INFO: RegSaveKey() Requires SeBackupPrivilege

ID: Q106383

The information in this article applies to:

Microsoft Win32 Application Programming Interface (API) included with: - Microsoft Windows NT versions 3.51, 4.0

SUMMARY

The description for RegSaveKey() states the following:

   The caller of this function must possess the SeBackupPrivilege
   security privilege.

This means that the application must explicitly open a security token and enable the SeBackupPrivilege. By granting a particular user the right to back up files, you give that user the right only to gain access to the security token (that is, the token is not automatically created for the user but the right to create such a token is given). You must add additional code to open the token and enable the privilege.

MORE INFORMATION

The following code demonstrates how to enable SeBackupPrivilege:

   static HANDLE           hToken;
   static TOKEN_PRIVILEGES tp;
   static LUID             luid;

   // Enable backup privilege.

   OpenProcessToken( GetCurrentProcess(),
      TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ;
   LookupPrivilegeValue( NULL, "SeBackupPrivilege", &luid );
   tp.PrivilegeCount           = 1;
   tp.Privileges[0].Luid       = luid;
   tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
   AdjustTokenPrivileges( hToken, FALSE, &tp,
      sizeof(TOKEN_PRIVILEGES), NULL, NULL );

   // Insert your code here to save the registry keys/subkeys.

   // Disable backup privilege.

   AdjustTokenPrivileges( hToken, TRUE, &tp, sizeof(TOKEN_PRIVILEGES),
      NULL, NULL );

Note that you cannot create a process token; you must open the existing process token and adjust its privileges.

The DDEML Clock sample has similar code sample at the end of the CLOCK.C file where it obtains the SeSystemTimePrivilege so that it can set the system time.

Keywords          : kbAPI kbKernBase kbRegistry kbGrpKernBase 
Version           : 3.51 4.0
Platform          : NT WINDOWS
Issue type        : kbinfo

Last Reviewed: June 28, 1997