morgon has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I would like to use a newly installed strawberry 5.12.1 to change registry permissions on Windows XP.

Can someone explain to me what Module to use for that (I know very little about Windows)?

I found a rather old Win32::Perms (http://www.roth.net/perl/perms/) that should do the trick, but it would not install using either cpan or ppm.

Is this module still the way to do it or has something else taken it's place in the meantime?

Many thanks!

Replies are listed 'Best First'.
Re: Changing registry permissions
by cdarke (Prior) on Nov 22, 2010 at 09:25 UTC
    Firstly, security on Windows is not for the faint-hearted.

    You might be able to use the module Win32::FileSecurity on a registry key. It allows you to create ALLOW Access Control Entries (ACEs) on the Discretionary Access Control List (DACL), using bit flags. Fortunately a function is provided (MakeMask) to construct the flag. The Get function puts the existing DACL into a hash, where the usernames are the keys and the values are the permission bit flags. This can then be altered or set using the Set function.
    There are also functions for interrogating and translating the existing DACL.

    If you require to create DENY ACEs then we have to use the Win32 API, either from the Win32::API modules, Win32::Security::ACL or using XS. Either way, we have to know a lot about Win32. Win32::Security::ACL comes with two scripts: PermDump.pl and PermChg.pl.

    However, the simpest way is to call an external program to do this for you, using, for example system. You can use the Microsoft command-line program cacls, which is fairly easy to use. It is documented in the online help (Windows XP) and at http://support.microsoft.com/kb/162786/en-us. For example:
    system("echo y|cacls gash.pl /E /G BUILTIN\\Users:R");

    [download]
    It may output a prompt (depending on the action) "Are you sure (Y/N)?", which is why we have the echo y| in the example (see http://support.microsoft.com/kb/135268). Alternatively use xcacls.exe from the Windows Resource Kit - this version does not prompt.

    At Windows Vista and Windows 7 the cacls program still works but is deprecated in favour of the more powerful icacls program.
[reply]
[d/l]
      Thanks for your reply.

      What I am doing is not (in the usual sense) security related - it is about a little Windows-activation hack that I want to use on some virtual machines.

      I can do it manually but I realized that I had no idea how to do it with Perl (it is for life that we learn), but then I don't want to go too deep into Windows security concepts just for that.

      So I guess I'll see if there is a way to install Win32::Perms manually...

[reply]
Re: Changing registry permissions
by locked_user sundialsvc4 (Abbot) on Nov 22, 2010 at 14:00 UTC

    “Security on Windows” is something that you possibly should not assume that a program can do at all.   (As the Windows community oh-so-slowly begins to figure out that it needs to use Windows’ many security features, it tends to over-react.)   In most cases that I have seen, when a program requires this-or-that registry changes to be done, particularly when those changes concern permissions on things, those changes are usually done by an installer, not by the program itself.   Maybe you should consider using a similar approach.

      More of your trademark, utterly meaningless "advice".

[reply]

        “Trademark” it may be, but “meaningless” it is not.   If you try to fiddle with registry-settings in non-installer programs, you might well find your program swatted-dead by some “anti-virus” bit-cop somewhere.   Here, for instance, if you run such a program ... the program dies, you get logged-off and the corp. security department has to be called to unlock your workstation.

Back to Seekers of Perl Wisdom