Set Access Control invalid registry read permissions.
Posted: Wed Mar 22, 2006 7:11 pm
I'm using Set Access Control to set read (only) permission for a registry key. The installed application is terminating due to insufficient permissions.
Apparently, Set Access Control is using an incorrect combination of ace permissions when read is specified without write.
Read should have the following ace permissions for a registry key:
KEY_QUERY_VALUE
KEY_ENUMERATE_SUB_KEYS
KEY_NOTIFY
READ_CONTROL
Instead, Set Access Control is assigning:
KEY_QUERY_VALUE
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_LINK
READ_CONTROL
KEY_CREATE_LINK is a write permission, not a read permission.
KEY_NOTIFY is a read permission which Set Access Control is not setting.
See attached screenshot.
File Attached:
PrintScreen4.doc
Apparently, Set Access Control is using an incorrect combination of ace permissions when read is specified without write.
Read should have the following ace permissions for a registry key:
KEY_QUERY_VALUE
KEY_ENUMERATE_SUB_KEYS
KEY_NOTIFY
READ_CONTROL
Instead, Set Access Control is assigning:
KEY_QUERY_VALUE
KEY_ENUMERATE_SUB_KEYS
KEY_CREATE_LINK
READ_CONTROL
KEY_CREATE_LINK is a write permission, not a read permission.
KEY_NOTIFY is a read permission which Set Access Control is not setting.
See attached screenshot.
File Attached:
PrintScreen4.doc