0

I'm using the following code to disable task manager :

RegistryKey regKey;
string subKey = @"Software\Microsoft\Windows\CurrentVersion\Policies\System";

        
regKey = Registry.CurrentUser.CreateSubKey(subKey);
regKey.SetValue("DisableTaskMgr", 1);
regKey.Close();

My program is running with admin rights. When I run it on non-admin user (I enter the password of an admin user to run it), it doesn't work (the registry key is created successfully, but task manager isn't disabled). When I run it on admin user, it does work.

Does anyone have a solution for this?

Lior v
  • 464
  • 3
  • 12
  • 2
    The admin process has the admin registry as Registry.CurrentUser, so you are editing the admin's registry, not the standard user. (If it were the standard user's registry, then you would have an injection vulnerability because the standard user could do things like set AutoRun to something malicious.) – Raymond Chen Apr 04 '23 at 03:58
  • So there's no way to edit standart registry from admin process? – Lior v Apr 04 '23 at 10:48
  • 2
    You can. You just can't use CurrentUser to do it. You have to go to Registry.Users + the user whose registry you want to edit. – Raymond Chen Apr 04 '23 at 13:21
  • Does this answer your question? [Edit registry key of other user](https://stackoverflow.com/questions/6564153/edit-registry-key-of-other-user) – Charlieface Apr 09 '23 at 12:16
  • I was trying to edit the registry of the current user (my program is running as administrator), while the question you linked deals with editing registry of another user. – Lior v Apr 09 '23 at 12:44
  • There are two users. The original user who requested elevation. And the administrator that ends up running the program. Since you want to edit the original user's registry from the administrator user's program, that counts as editing the registry key of another user. The other user is the original user. – Raymond Chen Apr 09 '23 at 13:44

1 Answers1

1

I have solved the issue thanks to @RaymondChen comment.

ManagementObjectSearcher searcher = new ManagementObjectSearcher(
            "SELECT UserName FROM Win32_ComputerSystem");

        ManagementObjectCollection collection = searcher.Get();
        string username = (string)collection.Cast<ManagementBaseObject>().First()["UserName"];
        NTAccount account = new NTAccount(username);
        SecurityIdentifier securityIdentifier = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
        string sid = securityIdentifier.ToString();

        string subKey = $@"{sid}\Software\Microsoft\Windows\CurrentVersion\Policies\System";

        RegistryKey regKey = Registry.Users.CreateSubKey(subKey);
        regKey.SetValue("DisableTaskMgr", 1);
        regKey.Close();
Lior v
  • 464
  • 3
  • 12
  • "In a terminal services session, UserName returns the name of the user that is logged on to the console not the user logged on during the terminal service session." You want the user that is logged onto the session. Note also that the supported way of disabling Task Manager is through Group Policy, not by editing the registry. – Raymond Chen Apr 09 '23 at 13:50