RegSaveKey returns ERROR_PRIVILEGE_NOT_HELD

Question

I'm trying to save the contents of a particular registry key to a file using the RegSaveKey() API:

HKEY key;
LRESULT result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"Software\\MyProduct", 0, KEY_ACCESS_ALL, &key);
result = RegSaveKey(key, L"c:\\temp\\saved.reg", NULL);

However, RegSaveKey() is returning ERROR_PRIVILEGE_NOT_HELD. The SDK documentation says that "The calling process must have the SE_BACKUP_NAME privilege enabled". The process is running as either a local administrator or as a service.

Any ideas?

score 8 · Answer 1 · edited May 19 '17 at 12:05

8

Despite running as a local administrator or as a service, you probably don't have the "Backup" privilege enabled by default. You'll need to enable this privilege before you try to save the registry key.

MSDN has a good example on how to enable a security privilege in C/C++: http://msdn.microsoft.com/en-us/library/aa446619(VS.85).aspx. If you include the sample function defined on that page, you can then just call:

HANDLE ProcessToken;

if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &ProcessToken)) {

    SetPrivilege(ProcessToken, SE_BACKUP_NAME, TRUE);

    // Save reg key now...
    ...
}

Alternatively, there's also a VB-based example on the wayback machine.

edited May 19 '17 at 12:05

sergiol

4,122
4
47
81

answered Dec 19 '08 at 19:53

reuben

3,360
23
28

1

Even after doing it, it fails! – sergiol May 19 '17 at 12:02
@sergiol: I found that you also need to enable the SE_RESTORE_NAME privilege. – GrahamS Jun 21 '17 at 18:04

score 3 · Answer 2 · answered Mar 02 '12 at 10:44

Note that SetPrivilege() of reuben's answer is user-defined, according to MSDN, the function body goes thus...

BOOL SetPrivilege(
    HANDLE hToken,          // access token handle
    LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
    BOOL bEnablePrivilege   // to enable or disable privilege
    )  
{
TOKEN_PRIVILEGES tp;
LUID luid;

if ( !LookupPrivilegeValue( 
        NULL,            // lookup privilege on local system
        lpszPrivilege,   // privilege to lookup 
        &luid ) )        // receives LUID of privilege
{
    printf("LookupPrivilegeValue error: %u\n", GetLastError() ); 
    return FALSE; 
}

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
    tp.Privileges[0].Attributes = 0;

// Enable the privilege or disable all privileges.

if ( !AdjustTokenPrivileges(
       hToken, 
       FALSE, 
       &tp, 
       sizeof(TOKEN_PRIVILEGES), 
       (PTOKEN_PRIVILEGES) NULL, 
       (PDWORD) NULL) )
{ 
      printf("AdjustTokenPrivileges error: %u\n", GetLastError() ); 
      return FALSE; 
} 

if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

{
      printf("The token does not have the specified privilege. \n");
      return FALSE;
} 

return TRUE;
}

RegSaveKey returns ERROR_PRIVILEGE_NOT_HELD

2 Answers2

Linked