Home » Forums » Symantec Products and Technologies » Application Packaging

HKLM\Software\Classes

HKLM\Software\Classes
Submitted by djscriptd on 5 June, 2008 - 10:34.

Hi all, I just joined so this is my first post.

There is an application that I'm distributing to a locked-down environment and the tester is getting errors. He has contacted the vendor and the vendor says they need write access to HKLM\Software\Classes. I did a search and found out that COM object information is stored here, but would I really have to have the entire classes key opened up for their application to write to it? Is this a common practice?

Thanks in advance.

set HKEy rights

erikw's picture
Submitted by erikw on 6 June, 2008 - 05:28.

Don't set rights on HKEY local machine.
set the rights on HKEY\.Default\classes.
That should do the job for you.
HKEY\.Default is transferred to the current user HKEY as a user logs on.

Regards
Erik
www.dvs4sbc.nl

Please explain that in detail

Submitted by emmy on 23 June, 2008 - 23:48.

Hi Erik,

I did not quite understand that.
can you please explain that in detail.

Thanks and Regards
Emmy

Find the reg keys which

Submitted by nandana on 9 July, 2008 - 07:30.

Find the reg keys which will get installed in to the location "HKLM\Software\Classes\" from your application and give write access to only those reg keys it should solve ur issue.

Tools

Submitted by cwitter on 9 July, 2008 - 10:43.

We also have computers that are very restricted. I find using tools such as regmon and filemon to be very helpful. These are both freely avaliable to download from Microsoft. They will give you all the keys and folders that the specific user cant access so you can change permissions. I usually run the app on a test vm as an administrator with the locked down user logged into the box. Hope this helps.

Craig

Tools

Submitted by vamsi on 23 July, 2008 - 10:53.

You can use Procmon also to find the process related information. Its also freedownload tool. you can find in Microsoft site.

Regards,
vamsi

How to troubleshoot your COM permissions trouble

looeee's picture
Submitted by looeee on 12 August, 2008 - 11:12.

@ericw: read this The .Default user is not the default user

@djscriptd
This is only my second post :)

What you have encountered is a program that is also a COM server. Some naughty programmers re-register their EXE files when they start up. They don't check to see if they are correctly registered first, they just do it anyway.

The chances are that your program is not writing to HKLM\Software\Classes but is actually writing to HKCR. A quick trick you can try is to make a duplicate the keys (you don't need any values) in HKCU. When the program needs to write the keys it will then have the rights to do so.

To find which keys are involved you should (as the other contributors here have suggested) download Process Monitor here
logged in as a test user, right click on process monitor, "run as" the admin user
run your program until you get the error
save the logfile in CSV format
open in Excel
go to Data->Filter->AutoFilter or on Excel2007 go to Data->Filter
In column C choose the program you are troubleshooting
In column G choose ACCESS_DENIED
You now know which key was troubling you
relax the permissions on the key
repeat until you know all the keys involved

Syndicate content