Remotely reading HKLM registry key

Discussion in 'Windows Vista Security' started by Jerry West, Nov 6, 2006.

  1. Jerry West

    Jerry West Guest

    I have been successful in reading the registry on remote Vista systems --for
    the most part. I have no trouble reading the HKCU keys. I can read most of
    the HKLM keys. However, I have found that some of the HKLM keys are not
    accessible for reading. For example, I can read any value within the
    following remote registry key:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

    But if I try to read any value within this remote registry key it fails with
    a permission error (5):

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    Another example...

    I can enumerate all of the remote registry keys below the following key:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

    But I cannot enumerate all of the remote registry keys below this key:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    I have checked the permissions of the keys in question and I see no
    difference between the keys I can read and the keys I cannot read.
    Obviously, I am admin on both machines or I wouldn't even have been able to
    read the remote keys that I am able to read. I have insured that when I
    access the keys that I pass only KEY_READ as the access parameter. This
    issue only occurs when reading the keys remotely. If I run my program on the
    local Vista system in question I have no issue reading ANY key within HKLM.

    Does anyone have a clue as to why only specific HKLM keys are being blocked
    and how to overcome that?

    Any input would be helpful.

    Jerry West, Nov 6, 2006
    1. Advertisements

  2. Hi Jerry,

    I'm not liking the sound of this (!), I also must be able to enum and
    read these keys for when we do profile migration and profile clean-up.
    Gerry Hickman, Nov 20, 2006
    1. Advertisements

  3. Jerry West

    Jerry West Guest

    I've yet to find a solution to this issue nor has anyone responded to my
    various posts on this matter in MSDN groups. If you discover something
    please do post that here!


    Jerry West, Nov 21, 2006
  4. There is a setting in the Local Security Policy named Network Access:
    Remotely accessible registry paths.
    This includes HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion which might
    explain why you are able to read that key but not the others.


    - Kurt
    Kurt Harriger, Nov 25, 2006
  5. Nevermind, this setting only applies to anonymous users which you definately
    don't want reading this key, so I don't know.

    - Kurt
    Kurt Harriger, Nov 25, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.