{"id":228,"date":"2007-04-17T16:36:12","date_gmt":"2007-04-17T14:36:12","guid":{"rendered":"https:\/\/alax.info\/blog\/228"},"modified":"2007-04-17T16:36:12","modified_gmt":"2007-04-17T14:36:12","slug":"managing-security-desciptors-in-registry","status":"publish","type":"post","link":"https:\/\/alax.info\/blog\/228","title":{"rendered":"Managing security desciptors in registry"},"content":{"rendered":"

As it is well known<\/a>, COM\/DCOM per-class launch<\/a> and access<\/a> permissions are stored in registry under HKEY_CLASSES_ROOT\\AppID key. However the permissions are stored in binary form (as a named REG_BINARY value) and thus not easy to read. DCOMCNFG (or MMC snap-in) is used to modify the values interactively but once one needs to update the values progammatically, he has to know the format.<\/p>\n

The binary value is a self-relative security descriptor<\/a>, written to registry as an array of bytes. ATL provides atlsecurity.h header file with handy security management classes including CSecurityDesc<\/a> to handle security descriptors. Among the methods, there are FromString<\/a> and ToString<\/a> which perform conversion between binary format of a self-descriptive security descriptor and Security Descriptor String Format<\/a>, which is a human friendly (more human friendly at least) representation of security descriptor. The conversion uses ConvertSecurityDescriptorToStringSecurityDescriptor<\/a> and ConvertStringSecurityDescriptorToSecurityDescriptor<\/a> API functions introduced with Windows 2000.<\/p>\n

\"17-image001.png\"<\/p>\n

<\/p>\n

The utility queries given registry binary value and converts to security descriptor string format.<\/p>\n

Partial (some header files are excluded, however the basic idea is clear) Visual C++.NET 2005 source code can be downloaded here<\/a>, compiled binary – here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

As it is well known, COM\/DCOM per-class launch and access permissions are stored in registry under HKEY_CLASSES_ROOT\\AppID key. However the permissions are stored in binary form (as a named REG_BINARY value) and thus not easy to read. DCOMCNFG (or MMC snap-in) is used to modify the values interactively but once one needs to update the… <\/p>\n

Read the full article<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,13,2],"tags":[],"class_list":["post-228","post","type-post","status-publish","format-standard","hentry","category-atl","category-source","category-utilities"],"_links":{"self":[{"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/posts\/228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/comments?post=228"}],"version-history":[{"count":0,"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/posts\/228\/revisions"}],"wp:attachment":[{"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/media?parent=228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/categories?post=228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alax.info\/blog\/wp-json\/wp\/v2\/tags?post=228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}