INFO: RegSaveKey() Requires SeBackupPrivilege

 Last reviewed: June 26, 1997
Article ID: Q106383
The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API) included with: - Microsoft Windows NT versions 3.51, 4.0

SUMMARY

The description for RegSaveKey() states the following: 

   The caller of this function must possess the SeBackupPrivilege
   security privilege.
This means that the application must explicitly open a security token and enable the SeBackupPrivilege. By granting a particular user the right to back up files, you give that user the right only to gain access to the security token (that is, the token is not automatically created for the user but the right to create such a token is given). You must add additional code to open the token and enable the privilege.

MORE INFORMATION

The following code demonstrates how to enable SeBackupPrivilege: 

   static HANDLE           hToken;
   static TOKEN_PRIVILEGES tp;
   static LUID             luid;

   // Enable backup privilege.

   OpenProcessToken( GetCurrentProcess(),
      TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ;
   LookupPrivilegeValue( NULL, "SeBackupPrivilege", &luid );
   tp.PrivilegeCount           = 1;
   tp.Privileges[0].Luid       = luid;
   tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
   AdjustTokenPrivileges( hToken, FALSE, &tp,
      sizeof(TOKEN_PRIVILEGES), NULL, NULL );

   // Insert your code here to save the registry keys/subkeys.

   // Disable backup privilege.

   AdjustTokenPrivileges( hToken, TRUE, &tp, sizeof(TOKEN_PRIVILEGES),
      NULL, NULL );
Note that you cannot create a process token; you must open the existing process token and adjust its privileges.

The DDEML Clock sample has similar code sample at the end of the CLOCK.C file where it obtains the SeSystemTimePrivilege so that it can set the system time.

Keywords : BseRegistry BseSecurity
Version : 3.51 4.0
Platform : NT WINDOWS
Issue type : kbinfo

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: June 26, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.