Archive: EnumUsersReg works in (XP) SP2 but not in SP3


EnumUsersReg works in (XP) SP2 but not in SP3
I am trying to add a registry key for all current LOCAL users (no domain). It works in Windows XP SP2 but not in SP3.

What gives?

My Windows XP SP3 test machine has NOTHING installed and has only two logon accounts defined: 'Admin' (administrator account) and 'Limited' (limited account).

I visually inspected the registry:

1. When logged in as Admin I can see its own HKU hive and the HKU hives of some other predefined accounts (probably the Local System, Local Service and Network Service SIDs) - but I cannot see the HKU hive of Limited.

2. When logged in as Limited, I can see the HKU hive of Limited but not Admin's (this is OK, this is expected and desired).

This means that the "problem" is not really in EnumUsersReg but in Windows XP SP3.

This is probably a security improvement (thus "problem" in double quotation marks) but for me this is a real problem as it renders EnumUsersReg useless and meaningless for what I am trying to achieve.

Is there a workaround for this?

Suggestions? Ideas?

Thanks!


You aren't going to see the Limited hive when on Admin unless you are logged into Limited at the same time.

Anyway, EnumUsersReg uses the RegLoadKey API to load the account hives into HKEY_USERS and that API requires the SE_RESTORE_NAME and SE_BACKUP_NAME privileges, both of which are only available to users which have administrator privileges.

Sure you aren't just trying to run your install from a limited account?

Stu


Originally posted by Afrow UK
Sure you aren't just trying to run your install from a limited account?
I am 100% sure. I can tell you, however, that your question prompted me to double-check again and I discovered something interesting about 'Admin': It is not the "Built-in account for administering the computer/domain". The built-in administrator account is named 'Administrator' and it is a member of one group only, the built-in 'Administrators'.

'Admin', on the other hand, is a member of two built-in groups: 'Administrators' and 'Users'.

'Limited' is a member of one group only, the built-in 'Users'.

Does this mean that a "true" administrator cannot belong to both 'Users' and 'Administrators' at the same time?


Originally posted by Afrow UK
You aren't going to see the Limited hive when on Admin unless you are logged into Limited at the same time.
But in SP2 it worked without being logged into Limited at the same time. Can you explain this?


Originally posted by Afrow UK
Anyway, EnumUsersReg uses the RegLoadKey API to load the account hives into HKEY_USERS and that API requires the SE_RESTORE_NAME and SE_BACKUP_NAME privileges, both of which are only available to users which have administrator privileges.
If a user has administrator privileges and uses the the RegLoadKey API to load the account hives into HKEY_USERS, does that create the "effect" of that account being logged in?

Thanks!

The Users group will list all users of a local machine including Administrator users. I'm assuming this is XP Professional and not XP Home?

When a user logs in it loads their registry hive to HKEY_USERS. This is what EnumUsersReg does too except of course HKEY_CURRENT_USER remains the same.

You should put in a MessageBox after the call to LookupPrivilegeValue to see what $R0 is. It should be 0 on failure.

Stu


Originally posted by Afrow UK
You should put in a MessageBox after the call to LookupPrivilegeValue to see what $R0 is. It should be 0.
See: http://msdn.microsoft.com/en-us/libr...=VS.85%29.aspx
Return Value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError.
Gunther

Post edited.

Stu


Wow. This was very long ago. I remember I solved the problem eventually but I don't remember exactly how. I think I placed SetShellVarContext current just before running EnumUsersReg and that solved the problem.