null)
lFlags = 0x0
(Tue Feb 14 00:46:58 2006.-1308329406) : DCOM connection from FIT1CD666
\Administrator at authentiction level Privacy, AuthnSvc = 10, AuthzSvc
= 0, Capabilities = 0
(Tue Feb 14 00:46:58 2006.-1308329406) : CALL CWbemNamespace::GetObject
BSTR ObjectPath = StdRegProv
long lFlags = 0
IWbemClassObject ** pObj = 0x228F938
(Tue Feb 14 00:46:58 2006.-1308329390) : CALL
CWbemNamespace::ExecMethod
BSTR ObjectPath = StdRegProv
BSTR MethodName = CheckAccess
long lFlags = 0
IWbemClassObject * pIn = 0x1E39508
(Tue Feb 14 00:46:58 2006.-1308329390) : CALL
CWbemNamespace::ExecMethodAsync
BSTR ObjectPath = StdRegProv
BSTR MethodName = CheckAccess
long lFlags = 0
IWbemClassObject * pIn = 0x1E39508
(Tue Feb 14 00:46:58 2006.-1308329375) : CALL CWbemNamespace::GetObject
BSTR ObjectPath = StdRegProv
long lFlags = 0
IWbemClassObject ** pObj = 0x104F938
(Tue Feb 14 00:46:58 2006.-1308329375) : Error 80041003 occured
executing request for CheckAccess
(Tue Feb 14 00:46:58 2006.-1308329375) : CAsyncReq_ExecMethodAsync,
Path= StdRegProv, Method=CheckAccess, args=
instance of __PARAMETERS
{
hDefKey = 2147483649;
sSubKeyName = "Control Panel\\International";
uRequired = 1;
};
in namespace root\default using flags 0x0
Obviously, 80041003 is WBEM_E_ACCESS_DENIED - Current user does not have permission to perform the action.
I have looked at the permissions on the Control Panel\International key and it looks like the user has the appropriate permissions, Full Control & Read. Are there other permissions that are required Am I missing something
Thanks in advance for your assistance!
Access to Stdregprov
FluffyKO
OK, I have some new information on this. When initially running the script, we were not logged in as the local Administrator. We logged off and logged on as Administrator and the code worked fine. I checked the permissions on the registry and they were fine, just as before. We then logged off of Administrator and then back on as our 'regular user', and the process started failing again with the Access Denied error.
Now here is the kicker, the process that is running is a 'behind the scenes monitoring process'. It does not interact with whoever is logged in, so I am not sure why this is occurring. When I check the process, it says it is running as Administrator in task manager.
If anyone has any thoughts, I am all ears!
Thanks!