2

This error occurs 

''System.Security.SecurityException: Requested registry access is not allowed.
   at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)''

when I try to add a key to Registry. I mention that application requestedExecutionLevel is "requireAdministrator". It's a better ideea to enable ClickOnce security settings and leave requestedExecutionLevel ''asinvoker"?

This is the structure of the VB.NET code:

Try
[my code]
Catch sec As Security.SecurityException
         [another block of code]
Catch ex As Exception
         [another block of code]
End Try

Is it a better idea to use 'on error resume next' statement? Please explain to me why this error occurs?

VB.NET, Visual Studio 2008 (error occurs on Vindows Vista Ultimate x86 and Windows 7 Ultimate x64, and i was logged in on Administrator account)

Andrei20193
  • 429
  • 3
  • 9
  • 17
  • Are you asking why your exception isnt catched (which is strange) or how to configure your app that an exception is not thrown at all? – igrimpe Dec 19 '12 at 13:23
  • In which event do you try to set the registry key? – Steve Dec 19 '12 at 13:25
  • I ask why my exception isn't catched and how to solve that? ... And i don't understand the second question ... i Want to add a key to Registry, in Run section, so my application will start with Windows. the event is declared as Private Function add_startup_regkey() As Boolean – Andrei20193 Dec 19 '12 at 13:35
  • Try add_startup_regkey() Catch sec As Security.SecurityException [another block of code] Catch ex As Exception [another block of code] End Try – Andrei20193 Dec 19 '12 at 13:36
  • 1
    Don't use 'on error resume next'. That's legacy stuff left over from VB6 before exceptions were available. – Jason Tyler Dec 19 '12 at 17:28

1 Answers1

0

User Account Control (UAC) requires even administrator group accounts to elevate an application. That elevation must be granted by the user on application start by committing UAC dialog.

So you need to edit your app.manifest using

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

In case you don't want your application to trigger UAC on every start, you can outsource operations which require elevation to another executable and call it from your unelevated process like that

Dim elevatedProc As New Process
elevatedProc.FileName= "elevated.exe"
Try
elevatedProc.Start()
Catch ex As System.ComponentModel.Win32Exception
 MsgBox("Please commit UAC dialog")
End Try

A System.ComponentModel.Win32Exception is thrown if UAC dialog was not committed by the user.

Alternatively you can run your stuff inside a service running under system account, which would not trigger UAC at all.

nik
  • 1,471
  • 1
  • 12
  • 16
  • requestedExecutionLevel for my application is already "requireAdministrator" ... but error still occurs – Andrei20193 Dec 21 '12 at 08:58
  • And what about activating ClickOnce Security Settings? – Andrei20193 Dec 21 '12 at 08:58
  • I never used ClickOnce so can't tell how manifests are handled there. If you really want to use ClickOnce maybe someone else can help out. In case you don't need please make sure that your app.manifest is correct. Simply create a new project, go to project properties -> windows settings and just replace asInvoker with requireAdministrator in the manifest file. That should be enough to trigger UAC even in VS when debugging. I just mention that because enabling ClickOnce modifies app.manifest on it's own, so maybe there got something messed up. – nik Dec 21 '12 at 21:54
  • And of course the obvious: Check if administrator group has read/write access to desired registry key. Default it should have, but who knows... – nik Dec 21 '12 at 21:56