0

I need some suggestions on knowing that, if i want to store some specific things like passwords or some secrets which should not be seen to all users under one administrator, it should be accessible to only administrator. Earlier i planned to store it in the registry in encrypted format, but even that doesn't seem to be safe coz it would be accessible to everyone.

Is there any other approaches to store stuff in some place in windows? Please suggest some ways.

Akshay SIngh
  • 3
  • 4

1 Answers1

1

You could use the DPAPI. It is a simple encryption and decryption method for sensitive data. It allows to limit access to encrypted data to a user or to a machine. It's as simple as this (taken from a sample on the linked page):

byte [] secret = { 1, 2, 3, 4, 1, 2, 3, 4, 1, 2, 3, 4, 1, 2, 3, 4 };
ProtectedMemory.Protect( secret, MemoryProtectionScope.SameLogon );
ProtectedMemory.Unprotect( secret, MemoryProtectionScope.SameLogon );

I'm not sure how well this would fit your requirements, the dpapi is as secure as a windows login password, once you're logged in you can decrypt the data (depending on the protection scope). See this SO question for a discussion.

Hintham
  • 1,078
  • 10
  • 29
  • I dont want to store it in each user's machine, i just want it to have even read-access also by administrator only. So where can i store it so that it will be hidden from all users apart from admin. – Akshay SIngh Sep 04 '18 at 11:02