4

There are possible duplicates to this question here and here, but they have never been answered sufficiently.

I had the pleasure of renaming a Users folder and had to change "a few" keys in the registry. This is done, but I am curious if one can automate this process. For this purpose I tried to traverse the registry tree like this:

using Microsoft.Win32;
using System;
using System.Collections.Generic;

namespace RegistryReplacer
{
    class Program
    {

        private static void printKey(RegistryKey key)
        {
                Console.WriteLine("{0} has {1} sub keys", key.Name, key.SubKeyCount);
        }

        private static void traverseKey(RegistryKey key)
        {
            using (key)
            {
                printKey(key);

                string[] subKeyNames = key.GetSubKeyNames();
                foreach(string subKeyName in subKeyNames)
                {
                    RegistryKey subKey = key.OpenSubKey(subKeyName);
                    traverseKey(subKey);
                }

            }
        }


        static void Main(string[] args)
        {
            List<RegistryKey> rootKeys = new List<RegistryKey> {
                Registry.LocalMachine,
                Registry.CurrentUser,
                Registry.ClassesRoot,
                Registry.CurrentConfig,
                Registry.Users
            };

            foreach (RegistryKey rootKey in rootKeys)
            {
                traverseKey(rootKey);
            }
        }
    }
}

I can traverse the roots of the tree (LocalMachine etc.), but when calling OpenSubKey on some keys (not all), I encounter

System.Security.SecurityException: 'Requested registry access is not allowed.'

I am running the application with administrator rights (using rightclick+"Run as administrator" or using this), but this does not help. This is on my personal machine (64bit Windows 10 Pro, Version 2004), I am administrator and have sufficient rights to change the registry via regedit.

What am I doing wrong?

Jerome Reinländer
  • 1,227
  • 1
  • 10
  • 26
  • 1
    I've had this before. I believe you need to specify the 2nd value for `OpenSubKey` to either be True or [#2 here I believe](https://learn.microsoft.com/en-us/dotnet/api/microsoft.win32.registrykeypermissioncheck?view=dotnet-plat-ext-3.1). They did this in the first question you linked, but they didn't have full Admin like you do. – Jimmy Smith Jul 24 '20 at 20:46
  • 1
    @JimmySmith The second parameter defines whether you need write access if I am not mistaken. So far I am only reading. – Jerome Reinländer Jul 24 '20 at 20:51
  • Odd - and you say it's not all, but only some registry keys? You're not on a network where Group Policies could be restricting some? – Jimmy Smith Jul 24 '20 at 20:54
  • @JimmySmith Yes, to both. The last output is `HKEY_LOCAL_MACHINE\SAM has 1 sub keys` and the buffer of my console is completely filled with messages, so it does actually manage to traverse quite a few keys. And I am on no network with group policies or anything similar. – Jerome Reinländer Jul 24 '20 at 21:03
  • Some keys can only be read when running as System account. You can do it for example using PsExec from sysinternals: `psexec -i -s c:\mypath\myprogram.exe` should work – Simon Mourier Jul 27 '20 at 11:07
  • @SimonMourier I can verify that in a few hours. You might want to post this as an answer though, so I can accept it. – Jerome Reinländer Jul 27 '20 at 11:23
  • @SimonMourier I can confirm that this solves the problem to some degree. I can access significantly more key, but still a lot of them are inaccessible. – Jerome Reinländer Jul 27 '20 at 20:20

1 Answers1

1

The issue is related to the registry key ownership - it is very likely has custom permissions and owned by SYSTEM, TrustedInstaller or some other account.

Here is a very good answer which explains issue in depth: https://superuser.com/a/493121.

So, you are doing everything correctly and it does not work as expected. "This is not a bug, this is a feature" (c)

fenixil
  • 2,106
  • 7
  • 13