Friday, January 14, 2011

Fix for Product Registration Problem on Win 7-64

A recent change in the NetScanTools Pro manifest (v10.98.1) allowing USER accounts to run the program had a negative side effect: there have been more people having trouble completing the registration process. This is due to the fact that we store information in a common area of the registry called HKEY_LOCAL_MACHINE (HKLM). It has been there for many years and is there because it can be accessed from any logged in user, ie. it is not user specific. Recently Windows 7 64 bit has been seen as strongly enforcing the 'read-only' status of this part of the registry causing our product registration process to fail. The workaround is to start the program using right-click 'Run as administrator'. This has worked for most people.

I spent a good deal of time this week looking for a better solution. I looked at storing the registration information in a common area, but that presents it's own problems. I found a suggestion on a forum that made sense and worked: Create the registry key in HKLM with read/write permissions for the EVERYONE group during installation. Why during installation? Because when an installer is run, it is run at higher privileges (administrator) than a normal user has.

So I have now modified the methods used to create the HKLM key during running of the installer so that the key has read/write privileges. This has been tested on all versions of Windows that NetScanTools Pro v10 supports: 7 down through 2000, also on Server 2003 and 2008. Now any privilege level user should be able to complete the registration process without a problem. You still need admin privs to install the software - I can't change that.

Along the way I learned a bit about SID, ACE, ACLs, security descriptors and how to apply them to registry items using SetSecurityDescriptorDacl, RegCreateKeyEx and RegSetKeySecurity. Complicated.

The installer for NetScanTools Pro v10.98.1 was modified to include this change and published on Jan 13, 2011 at 3:53pm Pacific Time.

No comments: