Accessing the Registry on a remote computer

Question

4.00/5 (2 votes)

See more:

Hi,

I am trying to access the registry of a remote computer (windows 2003).
Following the remarks in the article:
http://msdn.microsoft.com/en-us/library/ms724840(v=vs.85).aspx
I used both Impersonation and WNetAddConnection2.

Here is my code:

C++

void ConnectRemoteRegistry(LPCSTR machine, LPWSTR wRemoteName, LPWSTR wUser, LPWSTR wPass, 

LPCSTR cUser, LPCSTR cPass, std::string keyName)
{
DWORD dwRetVal;
NETRESOURCE nr;
DWORD dwFlags;

// Zero out the NETRESOURCE struct
memset(&nr, 0, sizeof (NETRESOURCE));

// Assign our values to the NETRESOURCE structure.
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpRemoteName = wRemoteName;
nr.lpProvider = NULL;

// Assign a value to the connection options
dwFlags = CONNECT_UPDATE_PROFILE;
dwRetVal = WNetAddConnection2(&nr, wPass, wUser, dwFlags); 

if (dwRetVal == NO_ERROR)
    wprintf(L"Connection added to %s\n", nr.lpRemoteName);
else
    wprintf(L"WNetAddConnection2 failed with error: %u\n", dwRetVal);

HANDLE _token;

dwRetVal = LogonUserA(cUser, NULL, cPass, LOGON32_LOGON_NETWORK_CLEARTEXT, LOGON32_PROVIDER_DEFAULT, 

&_token);

if(dwRetVal != ERROR_SUCCESS)
{
    wprintf(L"LogonUserA failed with error: %u\n", dwRetVal);
}

dwRetVal = ImpersonateLoggedOnUser(_token);

if(dwRetVal != ERROR_SUCCESS)
{
    wprintf(L"ImpersonateLoggedOnUser failed with error: %u\n", dwRetVal);
}

HKEY root(HKEY_LOCAL_MACHINE);
HKEY r;
LONG rc = ::RegConnectRegistryA(machine, root, &r);

if (rc != ERROR_SUCCESS) 
{
    wprintf(L"RegConnectRegistryA failed with error: %u\n", dwRetVal);
}

HKEY key_handle;

rc = ::RegOpenKeyExA(r,keyName.c_str(), REG_OPTION_OPEN_LINK, 
KEY_QUERY_VALUE, & key_handle);

if (rc != ERROR_SUCCESS) 
{
    wprintf(L"RegOpenKeyExA failed with error: %u\n", dwRetVal);
}

RegCloseKey(r);
RevertToSelf();

dwRetVal = WNetCancelConnection2(nr.lpRemoteName, CONNECT_UPDATE_PROFILE, true);

if (dwRetVal != NO_ERROR)
    wprintf(L"WNetCancelConnection2 failed with error: %u\n", dwRetVal);
}

I am using a local administrator of the remote machine.
WNetAddConnection2 to c$ is completed successfully.
LogonUserA and ImpersonateLoggedOnUser are completed successfully.
RegConnectRegistryA is also completed successfully.
The problem is that RegOpenKeyExA returns 5 - access denied.

Can you please advise why that might be?

Thanks.

Posted 31-Jan-11 6:01am

Yael.Evron

Updated 31-Jan-11 19:54pm

JF2015

v4

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Yusuf · Answer 1 · 2011-01-31T06:34:00

Solution 1

Well the parameters you are passing don't seem right. Check MSDN [^]for details

from the documentation

MIDL

ulOptions
[in] Reserved; set to 0.
samDesired
[in] Not supported; set to 0.

your values

MIDL

RegOpenKeyExA(r,keyName.c_str(), REG_OPTION_OPEN_LINK,
KEY_QUERY_VALUE, & key_handle);

Posted 31-Jan-11 6:34am

Yusuf

Comments

Emilio Garavaglia 31-Jan-11 15:29pm

Comment from the OP:
You are right, the third parameter is wrong - thanks for that. Yet after fixing it, I still get the same result.

Dalek Dave 1-Feb-11 3:09am

Good Answer.

jean Davy · Answer 2 · 2011-01-31T21:48:00

Solution 3

So the problem comes from samDesired fourth parameter (try only STANDARD_RIGHTS_READ | KEY_QUERY_VALUE), and/or combination of third and fourth. I suggest that you read precisely Registry Key Security and Access Rights.[^] :((

Posted 31-Jan-11 21:48pm

jean Davy

Updated 31-Jan-11 21:51pm

v2

Yael.Evron · Answer 3 · 2011-02-01T03:27:00

OK. I resolved the issue (not related to the way accessing the registry).

The LogonUser function should be done with these parameters:
dwRetVal = LogonUserA(cUser, NULL, cPass, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50 , &_token);
Most important - the user name, should be the user name alone and NOT machineName\UserName.