I wrote an application that stores several things in the registry. When I first started, I added them to HKEY_LOCAL_MACHINE, but kept g开发者_如何转开发etting permission errors writing to the. So, it was suggested that I use HKEY_CURRENT_USER, that worked until I realized that I am not able to access them from another account. How can I write to the registry but allow all accounts to access read and write to it?
I used the Python module _winreg.
HKEY_LOCAL_MACHINE/Software/YourSoftware
, needs Admin permissions and is for install-time data, or HKEY_CURRENT_USER/Software/YourSoftware
, which is for data pertinent to this environment only (this user, this profile etc.)
EDIT: An alternative would be storing a config file and setting the right permissions at install time.
2nd EDIT: I've read in another comment that you want to be sure only your application modified some file, so you store the modification times. Workarounds:
- encrypt the file-not-to-be-modified, best is with a user-generated key
- make a service, install with a special user under which it runs, and make the permissions so, that only this service can access the file
My gut feeling says your requirement to modify a file only by your app, but under any account is very wrong but the more or less correct solutions have to impose additional complexity. Your decision: review your requirements and possibly your design, or add a layer of complexity and possibly cruft.
3rd EDIT: Split your app, have an admin application, which can with admin rights write to HKLM
and set the settings. Normal user rights should suffice to read HKLM
You'll either need admin permissions to write to HKLM, or settle for non-global reg keys. Behavior is going to vary somewhat between different versions of windows.
If you want to write to the registry so that all users can read it, you will need to run your program with administrator privileges.
You might be happier storing your information in a file instead, which will be easier to manage.
One other possibility would be changing the security on your HKLM keys to R/W for anyone. Although the idea that this is somehow security against modification seems a bit of a stretch.
Regedt32 has the ability to set the keys, so the underlying API must have it too.
All that said, this is a screwed up way to run an application and shows a sever lack of understanding of security and security models. (In other words, typical windows development.)
How did I get so cynical.....
精彩评论