Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User).
However The RegOpenKey to read the registry key under HKCU when I am in
the “Local System” account or context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey API fails
because of which I will not be able to read the registry key under HKCU
when I am in the “Local System” account or context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
-----Original Message-----
From: Santhosh Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING
SOLUTIONS)
Sent: Thursday, July 22, 2004 7:24 PM
To: ‘xxxxx@lists.osr.com’
Subject: Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey to read
the registry key under HKCU when I am in the “Local System” account or
context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
Spooler runs in system account and not in the logged in the user
account.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Santhosh
Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING SOLUTIONS)
Sent: Thursday, July 22, 2004 7:27 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey API fails
because of which I will not be able to read the registry key under HKCU
when I am in the “Local System” account or context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
-----Original Message-----
From: Santhosh Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING
SOLUTIONS)
Sent: Thursday, July 22, 2004 7:24 PM
To: ‘xxxxx@lists.osr.com’
Subject: Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey to read
the registry key under HKCU when I am in the “Local System” account or
context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@wipro.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
That is what I mean by “Local System” account.
I mean system account is “Local system” account.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vipin aravind
(WT01 - EMBEDDED & PRODUCT ENGINEERING SOLUTIONS)
Sent: Thursday, July 22, 2004 8:15 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Reading HKCU in Local System Account
Spooler runs in system account and not in the logged in the user
account.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Santhosh
Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING SOLUTIONS)
Sent: Thursday, July 22, 2004 7:27 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey API fails
because of which I will not be able to read the registry key under HKCU
when I am in the “Local System” account or context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
-----Original Message-----
From: Santhosh Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING
SOLUTIONS)
Sent: Thursday, July 22, 2004 7:24 PM
To: ‘xxxxx@lists.osr.com’
Subject: Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey to read
the registry key under HKCU when I am in the “Local System” account or
context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@wipro.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Oops sorry that was bit incomplete. Best thing is to spawn a process
which does the job and communicate back to the
Component in the spooler. Wait on the spawned process and once done,
checkout the memory mapped file where the results are put. Else you may
try to impersonate as logged in user and retreive the values. I haven’t
tried the impersonation myself,but that should work.
When I faced this problem I did the spawning. But what if you are
printing and rendering happens on the server, you are on for a toss!!
You will be accessing the registry of the server machine and not on the
machine where the print was initiated.Might be
ImpersonatePrinterClient(…) then, but still untried. I hope you have
thought of this remote rendering issue. I assume you are trying to
access the registry during rendering of the job.
Thanks
Vipin
[Post replies only in the newsgroup]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Santhosh
Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING SOLUTIONS)
Sent: Thursday, July 22, 2004 7:27 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey API fails
because of which I will not be able to read the registry key under HKCU
when I am in the “Local System” account or context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
-----Original Message-----
From: Santhosh Brahmappa (WT01 - EMBEDDED & PRODUCT ENGINEERING
SOLUTIONS)
Sent: Thursday, July 22, 2004 7:24 PM
To: ‘xxxxx@lists.osr.com’
Subject: Reading HKCU in Local System Account
Hi,
The spooler service on Windows NT runs in the “Local System” account.
From my GUI which is loaded by the spooler, I would like to read a
registry key under HKCU (Current User). However The RegOpenKey to read
the registry key under HKCU when I am in the “Local System” account or
context.
Can a “Local System” account read the reg keys / data under HKCU on
Windows NT / Windows 2000?
Regards,
Santhosh
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@wipro.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
You need to convert the name of the logged on user to a SID and then you can
access the registry hive as a subkey of HKEY_USERS.
Regards,
Daniel Terhell
Resplendence Software Projects Sp
xxxxx@resplendence.com
http://www.resplendence.com
wrote in message news:xxxxx@ntdev…
>Hi,
>
>The spooler service on Windows NT runs in the “Local System” account.
>From my GUI which is loaded by the spooler, I would like to read a
>registry key under HKCU (Current User).
>However The RegOpenKey to read the registry key under HKCU when I am in
>the “Local System” account or context.
>
>Question
>---------
>Can a “Local System” account read the reg keys / data under HKCU on
>Windows NT / Windows 2000?
>
>Regards,
>Santhosh
Note: accessing user settings via SID is not for the faint of heart.
Among other things to worry about: what if there are multiple “logged in
users” (either terminal services or XP fast user switching)? Also, test
carefully in the case where the user is logged into a domain, because
sometimes their SIDs are different when they are attached to the network
vs. not (if I’m remembering correctly from years ago when I tried this
trick). There can also be network delays in the domain case that cause
twitchy behavior related to this SID difference. I eventually gave up
trying to do this because of all the weird corner cases. Which is not to
say that a more patient person might not be able to do it :-).
If you were writing a kernel mode driver, I know the trick (have a
user-mode helper send an IOCTL to a top-level device object and you’ll
have access to HKEY_CURRENT_USER from there), but for services I’m not
sure what you’d do that would be equivalent. Probably spawn a process as
others have suggested.
Daniel Terhell wrote:
You need to convert the name of the logged on user to a SID and then you can
access the registry hive as a subkey of HKEY_USERS.Regards,
Daniel Terhell
Resplendence Software Projects Sp
xxxxx@resplendence.com
http://www.resplendence.comwrote in message news:xxxxx@ntdev…
>
>>Hi,
>>
>>The spooler service on Windows NT runs in the “Local System” account.
>
>>From my GUI which is loaded by the spooler, I would like to read a
>
>>registry key under HKCU (Current User).
>>However The RegOpenKey to read the registry key under HKCU when I am in
>>the “Local System” account or context.
>>
>>Question
>>---------
>>Can a “Local System” account read the reg keys / data under HKCU on
>>Windows NT / Windows 2000?
>>
>>Regards,
>>Santhosh
>
>
>
>
–
…/ray..
Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.
“Ray Trent” wrote in message
news:xxxxx@ntdev…
> Note: accessing user settings via SID is not for the faint of heart.
> Among other things to worry about: what if there are multiple “logged in
> users” (either terminal services or XP fast user switching)? Also, test
The OP said he had a GUI (which is running in the context of a user).
> carefully in the case where the user is logged into a domain, because
> sometimes their SIDs are different when they are attached to the network
> vs. not (if I’m remembering correctly from years ago when I tried this
> trick). There can also be network delays in the domain case that cause
> twitchy behavior related to this SID difference. I eventually gave up
> trying to do this because of all the weird corner cases. Which is not to
> say that a more patient person might not be able to do it :-).
> If you were writing a kernel mode driver, I know the trick (have a
> user-mode helper send an IOCTL to a top-level device object and you’ll
> have access to HKEY_CURRENT_USER from there), but for services I’m not
> sure what you’d do that would be equivalent. Probably spawn a process as
> others have suggested.
To avoid the stress of getting the user/domain names right with
LookupAccountName it is easier to do it the other way round by enumerating
all subkeys of HKEY_USERS, passing all the sids to LookupAccountSid and see
which one (best) matches your user.
Regards,
Daniel Terhell
Resplendence Software Projects Sp
xxxxx@resplendence.com
http://www.resplendence.com
>
> Daniel Terhell wrote:
>
> > You need to convert the name of the logged on user to a SID and then you
can
> > access the registry hive as a subkey of HKEY_USERS.
> >
> > Regards,
> >
> > Daniel Terhell
> > Resplendence Software Projects Sp
> > xxxxx@resplendence.com
> > http://www.resplendence.com
> >
> >
> >
> > wrote in message news:xxxxx@ntdev…
> >
> >>Hi,
> >>
> >>The spooler service on Windows NT runs in the “Local System” account.
> >
> >>From my GUI which is loaded by the spooler, I would like to read a
> >
> >>registry key under HKCU (Current User).
> >>However The RegOpenKey to read the registry key under HKCU when I am in
> >>the “Local System” account or context.
> >>
> >>Question
> >>---------
> >>Can a “Local System” account read the reg keys / data under HKCU on
> >>Windows NT / Windows 2000?
> >>
> >>Regards,
> >>Santhosh
> >
> >
> >
> >
>
> –
> …/ray..
>
> Please remove “.spamblock” from my email address if you need to contact
> me outside the newsgroup.
>
And to make it really easy he could just have his GUI write an arbitrary
value to HKCU and have his service find it back in HKU.
/Daniel
“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
>
> To avoid the stress of getting the user/domain names right with
> LookupAccountName it is easier to do it the other way round by enumerating
> all subkeys of HKEY_USERS, passing all the sids to LookupAccountSid and
see
> which one (best) matches your user.
>
> Regards,
>
> Daniel Terhell
> Resplendence Software Projects Sp
> xxxxx@resplendence.com
> http://www.resplendence.com
>
Sorry it looks like I instead did not read the message well, his GUI was
running under the system account. You were right about him having to worry
finding the logged on user.
/Daniel
Also look at RegOpenCurrentUser (XP and 2k only). This opens HKCU for
the user that a thread is impersonating.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
Sent: Thursday, July 22, 2004 12:48 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Reading HKCU in Local System AccountAnd to make it really easy he could just have his GUI write
an arbitrary value to HKCU and have his service find it back in HKU./Daniel
“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
>
> To avoid the stress of getting the user/domain names right with
> LookupAccountName it is easier to do it the other way round by
> enumerating all subkeys of HKEY_USERS, passing all the sids to
> LookupAccountSid and
see
> which one (best) matches your user.
>
> Regards,
>
> Daniel Terhell
> Resplendence Software Projects Sp
> xxxxx@resplendence.com
> http://www.resplendence.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@transat-tech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Thanks guys.
Looks like spawing a process and then reading the regkey would be a good
workaround for my problem.
Regards,
Santhosh
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chapman Mays
Sent: Friday, July 23, 2004 12:01 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Reading HKCU in Local System Account
Also look at RegOpenCurrentUser (XP and 2k only). This opens HKCU for
the user that a thread is impersonating.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
Sent: Thursday, July 22, 2004 12:48 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Reading HKCU in Local System AccountAnd to make it really easy he could just have his GUI write
an arbitrary value to HKCU and have his service find it back in HKU./Daniel
“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
>
> To avoid the stress of getting the user/domain names right with
> LookupAccountName it is easier to do it the other way round by
> enumerating all subkeys of HKEY_USERS, passing all the sids to
> LookupAccountSid and
see
> which one (best) matches your user.
>
> Regards,
>
> Daniel Terhell
> Resplendence Software Projects Sp
> xxxxx@resplendence.com
> http://www.resplendence.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@transat-tech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com