Old 28th July 2009, 23:01   #1
ronca
Junior Member
 
Join Date: Aug 2008
Posts: 13
Exclamation EnumUsersReg works in (XP) SP2 but not in SP3

I am trying to add a registry key for all current LOCAL users (no domain). It works in Windows XP SP2 but not in SP3.

What gives?

My Windows XP SP3 test machine has NOTHING installed and has only two logon accounts defined: 'Admin' (administrator account) and 'Limited' (limited account).

I visually inspected the registry:

1. When logged in as Admin I can see its own HKU hive and the HKU hives of some other predefined accounts (probably the Local System, Local Service and Network Service SIDs) - but I cannot see the HKU hive of Limited.

2. When logged in as Limited, I can see the HKU hive of Limited but not Admin's (this is OK, this is expected and desired).

This means that the "problem" is not really in EnumUsersReg but in Windows XP SP3.

This is probably a security improvement (thus "problem" in double quotation marks) but for me this is a real problem as it renders EnumUsersReg useless and meaningless for what I am trying to achieve.

Is there a workaround for this?

Suggestions? Ideas?

Thanks!
ronca is offline   Reply With Quote
Old 29th July 2009, 00:29   #2
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,434
You aren't going to see the Limited hive when on Admin unless you are logged into Limited at the same time.

Anyway, EnumUsersReg uses the RegLoadKey API to load the account hives into HKEY_USERS and that API requires the SE_RESTORE_NAME and SE_BACKUP_NAME privileges, both of which are only available to users which have administrator privileges.

Sure you aren't just trying to run your install from a limited account?

Stu
Afrow UK is offline   Reply With Quote
Old 29th July 2009, 02:24   #3
ronca
Junior Member
 
Join Date: Aug 2008
Posts: 13
Quote:
Originally posted by Afrow UK
Sure you aren't just trying to run your install from a limited account?
I am 100% sure. I can tell you, however, that your question prompted me to double-check again and I discovered something interesting about 'Admin': It is not the "Built-in account for administering the computer/domain". The built-in administrator account is named 'Administrator' and it is a member of one group only, the built-in 'Administrators'.

'Admin', on the other hand, is a member of two built-in groups: 'Administrators' and 'Users'.

'Limited' is a member of one group only, the built-in 'Users'.

Does this mean that a "true" administrator cannot belong to both 'Users' and 'Administrators' at the same time?


Quote:
Originally posted by Afrow UK
You aren't going to see the Limited hive when on Admin unless you are logged into Limited at the same time.
But in SP2 it worked without being logged into Limited at the same time. Can you explain this?


Quote:
Originally posted by Afrow UK
Anyway, EnumUsersReg uses the RegLoadKey API to load the account hives into HKEY_USERS and that API requires the SE_RESTORE_NAME and SE_BACKUP_NAME privileges, both of which are only available to users which have administrator privileges.
If a user has administrator privileges and uses the the RegLoadKey API to load the account hives into HKEY_USERS, does that create the "effect" of that account being logged in?

Thanks!
ronca is offline   Reply With Quote
Old 29th July 2009, 11:30   #4
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,434
The Users group will list all users of a local machine including Administrator users. I'm assuming this is XP Professional and not XP Home?

When a user logs in it loads their registry hive to HKEY_USERS. This is what EnumUsersReg does too except of course HKEY_CURRENT_USER remains the same.

You should put in a MessageBox after the call to LookupPrivilegeValue to see what $R0 is. It should be 0 on failure.

Stu
Afrow UK is offline   Reply With Quote
Old 24th September 2010, 09:23   #5
Netsurfer24
Senior Member
 
Join Date: Aug 2010
Posts: 104
Quote:
Originally Posted by Afrow UK View Post
You should put in a MessageBox after the call to LookupPrivilegeValue to see what $R0 is. It should be 0.
See: http://msdn.microsoft.com/en-us/libr...=VS.85%29.aspx
Quote:
Return Value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError.
Gunther
Netsurfer24 is offline   Reply With Quote
Old 24th September 2010, 10:06   #6
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,434
Post edited.

Stu
Afrow UK is offline   Reply With Quote
Old 24th September 2010, 15:04   #7
ronca
Junior Member
 
Join Date: Aug 2008
Posts: 13
Wow. This was very long ago. I remember I solved the problem eventually but I don't remember exactly how. I think I placed SetShellVarContext current just before running EnumUsersReg and that solved the problem.
ronca is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump