Search code examples
registrynsisaccess-control

Write to protected registry key

I am trying to write to a protected registry key on Windows 7/8:

Section "WriteToRegistry"
    # Give all authentificated users (BUILTIN\Users) full access on
    # the registry key HKEY_LOCAL_MACHINE\Software\Vendor\SomeApp
    AccessControl::GrantOnRegKey \
        HKLM "Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" "(BU)" "FullAccess"

    WriteRegStr HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" "ATExe" "mystring"
SectionEnd

I also tried: 

Section "WriteToRegistry"

    AccessControl::GetCurrentUserName "" "$0"

    Pop $0

    MessageBox MB_OK $0 ;mzelensky

    AccessControl::SetRegKeyOwner \
        HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" "ATExe" $0

    AccessControl::GrantOnRegKey \
        HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" "ATExe" "FullAccess"

    WriteRegStr HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" "ATExe" "mystring"

SectionEnd

And it does nothing. What is wrong?

Update This listing pops OK messages, but does not do anything actually:

Section "ProtectedRegistryKey"

    AccessControl::GetCurrentUserName

    Pop $0
    MessageBox MB_OK $0 ;Michael Zelensky

    AccessControl::SetRegKeyOwner \
        HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" $0

    Pop $2
    MessageBox MB_OK $2 ;ok

    AccessControl::GrantOnRegKey \
        HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" \
        "$0" "FullAccess"

    Pop $3
    MessageBox MB_OK $3 ;ok

    WriteRegStr \
        HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" \
        "ATExe1" "osk_1.exe"

    Pop $4
    MessageBox MB_OK $4 ;empty message

SectionEnd
Solution

  • You cannot include the value name "ATExe" in those parameters, registry permissions only apply to keys, not values.

    AccessControl::SetRegKeyOwner HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk"  $0

AccessControl::GrantOnRegKey HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\osk" $0 "FullAccess"

    You also need to pop the return value from those calls...

    I would also recommend that you try to restore the ownership to something sensible:

    !include LogicLib.nsh
AccessControl::SetRegKeyOwner HKCU "Software\Test" "NT SERVICE\TrustedInstaller"
Pop $0 
${If} $0 != "ok"
    Pop $0 ; Throw away error details
    AccessControl::SetRegKeyOwner HKCU "Software\Test" "(S-1-5-18)" ;NT AUTHORITY\SYSTEM
    Pop $0
    ${IfThen} $0 != "ok" ${|} Pop $0 ${|} ; Throw away error details
${EndIf}