Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't write some values to the registry - why?

Status
Not open for further replies.
CondorMan

CondorMan

Technical User
Joined
Jan 23, 2005
Messages
211
Location
GB
Hi everyone

I have XP Pro SP2 and have two accounts - one with Admin rights that I use rarely and the other with Limited rights that I use on a day-to-day basis. I came across a setting in the registry that I'd like to make for the Limited account, but it won't let me create it. It's at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and the name is <DontShowSuperHidden>, a REG_DWORD which may have the value 0 or 1. The problem is that I can get to the key but it won't let me add anything if I'm logged on with Limited rights.

I opened the command screen and used "runas /user:<name with Admin rights> regedit" and it opened the registry editor and I could then add the value that I wanted. I closed the registry editor and opened it normally (logged on with Limited rights then Start>Run>regedit) and the value wasn't there. I logged out and back in as the user with Admin rights and, sure enough, the value was shown there!

I can quite understand that if I'm logged on with Limited rights, I shouldn't be able to make any changes to HKLM, but how do I make changes to HKCU to apply to the Limited account? Is there any way of doing this whilst logged on with Admin rights? Logic says that I *may* have to change the rights of the current Limited account to have Admin rights, do the registry modification and then demote the rights back to Limited - but that seem very long-winded and there just has to be an easier way (surely???). Why didn't the runas ... trick work properly when I was logged on as the Limited user?

I thought that I had sussed the basics of the registry editor - but this has thrown me and I'm so frustrated now! What's the point of being able to access the registry editor and make some changes to HKCU but not others and, in particular, the change that I want to make?

Thanks for your time and patience.
 
Sort by date Sort by votes
Have you checked the Access Permissions are correct for the Key in question?

Permissions are covered in the Help file of RegEdit as an article. Basically you just right-click on a Key and access Permissions via the drop down menu.


Viewing and Manipulating the Registry

If you experimenting in the Registry, I hope you have backed up any keys before you changed them. See Import and Export in the RegEdit Help.

This is a good program to get hold of if you playing with the Registry.

Registry Backup and Restore for Windows NT/2000/2003/XP




What do you have in this location?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
@ShowSuperHidden


Is it a case of requiring a logoff and logon for the change to take place?
 
Upvote 0 Downvote
HKCU is rebuilt each time for a different login user. It is sort of registry symbolic link. When you issue ranas to change the yourself to running in different security context, you should step into HKU hive, identify the limited rights subkey and change the setting for the limited rights user's setting. That's what I would propose how to do it.
 
Upvote 0 Downvote
Thank you for the replies. I have some comments:

Firstly, to linney: when I saw your comments, I thought to myself "hits head"! I know about permissions in relation to registry but it never struck me as the cause of the problem. I'm the only user of the laptop and know that I haven't changed any of the permissions. I checked those for the Limited user at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionPolicies\Explorer and, sure enough, Read was checked but Full Control wasn't so I thought that I'd cracked it! I went to the account with Admin rights, changed the permission of the Limited user for the key to Full Control and then rebooted. I logged on as the Limited user and looked at the permission of the same key - the Full Control was *unchecked*, so allowing me only to Read the key!!! I even tried resetting the permission of the Policies key (as Explorer is a subkey of it) and this behaved in exactly the same way. I just wonder if this is a default within XP. Maybe something to do with this particular key, for some reason? Could you (or someone else who has an account with Admin rights and another with Limited rights) check to see if their XP Pro behaves in the same manner?

As a matter of interest, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
@ShowSuperHidden is either 0 or 1, depending upon whether Hide protected operating system files is checked in Windows Explorer. I realise that this is the way that I can hide or reveal them if I can get the "DontShowSuperHidden" trick to work because this removes the checkbox from the Windows Explorer dialogue.


Secondly to tsuji: I've looked at the HKU hive and there are several settings: .DEFAULT and a lot that I don't understand such as S-1-5-18, S-1-5-19, S-1-5-19_Classes etc. I couldn't see any of the subkeys as limited rights. I'm interested in chasing this further as it may be the way for me to access the HKCU in the Limited account that I need to change.

Thanks again for your time and patience.
 
Upvote 0 Downvote
For more information, see Well-Known Security Identifiers at the Microsoft Resource Kits Web site.



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Seems to have the same permissions as you describe for a Limited User. Maybe it is because there are Group Policies involved of which a Limited User has no right to set?

Have you played with Inheriting Permissions and not inheriting them on the Advanced tab? You can even look at Taking Ownership of the key if you want?
HOW TO: Take Ownership of a File or Folder in Windows XP (Q308421)

If you promote the Limited User to Administrative and make your amendments to the Registry, and then demote him back, I would have thought that having Read Permissions would suffice.
 
Upvote 0 Downvote
Thank you linney - at least I know what the S-1-5-X numbers are called now!

It's reassuring that you see the same permissions for a Limited user. Maybe there's something quirky about that particular key? I know that I can change HKLM (when logged on with Admin rights) which will make a laptop-wide change to remove the "Hide protected operating system files" checkbox from Windows Explorer>Tools>Folder Options>View. I'll look further into the Group Policies to see if I can find anything in there that I can tweak to my benefit. If so, I'll post back here.

I agree that a final step would be to promote then demote the Limited user account - but that does seem excessive to do something which seems as if it should be so straightforward!
 
Upvote 0 Downvote
As I said, it may be because a Limited User cannot set Policies?
 
Upvote 0 Downvote
Sure - I've noticed that I don't have access to Start>Run>gpedit.msc or secpol.msc when logged on as the user with Limited rights. I'll look into granting permission for that (albeit temporarily) as I assume that my account with Admin rights should be able to set that. I think that this would be easier than promoting then demoting the Limited rights account.
 
Upvote 0 Downvote
Would it be possable to log in the Admin account and change your user account to Admin, log back in as your user account and make your changes after your done log back in to the Admin account and reset your user account back to orginal.
 
Upvote 0 Downvote
I guess so, but I'd prefer to avoid that as it seems so "messy". I know that there are a lot of settings that can be made within HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and I'd like to take advantage of them for the user with Limited rights. For instance, I'd like to make it impossible for them to uncheck "Hide protected operating system files" in Windows Explorer>Tools>Folder Options>View. I can remove the checkbox - but need to be able to edit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Flinx
  • Locked
  • Question Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
3K
Flinx
Flinx
hamburg18w
  • Locked
  • Question Question
Task Host is Stopping the Shutdown
Replies
1
Views
1K
Ign3us
Ign3us
pjw001
  • Locked
  • Question Question
How to configure Bookmarks in Chrome
Replies
4
Views
963
pjw001
pjw001
Andrzejek
  • Locked
  • Question Question
How to Disable Google Chrome Password Manager
Replies
3
Views
1K
combo
combo
DTGMI
  • Locked
  • Question Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
1
Views
1K
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top