即使用户具有管理权限,应用也无法写入注册表 [英] App is unable to write to the registry, even though the user has administrative privileges
问题描述
我正在使用Visual Studio 2010,并且正在编写一个程序,该程序需要在 该程序基于.NET 2.0,到目前为止,它可以在64位Windows 7上运行。这是我的剧本: 我在运行Visual Studio 2010时遇到的问题是它将运行应用程序,但以我,我是本地管理员组的用户和成员。.但是,我无法创建密钥(尽管我是本地管理员组的成员,但有权这样做)。我也不知道该怎么做才能作为登录名(但那也不是我想要的,因为那以后我会将Adminuser和密码放在代码中,并且我已经是admin ??为何选择??) 如果根本不可能,是否有创建注册表项的选项? 以某种方式将它们添加到项目中? ?..我在这里有点困惑。 只是因为您以管理员身份运行(或使用具有管理权限的帐户特权)并不意味着这些管理特权始终有效。这是一项安全措施,可以防止恶意软件利用具有管理特权的用户一直愚蠢地使用计算机的用户。 要行使管理特权,您需要提升过程。有两种方法可以做到这一点: 使用清单来表明您的应用程序需要管理特权,因此在启动时要求提升权限。 这意味着您的应用程序将始终以高权限运行,并且仅在您的应用程序需要时才使用。例如,Windows注册表编辑器(RegEdit)会这样做,因为在没有管理特权的情况下您几乎无能为力。 查找有关如何完成此操作的信息在MSDN上或在我的回答。基本上,您只想在清单中添加以下行: 如果您仅需要某些任务的管理特权(即,将特定设置保存到注册表),而应用程序的其余部分不需要它,则应启动一个新的提升过程来执行此操作。无法暂时提升当前流程,因此您实际上需要剥离一个新流程。 此方法的优点是您的应用程序不必始终以管理特权运行(这提高了安全性),并且没有管理特权的用户仍然可以运行您的应用程序来执行其他所有操作(即,除了需要提升的一项或两项任务之外的所有操作)。 您剥离了一个单独的进程,该进程仅包含使用 当然,正如其他答案所提到的那样,应用程序的设计很可能是不正确的。 Windows安全模型的全部逻辑是常规应用程序不需要要求管理特权。他们不需要写注册表或做其他可能危害计算机的事情。如果您需要保留设置,我是否可以建议其他两种可能的方法: 认识到Windows确实是多用户操作系统并仅为当前用户编写设置。无论如何,这很有意义,因为不同的用户通常具有不同的设置和首选项。您可能想使用 通过使用内置的逻辑,完全避免了写入注册表的所有麻烦和复杂性.NET保留您的应用程序设置。开始阅读此处的答案,或此处 ,或在 MSDN 上了解如何执行此操作。我想说这是迄今为止最好的选择。不要自己编写复杂的代码来执行您所使用的框架已经内置的支持,从而轻松执行操作。 I am using Visual Studio 2010, and I'm writing a program that needs to set (and read) new registry values under The program is .NET 2.0-based and as for now it runs on Windows 7 64-bit. Here is my ocde: The problem I have when running Visual Studio 2010, is that it will run the app but logged on as me, I am a user and member of local admin group.. however I cannot create the key (despite I am part of local admin group, who have rights to do so). Neither do I know how to do it as a logon as (but its also not what I want since then I would put Adminuser and password inside the code, and I already am admin ?? so why ??) If this isn't possible at all, are there options for creating registry keys? Somehow add them to the project or so ??.. I am a bit confused here. Just because you're running as Administrator (or using an account with administrative privileges) does not mean that those administrative privileges are always in effect. This is a security measure, preventing malware from exploiting users who foolishly use their computer all the time with administrative privileges. To wield your administrative privileges, you need to elevate the process. There are two ways to do this: Use a manifest that indicates your application requires administrative privileges, and thus demand elevation at startup. This means your application will always run elevated and should only be used when your application needs this. The Windows Registry Editor (RegEdit), for example, does this, because there's little you can do there without administrative privileges. Find information about how to accomplish this here on MSDN, or in my answer here. Basically, you just want to add the following line to your manifest: If you only need administrative privileges for certain tasks (i.e., saving a particular setting to the registry) and the rest of your application does not require it, you should launch a new elevated process to do this. There is no way to temporarily elevate the current process, so you actually need to spin off a new process. The advantage of this method is that your application does not have to run with administrative privileges all the time (which increases security), and that users who do not have administrative privileges will still be able to run your app to do everything else (i.e., everything but the one or two tasks that do require elevation). You spin off a separate process that contains only the logic needed to write to the registry using the Of course, as other answers have mentioned, it is more likely that the design of your application is incorrect. The whole logic of the Windows security model is that regular applications to not require administrative privileges. They don't need to write to the registry or do other things that could potentially compromise the machine. If you need to persist settings, might I suggest two other possible approaches: Recognizing that Windows is indeed a multi-user operating system and writing your settings only for the current user. This makes good sense anyway because different users often have different settings and preferences. Instead of the Skipping all of the hassle and complication of writing to the registry altogether by using logic built into .NET to persist your application's settings. Start reading the answers here, or here, or on MSDN to learn how to do that. I'd say that this is by far your best option. Don't write complicated code yourself to do something that the framework you use already has built-in support for doing with ease.
这篇关于即使用户具有管理权限,应用也无法写入注册表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! HKLM\Software\myapp 下设置(和读取)新的注册表值。 / p>
RegistryKey softwareKey = Registry.LocalMachine.OpenSubKey( Software,true);
RegistryKey MyKey = softwareKey.CreateSubKey( MyApp);
RegistryKey = MyKey.CreateSubKey( MyKey);
selfPlacingWindowKey.SetValue( instaldateperson,datestr + usrname);
< requestedExecutionLevel level = requireAdministrator />
Process 类和写入注册表的逻辑使用 runas 动词请求此过程的提升。有关更多信息,请参见此问题。我还写了答案,其中提供了如何从C#中完成此操作的完整说明,包括示例代码。
HKEY_CURRENT_USER ,而不是注册表的 HKEY_LOCAL_MACHINE 分支(需要访问管理权限)。将您的第一行代码更改为:
RegistryKey softwareKey = Registry.CurrentUser.OpenSubKey( Software,true);
HKLM\Software\myapp RegistryKey softwareKey = Registry.LocalMachine.OpenSubKey("Software", true);
RegistryKey MyKey = softwareKey.CreateSubKey("MyApp");
RegistryKey = MyKey.CreateSubKey("MyKey");
selfPlacingWindowKey.SetValue("instaldateperson", datestr + usrname);
<requestedExecutionLevel level="requireAdministrator" />
Process class and request elevation for this process using the runas verb. For more information, see this question. I have also written an answer that provides a complete description how to accomplish this from C#, including sample code.
HKEY_LOCAL_MACHINE branch of the registry (which requires administrative privileges to access), you would want to use HKEY_CURRENT_USER. Change your first line of code to: RegistryKey softwareKey = Registry.CurrentUser.OpenSubKey("Software", true);
