[THIN] Re: Can't write to HKey Local Machine nor Current User
- From: "Rick Mack" <ulrich.mack@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 24 Apr 2007 03:37:06 -0600
Hi Kirsten,
You've got a number of possible solutions to your problem.
The first is of course making your users local administrators which is a
really BAD idea because your servers will get hosed so fast your head will
spin.
The second is to run the servers is relaxed (NT 4 TSE compatible) security
mode. This adds the users to the terminal server user group which has
enhanced privileges to parts of the registry and file system. This isn't a
realgood idea either because it gives users the opportunity to install stuff
which can cause you real grief.
Next, you can use the windows sysinternals (www.sysinternals.com redirects
to appropaitae technet page) NT registry monitor (or process monitor) to see
what registry keys are being accessed (access denied errors for non-admins)
and deprotect the relevant keys using group policy, NOT just regedit.
The tidiest way to find out what's broke is to use a couple of components of
the application compatibility toolkit from Microsoft. The standard user
analyzer will let you run the app as an admin, and highlight all the
registry keys the app is trying write to. The application compatibility
administrator lets you apply an application compatibility fix,
LUARedirectReg which will redirect any HKLM write attempts to HKCU.
Go to www.msterminalservices.org and takea look at my article on the
application compatibility tool kit to get a bit more detail on how to do
this. Note the the standard user analyzer is now part of the V5 app compat
kit.
The last way you can do things if you're running Presentation Server 4
Enterprise, or 4.5 any flavour is to use AIE to redirect the registry write
attempts. This also works quite well and will resolve your problem.
regards,
Rick
--
Ulrich Mack
Commander Australia - the company I work for, no delusions of grandeur ;-)
On 4/24/07, Kirsten Mayer <kmayer@xxxxxxxxxx> wrote:
Hi,
I have a .exe and .dll installed on Windows Server 2003 for use by thin
clients using Terminal Services.
The thin client user logs into Lotus Notes (which is running on the
Server) which calls the .dll which runs the .exe and passes the .exe a
structure.
The .exe, amongst other things, tries to read and then write several keys
to both the HKey Local Machine and HKey Current User and this is where the
problem lies. The .exe only works when the thin client is given Admin
privileges to the Server; otherwise
Firstly, the .exe doesn't seem to find the Local Machine Keys (if not also
the Current User keys) when the .exe loads.
Secondly, the .exe it exits with the following message when it tries to
write to registry keys:
System.UnauthorizedAccessException: Access to the registry key is denied.
at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
at Microsoft.Win32.RegistryKey.SetValue(String name, Object value)
All Thin client users have been given permission to read and write to the
Local Machine and Current User keys.
The .exe works on Windows machines under the same scenario (called from
inside Lotus Notes which calls the .dll which runs the .exe etc.) whether
the user has Admin privileges or not.
Any ideas?
Many thanks,
_______________________________________________*
Kirsten Mayer**
Software Developer
E: kmayer@xxxxxxxxxx*
Other related posts:
