_WinAPI_RegCreateKey( and ACL right

[loulou2522]

My profile is LOCAL administrator

I use the following code 

expandcollapse popup

#include <APIRegConstants.au3>
#include <Array.au3>
#include <MsgBoxConstants.au3>
#include <WinAPIError.au3>
#include <WinAPIReg.au3>
#include <WinAPIProc.au3>
#include <WinAPIFiles.au3>
#include <File.au3>


Local $sWow64 = ""
If @AutoItX64 Then $sWow64 = "\Wow6432Node"


$akey = "HKEY_LOCAL_MACHINE\SOFTWARE" & $sWow64 & "\Policies\Google\Chrome"
Msgbox(0,"",_RegGetAccess($akey) )

_RegSetAccess($akey)
toto($akey)

Exit

;Local $hKey = _WinAPI_RegOpenKey(HKEY_LOCAL_MACHINE, 'SOFTWARE' & $sWow64 & '\Policies\Google\Chrome', $KEY_QUERY_VALUE)
;If @error Then
;   MsgBox(BitOR($MB_ICONERROR, $MB_SYSTEMMODAL), @extended, _WinAPI_GetErrorMessage(@extended))
;  Exit
;EndIf

;Local $tData = DllStructCreate('int')
;_WinAPI_RegQueryValue($hKey, 'AlwaysOpenPdfExternally', $tData)
;_WinAPI_RegCloseKey($hKey)

;ConsoleWrite(DllStructGetData($tData,1) & @CRLF)

Func _RegSetAccess($a_key)
    RunWait(@scriptdir & 'SetACL.exe -on ' & $a_key & ' -ot reg -actn setowner -ownr "n:S-1-5-32-544"', '', @SW_HIDE)
    RunWait(@scriptdir & '\SetACL.exe -on ' & $a_key & ' -ot reg -actn ace -ace "n:S-1-5-32-544;p:full"', '', @SW_HIDE)
EndFunc   ;==>_RegSetAccess


Func _RegGetAccess($a_key)
    Local $a_file = _TempFile()
    RunWait(@ScriptDir & '\SetACL.exe -on ' & $a_key & ' -ot reg -actn list -lst "w:o;s:y" -bckp ' & $a_file, '', @SW_HIDE)
    If StringInStr(FileRead($a_file), 'Owner:S-1-5-32-544') Then Return True
    Return False
EndFunc   ;==>_RegGetAccess

Func toto($akey)
    Msgbox(0,"","Ligne 54")
    Local $aAdjust, $aPrivileges[2] = [$SE_BACKUP_NAME, $SE_RESTORE_NAME]
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    Msgbox(0,"",_WinAPI_GetLastErrorMessage ( ))


    If @error Or @extended Then
            Return 0
    EndIf
    Msgbox(0,"","Ligne 68")

    _WinAPI_AdjustTokenPrivileges($hToken, $aPrivileges, $SE_PRIVILEGE_ENABLED, $aAdjust)
    Msgbox(0,"",_WinAPI_GetLastErrorMessage ( ))
    If @error Or @extended Then
        Return 0
    EndIf
    Msgbox(0,"","Ligne 60")
    Local $hRoot = StringLeft($akey, StringInStr($akey, "\") - 1)
    Switch $hRoot
        Case "HKEY_LOCAL_MACHINE", "HKLM", "HKEY_LOCAL_MACHINE32", "HKLM32", "HKEY_LOCAL_MACHINE64", "HKLM64"
            $hRoot = $HKEY_LOCAL_MACHINE
        Case "HKEY_USERS", "HKU", "HKEY_USERS32", "HKU32", "HKEY_USERS64", "HKU64"
            $hRoot = $HKEY_USERS
        Case "HKEY_CURRENT_USER", "HKCU", "HKEY_CURRENT_USER32", "HKCU32", "HKEY_CURRENT_USER64", "HKCU64"
            $hRoot = $HKEY_CURRENT_USER
        Case "HKEY_CLASSES_ROOT", "HKEY_CLASSES_ROOT64", "HKCR"
            $hRoot = $HKEY_CLASSES_ROOT
        Case Else
            Return SetError(1, 0, 0)
    EndSwitch
    Local $Subkey = "\" & StringTrimLeft($akey, StringInStr($akey, "\"))
    Local $hKey = _WinAPI_RegOpenKey($hRoot, $Subkey, $KEY_CREATE_SUB_KEY)
    If @error Then
    MsgBox(BitOR($MB_ICONERROR, $MB_SYSTEMMODAL), @extended, _WinAPI_GetErrorMessage(@extended))
    Exit
EndIf
    Msgbox(0,"",_WinAPI_RegOpenKey($hRoot, $Subkey, $KEY_CREATE_SUB_KEY))
    Local $newKey = _WinAPI_RegCreateKey($hKey, $Subkey, $KEY_CREATE_SUB_KEY)
    _WinAPI_RegCloseKey($newKey)
    _WinAPI_RegCloseKey($hKey)
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)
EndFunc   ;==>toto

But htat"s dosen't work when writing registry i have the following message 

Edited December 13, 2019 by loulou2522

[Nine]

Try with #RequireAdmin

[loulou2522]

Yes but with #RequireAdmin you are obliged to make a response when launching programm and that's that i do'nt want 

 

[Shark007]

You cannot even touch the HKLM Key without Administrative Privileges.

#RequireAdmin is a must have.  SetACL use also requires administrative privileges

Edited December 13, 2019 by Shark007