What registry access can you get without Administrator privileges?

by

In general, a non-administrator user has this access to the registry:

Read/Write to:

  • HKEY_CURRENT_USER

Read Only:

  • HKEY_LOCAL_MACHINE
  • HKEY_CLASSES_ROOT (which is just a link to HKEY_LOCAL_MACHINE\Software\Classes)

It is possible to change some of these permissions on a key-by-key basis, but it’s extremely rare. You should not have to worry about that.

For your purposes, your application should be writing settings and configuration to HKEY_CURRENT_USER. The canonical place is anywhere within HKEY_CURRENT_USER\Software\YourCompany\YourProduct\

You could potentially hold settings that are global (for all users) in HKEY_LOCAL_MACHINE. It is very rare to need to do this, and you should avoid it. The problem is that any user can “read” those, but only an administrator (or by extension, your setup/install program) can “set” them.

Other common source of trouble: your application should not write to anything in the Program files or the Windows directories. If you need to write to files, there are several options at hand; describing all of them would be a longer discussion. All of the options end up writing to a subfolder or another under %USERPROFILE% for the user in question.

Finally, your application should stay out of HKEY_CURRENT_CONFIG. This hive holds hardware configuration, services configurations and other items that 99.9999% of applications should not need to look at (for example, it holds the current plug-and-play device list). If you need anything from there, most of the information is available through supported APIs elsewhere.

More Related Contents:

  1. Detect whether Office is 32bit or 64bit via the registry
  2. What precisely does ‘Run as administrator’ do? [closed]
  3. How to pass in multiple file/folder paths via a right-click event (verb) to an executable?
  4. Reading 64bit Registry from a 32bit application
  5. How to elevate privileges only when required?
  6. Make Inno Setup installer request privileges elevation only when needed
  7. Windows is not passing command line arguments to Python programs executed from the shell
  8. Requested registry access is not allowed
  9. Java Error opening registry key
  10. Web browser control emulation issue (FEATURE_BROWSER_EMULATION)
  11. Windows 64-bit registry v.s. 32-bit registry
  12. Programmatically Set Browser Proxy Settings in C#
  13. Permission denied for relation
  14. Script to associate an extension to a program
  15. How to delete a registry value in C#
  16. Command line to remove an environment variable from the OS level configuration
  17. How can I tell if my process is running as Administrator?
  18. Avoid Registry Wow6432Node Redirection
  19. How to associate a program with a file type, but only for the current user?
  20. How to access the 64-bit registry from a 32-bit Powershell instance?
  21. Python code to read registry
  22. Reading the registry and Wow6432Node key
  23. How to create a Run As Administrator shortcut using Powershell
  24. Determine path to registry key from HKEY handle in C++
  25. Registry.LocalMachine.OpenSubKey() returns null
  26. How do I pass credentials to a machine so I can use Microsoft.Win32.RegistryKey.OpenRemoteBaseKey() on it?
  27. Filetype association with application (C#)
  28. Registry vs. INI file for storing user configurable application settings [closed]
  29. C#.NET: Acquire administrator rights?
  30. How do I get column datatype in Oracle with PL-SQL with low privileges?

Leave a Comment