|Subject:||security on registry keys|
|Posted by:||fp (mc8647__nnoossppaa…@mclink.it)|
|Date:||Thu, 03 Jan 2008|
I have got a problem that is driving me crazy.
On my HP laptop with XP Pro, as administrator I install PDFCreator and
VMWare server console. I then logout and reconnect as a simple user,
group "Users" and I 'm not able to use these programs.
If I do the same thing with PDFCreator on a freshly installed (and
completely patched) XP Pro, I can switch to other users and use the
programs with no problems. (I could not try vmware console)
Using sysinternal tools I see that both programs fail to read some
So I went with regedit and found that:
- on the HP laptop only administrator and system have "Special
privileges", not inherited
- on selfinstalled pc, authorization is given to Users (readonly),
PowerUsers (special), Adminisrator system admin creator owner (full
control), all inherited by CLASSES_ROOT
If I manually give read only access to users, program starts ok.
I askep HP support if they set some policies but they say no. I also
checked myself if some policies were set but I could not find anything.
I BELIEVE that some system wide setting masks some bits in the ACL
and/or auth fields in RegCreateKeyEx and similar functions, but could
not find any clear info on this subject.... it's like umask in unix
directories... a friend told me about an "inheritance" property...
Both systems use XP pro italian version, so it's also a problem to look
for informations because I don't know the english wordings..