INFO: Taking Ownership of Registry Keys
Article ID: 111546
Article Last Modified on 11/21/2006
APPLIES TO
- Microsoft Win32 Application Programming Interface, when used with:
- Microsoft Windows NT Advanced Server 3.1
- Microsoft Windows 2000 Standard Edition
- Microsoft Windows XP Professional
This article was previously published under Q111546
SUMMARY
To take ownership of a registry key it is necessary to have a handle to the
key. A handle to the key can be obtained by opening the key with a registry
API (application programming interface) such as RegOpenKeyEx(). If the user
does not have access to the registry key, the open operation will fail and
this will in turn prevent ownership being taken (because a handle to the
key is required to change the key[ASCII 146]s security).
The solution to this problem is to first enable the TakeOwnership privilege
and then to open the registry key with WRITE_OWNER access as shown below:
RegOpenKeyEx(HKEY_CLASSES_ROOT,"Testkey",0,WRITE_OWNER,&hKey);
This function call will provide a handle to the registry, which can be used
in the following call to take ownership:
RegSetKeySecurity(hKey,OWNER_SECURITY_INFORMATION, &SecurityDescriptor);
Please note that you will need to initialize the security descriptor being
passed to RegSetKeySecurity() and set the owner field to the new owner SID.
Taking ownership of a registry key is not a common operation. It is
typically an operation that an administrator would use as a last resort to
gain access to a registry key.
Keywords: kbinfo kbregistry kbapi kbkernbase kbsecurity KB111546