zodiacon / TotalRegistry

Total Registry - enhanced Registry editor/viewer
MIT License
1.38k stars 116 forks source link

HKEY_USERS registry keys inaccessible, Run as admin error, and HKLM inaccessible. #45

Closed David-Maisonave closed 1 year ago

David-Maisonave commented 2 years ago

Version: 0.96 I tried running the program in normal mode, but certain users under the HKEY_USERS keys were inaccessible.

HKEY_USERS_SubusersInaccessible

So I tried running the program with the "Run as Admin" option, but I got an error message "Failed to Load Kernel Driver".

FailedToLoadKernelDriver

After pressing OK, I was able to view the user's registry key.

HKEY_USERS_Accessible

When I run RegEdit in normal mode, all the HKEY_USERS keys are accessible.

RegEdit_HKEY_USERS_Accessible

When using the Powershell registry key format, the key is inaccessible. HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData

HKLM_inaccessible

If I enter it with the standard format it works. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData

  1. Can the error message be removed?
  2. Is there a way to have the program work more like RegEdit, where running in admin mode is not required for accessing these keys?
  3. Can the Powershell format be fixed? Maybe just have it automatically convert what's pasted to the standard format.

FYI: Thank you for adding the Book Mark feature! I'm testing a script that runs as another user, and it changes registries at user level and HKEY_LOCAL_MACHINE. With the book marks, it's so easy to move around.

zodiacon commented 2 years ago

I will remove the error message as I have disabled the driver for now. If you're an admin on your machine, RegEdit requires you to elevate, which is why you have access to those keys. I will add support for the Powershell format (good point). Thanks for the feedback!

David-Maisonave commented 2 years ago

If you're an admin on your machine, RegEdit requires you to elevate, which is why you have access to those keys.

I have Windows 11 Pro on my desktop computer. When I start RegEdit, I don't get an elevated prompt, but RegEdit still has access to all the users under HKEY_USERS.

On my Windows 11 laptop, when RegEdit starts, I get the following prompt: Win11_RegEditStartUpPrompt smaller

In either case I have access to all the users under HKEY_USERS. It seems RegEdit automatically elevates without prompting the user. I'm not sure how RegEdit does that, but it would be more consistent if TotalRegistry could behaves similar.

zodiacon commented 2 years ago

RegEdit uses the manifest entry called "highestAvailable" to ask for elevation if the user is a true admin. My goal is not to mimic Regedit. I think this Regedit behavior is not good, because it forces you to run it elevated, even if you don't want to.