I've read the rules, and I realize that I have to post some code so I can be returned with a "good version" of it concerning my problems. I truly agree with this rule.
I am developing a VB.NET application that is supposed to block the computer until the subject entered the correct password. It's not any malware or any kind of mean application, at least in my view, and it's only for me and a friend of mine whose youngest brother keeps changing things in his pc when he is not home.
My application works well, it is fullscreen and keeps the property TopMost true and blocks mouse input. But then there's a problem, where the subject could bring up the Windows Security Screen by pressing CTRL+ALT+DEL, open Task Manager and kill the process, so it would defeat the whole purpose of the application. So my application, changes some registry keys that disable the various options you can select in the Windows Security Screen.
Apart from that, everything works well, except that when I tested in my virtual machine that I use to test my applications, which gave me an error that I couldn't change registry key permissions. So I double-checked only to find out I was not the owner of the registry key, so I had to put myself owner manually and then it worked. The problem is that I need a way to do it programmatically, because applications cannot change the registry values if they don't have permission and they can't change the permissions if their owner is not the current user. I have researched for hours and haven't found anything about changing a registry key's owner, so I registered here to see if I could get some help.
Here's the code I am using:
Private Declare Sub AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As System.IntPtr, ByVal DisableAllPrivileges As Boolean, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Integer, ByVal PreviousState As System.IntPtr, ByVal ReturnLength As System.IntPtr) Private Declare Sub LookupAccountNameA Lib "advapi32.dll" (ByVal lpSystemName As String, ByVal lpAccountName As String, ByVal Sid As System.IntPtr, ByRef cbSid As Integer, ByVal lpReferencedDomainName As String, ByRef cchReferencedDomainName As Integer, ByRef peUse As Integer) Private Declare Sub SetNamedSecurityInfoA Lib "advapi32.dll" (ByVal pObjectName As String, ByVal ObjectType As Integer, ByVal SecurityInfo As Integer, ByVal psidOwner As System.IntPtr, ByVal psidGroup As System.IntPtr, ByVal pDacl As System.IntPtr, ByVal pSacl As System.IntPtr) <System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential, Pack:=4)> Private Structure LUID_AND_ATTRIBUTES Dim luid As Integer Dim attributes As Integer End Structure <System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential, Pack:=4)> Private Structure TOKEN_PRIVILEGES Dim privilegeCount As Integer Dim privilege1 As LUID_AND_ATTRIBUTES Dim privilege2 As LUID_AND_ATTRIBUTES End Structure Dim pNewOwner As System.IntPtr = System.Runtime.InteropServices.Marshal.AllocHGlobal(32) Private Sub Apply_Registry_Fixes() Dim tp As New TOKEN_PRIVILEGES tp.privilegeCount = 2 tp.privilege1.luid = 9 'SE_RESTORE_PRIVILEGE tp.privilege1.attributes = 2 tp.privilege2.luid = 18 'SE_TAKEOWNERSHIP_PRIVILEGE tp.privilege2.attributes = 2 Dim hToken As System.IntPtr = System.Security.Principal.WindowsIdentity.GetCurrent(System.Security.Principal.TokenAccessLevels.AdjustPrivileges Or System.Security.Principal.TokenAccessLevels.Query).Token AdjustTokenPrivileges(hToken, Nothing, tp, Nothing, Nothing, Nothing) LookupAccountNameA(Nothing, My.User.Name, pNewOwner, 32, Space(64), 64, Nothing) SetNamedSecurityInfoA(Microsoft.Win32.Registry.CurrentUser.Name & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", 1, 1, pNewOwner, Nothing, Nothing, Nothing) 'this works for files but not for registry keys :(/> Dim proc As New System.Diagnostics.Process proc.StartInfo.FileName = System.Environment.SystemDirectory & "\regini.exe" proc.StartInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden Dim temp_file As New System.IO.FileInfo(System.Environment.SystemDirectory.Substring(0, 3) & "test.tmp") System.IO.File.WriteAllText(temp_file.FullName, Microsoft.Win32.Registry.CurrentUser.Name & "\Software\Microsoft\Windows\CurrentVersion\Policies\System ") proc.StartInfo.Arguments = temp_file.FullName proc.Start() Do Until proc.HasExited Loop temp_file.Delete() Dim reg_key As Microsoft.Win32.RegistryKey = Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Software\Microsoft\Windows\CurrentVersion\Policies\System") reg_key.SetValue("DisableLockWorkstation", 1) reg_key.SetValue("DisableChangePassword", 1) reg_key.SetValue("DisableTaskMgr", 1) End Sub
Thanks in advance.