Board index » delphi » How to write hkey_local_machine without admin rights

How to write hkey_local_machine without admin rights

I am working on a utility that part of it will allow the user to set
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\Auto
AdminLogin\DefaultPassword so that NT can be logged onto automatically. The
problem with this is that if the password specified is a non administrator
you are in trouble because you can never get logged into NT as an
administrator to change it.

The simple solution is to advise the user not to put a non admin password
in, however I know this is not the best solution. I am hoping someone may
give me advice as to how if a non-admin password is entered I can write to
this registry key to change it while in NT as a non administrator. My
initial thoughts were to somehow have my utility operate with administrator
privileges even when a user account executes it, but I really don't have an
idea how to do this. Maybe there's a better way. Any advice would be
appreciated!

Eric

 

Re:How to write hkey_local_machine without admin rights


You're probably going to get a lot of flak on this decidedly "how do I
write a virus?" type of posting.  :-/  These registry keys are protected
on an NT-box for extremely good reasons.  Services can be installed that
run as administrators and thereby provide powers to users beyond what
they would normally have -- but most of the NT sysops that I know really
look asconce at any of them which require it.  They want each service to
log on under its own account, set up for the purpose, and to have access
to no more and no less than what this service must have.

If you -do- need to provide services to users, that require
administrative privileges, then your app should probably be a service,
and only the sysop can install it.  You really don't want to smack of
doing anything otherwise.  Sysops are getting burned so often by
internet pirates jumping through holes in IIS that they really get
gun-shy.

Quote
>Eric Paulson wrote:

> I am working on a utility that part of it will allow the user to set
> HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\Auto
> AdminLogin\DefaultPassword so that NT can be logged onto automatically. The
> problem with this is that if the password specified is a non administrator
> you are in trouble because you can never get logged into NT as an
> administrator to change it.

> The simple solution is to advise the user not to put a non admin password
> in, however I know this is not the best solution. I am hoping someone may
> give me advice as to how if a non-admin password is entered I can write to
> this registry key to change it while in NT as a non administrator. My
> initial thoughts were to somehow have my utility operate with administrator
> privileges even when a user account executes it, but I really don't have an
> idea how to do this. Maybe there's a better way. Any advice would be
> appreciated!

----------------------------------------------------------------------
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:i...@sundialservices.com  (PGP public key available.)

- Show quoted text -

Quote
> High-speed, script-driven, table repair/support for Paradox/BDE...
> ChimneySweep{tm}:  "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/cs3web.htm

Re:How to write hkey_local_machine without admin rights


I appreciate the reply, and I agree with you 100% (probably a bit of
ignorance and non-thought on my part in making my subject as it was)! I am
not trying to figure out how to get around NT security, but rather just
protect users of this application from getting themselves to the point where
they get themselves into trouble and can't administer NT at all. I guess
then what I really need to know is how to have my app be able to change this
specific key in the event of a mistake in making NT auto logon as a non
admin. I would prefer that maybe it could be like a Unix superuser type of
thing where as long as they know the admin login they could get back in and
fix it. I have been using Delphi for a while but I am getting into
unfamiliar territory, and I am not quite sure where to start. I have read a
bit on creating NT services, and maybe that's the way to go, although at
this point I am not sure how to go about it.

Quote
Sundial Services <i...@sundialservices.com> wrote in message

news:38489D3A.364C@sundialservices.com...
Quote
> You're probably going to get a lot of flak on this decidedly "how do I
> write a virus?" type of posting.  :-/  These registry keys are protected
> on an NT-box for extremely good reasons.  Services can be installed that
> run as administrators and thereby provide powers to users beyond what
> they would normally have -- but most of the NT sysops that I know really
> look asconce at any of them which require it.  They want each service to
> log on under its own account, set up for the purpose, and to have access
> to no more and no less than what this service must have.

> If you -do- need to provide services to users, that require
> administrative privileges, then your app should probably be a service,
> and only the sysop can install it.  You really don't want to smack of
> doing anything otherwise.  Sysops are getting burned so often by
> internet pirates jumping through holes in IIS that they really get
> gun-shy.

> >Eric Paulson wrote:

> > I am working on a utility that part of it will allow the user to set

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\Auto

- Show quoted text -

Quote
> > AdminLogin\DefaultPassword so that NT can be logged onto automatically.
The
> > problem with this is that if the password specified is a non
administrator
> > you are in trouble because you can never get logged into NT as an
> > administrator to change it.

> > The simple solution is to advise the user not to put a non admin
password
> > in, however I know this is not the best solution. I am hoping someone
may
> > give me advice as to how if a non-admin password is entered I can write
to
> > this registry key to change it while in NT as a non administrator. My
> > initial thoughts were to somehow have my utility operate with
administrator
> > privileges even when a user account executes it, but I really don't have
an
> > idea how to do this. Maybe there's a better way. Any advice would be
> > appreciated!

> ----------------------------------------------------------------------
> Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
> mailto:i...@sundialservices.com  (PGP public key available.)
> > High-speed, script-driven, table repair/support for Paradox/BDE...
> > ChimneySweep{tm}:  "Click click, it's fixed!" {tm}
> > http://www.sundialservices.com/cs3web.htm

Re:How to write hkey_local_machine without admin rights


I think the simplest solution is the best solution. I wasn't aware that the
auto login could be bypassed by holding down the shift key. I was always
under the impression that once auto login was set for a particular account,
that was it. I guess you learn something new every day. The best thing is
that I wouldn't think most people would want to auto login as an
administrator anyway, so as long as there is an easy way to get back in as
administrator when needed, this is even better.

Thanks for the reply and the very useful info!

Quote
David Rifkind <drifk...@acm.deleteme.org> wrote in message

news:Or324.302$s97.6879@news.uswest.net...
Quote
> On Fri, 3 Dec 1999 22:00:25 -0600, Eric Paulson wrote:
> >I am working on a utility that part of it will allow the user to set

>HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\Aut
o
> >AdminLogin\DefaultPassword so that NT can be logged onto automatically.
The
> >problem with this is that if the password specified is a non
administrator
> >you are in trouble because you can never get logged into NT as an
> >administrator to change it.

> It's not as bad as all that.  If you hold down Shift when the logon
> screen appears (either when starting up, or on logging out), it will
> bypass auto logon.

> >The simple solution is to advise the user not to put a non admin password
> >in, however I know this is not the best solution. I am hoping someone may
> >give me advice as to how if a non-admin password is entered I can write
to
> >this registry key to change it while in NT as a non administrator. My
> >initial thoughts were to somehow have my utility operate with
administrator
> >privileges even when a user account executes it, but I really don't have
an
> >idea how to do this. Maybe there's a better way. Any advice would be
> >appreciated!

> You can call LogonUser to generate an access token for a user with
> administrative privileges, then ImpersonateLoggedOnUser to run as that
> user while you access the registry.  See (all together now...) the Win32
> SDK help file.

> --
> "The privileged being which we call human is distinguished from other
> animals only by certain double-edged manifestations which in charity we
> can only call 'inhuman.'" -- Epiktistes

Other Threads