3

We have a Java Web Start application and are trying to store application configuration data using HKEY_LOCAL_MACHINE instead of HKEY_CURRENT_USER. We can get someone with admin rights to launch the app the first time and set the configuration, so that it will store the values in the registry successfully. Nevertheless, subsequent Vista users without admin privileges cannot seem to even read the values from the registry in HKEY_LOCAL_MACHINE.

Perhaps our approach is incorrect, and there is a better way to store application configuration data. Can anyone help?

Kevin Panko
  • 8,356
  • 19
  • 50
  • 61
Curtis Jones
  • 81
  • 1
  • 4

3 Answers3

4

Your program is likely being affected by registry virtualization.

If a 32-bit program attempts to write to the registry under HKLM\SOFTWARE and the permissions do not allow the write to succeed, then Virtualization kicks in. The program is told that the write was successful, and the data is actually written into HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE. Then, when a 32-bit program attempts to read from the registry, values from the VirtualStore folder are returned to the program. This way, the program is tricked into thinking it successfully wrote to a location that it does not have permissions for, and 32-bit programs continue to work under Vista / Windows 7 without changes.

Also, due to UAC, an admin user will be treated as if he was a non-admin user, unless the program in question is specifically launched to run with admin privileges. Installer programs must run with admin privileges so that they can write to the HKLM area.

Kevin Panko
  • 8,356
  • 19
  • 50
  • 61
  • I think I ran into this as well. 32-bit apps seemingly cannot read from HKLM (unless it's stuff that is stored in the VirtualStore you mention, then they can). So if you add it with regedit, then read it in 32-bit from HKLM, it is mysteriously absent...see also http://stackoverflow.com/questions/252297/why-is-regopenkeyex-returning-error-code-2-on-vista-64bit for another work around (use key_wow64_64key) – rogerdpack Jul 29 '11 at 16:49
  • 1
    I know I am reviving an old question but there needs to be a clarification. 32 bit application do have read access to HKLM values that have been written by other 32 bit applications (I actually have an application that does it). Under Windows 7, if you try reading `HKLM/SOFTWARE/my com/my app/my key`, you end up actually reading `HKLM/SOFTWARE/Wow6432Node/my com/my app/my key`. – gfrigon Oct 11 '14 at 00:40
1

I may be wrong, but non admin users don't have access to HKLM period. Read or write.

If possible, store your settings in HKCU. Have the app contain default settings and if the HKCU values are not found, then the defaults are used and stored in the registry. The user should then have the ability to change those values.

Kevin Panko
  • 8,356
  • 19
  • 50
  • 61
Joao Coelho
  • 2,838
  • 4
  • 30
  • 36
  • Thanks for answering. You have confirmed our suspicions that non-admin users don't have access to HKLM. Our dilemma is that there is nowhere to store the application config data unique to the organization implementing our software, that subsequent users (not the original installer) without admin privileges could read. We have achieved a work-around using the ALLUSERSPROFILE environment setting and writing app-config to the file instead of the registry. – Curtis Jones Apr 29 '10 at 14:36
1

You normally use java.util.Preferences to store application specific data on the client machine. On Windows machines this will behind the scenes be written into the Windows registry. Here's a Sun tutorial/guide and a more technical article about the subject.

If you'd like to get more access to the Windows registry, then you may find the jRegistryKey API useful, but this would of course work only when the webstart application is executed on Windows machines and not on Linux/Mac/etc. The java.util.Preferences API is more abstract in that.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • We are using ALLUSERSPROFILE and writing to a file store in it instead of the registry as a workaround. Is there anywhere in the registry to store the application config data unique to the organization implementing our software that subsequent users (not the original installer) without admin privileges could read? Or, is our approach to write to the ALLUSERSPROFILE environment folder a good approach. – Curtis Jones Apr 29 '10 at 14:42