1

Let's say I want to change a registry key with the following script.

RegistryKey myKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Company\\SomeFolder", true);

if(myKey != null)
{
   myKey.SetValue("NameXYZ", "1", RegistryValueKind.String);
   myKey.Close();
}

The value is not changed because I don't have privileges. One way how to change the registry key value is to e.g. run VS with the admin privileges and then run the script. But is there a way how to set elevated privilage for any C# scripts (.csx) and then execute this script from e.g. VS with normal privileges?

H0ney
  • 55
  • 5
  • 1
    No, not really. Depends how you execute the script. If you do it from the C# Interactive Window then you must run VS elevated. If you do it with csi.exe then you must run a program that asks for elevation with its manifest or runas and let it start csi.exe. – Hans Passant Sep 11 '16 at 16:17

2 Answers2

0

To request elevation from Windows operating system, you have to include a manifest into your application:

<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">

        <!-- Leave the desired execution level here -->    
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel level="highestAvailable" uiAccess="false">

      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

The execution levels are defined as follows (taken from MSDN here):

  • asInvoker: The application will run with the same permissions as the process that started it. The application can be elevated to a higher permission level by selecting Run as Administrator.

  • highestAvailable: The application will run with the highest permission level that it can. If the user who starts the application is a member of the Administrators group, this option is the same as requireAdministrator. If the highest available permission level is higher than the level of the opening process, the system will prompt for credentials.

  • requireAdministrator: The application will run with administrator permissions. The user who starts the application must be a member of the Administrators group. If the opening process is not running with administrative permissions, the system will prompt for credentials.

Conclusion

To write values to the registry, you should probably include <requestedExecutionLevel level="requireAdministrator" /> in your manifest. But perhaps you shouldn't even write to HKEY_LOCAL_MACHINE but HKEY_CURRENT_USER (please refer to this answer).

Community
  • 1
  • 1
Franz Wimmer
  • 1,477
  • 3
  • 20
  • 38
-1

You can look into System.Security.Permissions as an attribute (sample below shown for file access)

 [PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
    public void load_From_Compressed_File()
    {
    }

MSDN on System.Security.Permissions You would want to check out specifically the registrypermissionattribute:

https://msdn.microsoft.com/en-us/library/system.security.permissions.registrypermissionattribute(v=vs.110).aspx

Shannon Holsinger
  • 2,293
  • 1
  • 15
  • 21