Registry Scanning of Windows 7, Access Denied

pjtech · ‎02-02-2011

Currently using lansweeper 4.1, but I have also tried the following in the previous 4.0.0.1+ releases.

I have followed all of the instructions on the site in regards to opening everything up for WMI. I have made sure all the proper services are running. I can even connect to everyones registry remotely in regedit. I have also disabled the firewall on my Windows 7 system and set all sorts of permissions in regards to my WMI and the permissions for the winreg key have been set properly.

Also all these systems pass the Test Connection application in lansweeper, but here is the error log. I also know for a fact that the 3 registry keys I am attempting to scan for are valid on most if not all the systems.

02/01/2011 10:00:44: J39XXXX REGISTRY Access denied
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObject.InvokeMethod(String methodName, ManagementBaseObject inParameters, InvokeMethodOptions options)
at LansweeperService.MdlRegistry.LSRegistry(LSWComputer& mycomputer, String section, SqlConnection& sqlcon)

Hemoco · ‎02-03-2011

You can try procmon http://technet.microsoft.com/en-us/sysinternals/bb896645 to check for access denied errors while performing the scan.

View solution in original post

pjtech · ‎02-05-2011

XP and Windows 7 HKCU is a Reg Link to HKEY_Users, that does not surprise me, but in XP HKCU is actually readable remotely when called.. so why, why can I not set Windows 7 to act the same way?? I am tempted to create a new reg_link path to my SID and see if it works.

pjtech · ‎02-04-2011

Ok lansweeper appears to read the HKLM properly even on the Windows 7 systems that I have not touched much. I added a path via HKEY_USERS to the specific key I wanted to read on my Windows 7 system and it read it just fine, had to restart the lansweeper service each time after making changes though. So my big issue for the registry scanning to be useful is to find a way to check all paths directly under HKEY_USERS or for lansweeper to detect which user has last logged on to that system and for it to automatically place the proper SID into the path? Is this possible?

As an example
HKEY_USERS\{SID}\Software\Open Systems\AppName\ClientUpg\Upgrade

SID = S-1-5-21-1292428093-1525645564-3455 (Last user login or scan all user SIDs)

Of course the other alternative is to find out how XP creates their psuedo paths which actually allows the Remote Registry to link to the proper HKEY_Users\{SID} path automatically when a key for the HKEY_CURRENT_USER path is requested.

pjtech · ‎02-04-2011

Yes, all of my Windows 7 systems re-act the same way, however I have only applied various fixes and permissions to my registry specifically which is running Windows 7 Pro 64bit and it does not act different in any way than any other Windows 7 system. It all fails the lansweeper registry scan the same.

Has lansweeper been tested from a 32bit system like XP vs scanning registry keys on 64bit systems? I am wondering if I would have this same issue if I was to install lansweeper on a 64bit Windows 7 computer.

Hemoco · ‎02-04-2011

Do you have this with all windows 7 machines?
Maybe it's a corrupt wmi repository?

pjtech · ‎02-04-2011

Also I just added HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version to lansweeper and it still fails to read the information.

This is the VB script I am using to make sure that my computer is indeed allowing my registry paths to be read properly and while it fails for everything related to HKCU on Windows 7 (even though it passes for users logged into XP), the script does pass just fine on the HKLM paths for windows 7.

' Constants (taken from WinReg.h)
'
Const HKEY_CLASSES_ROOT   = &H80000000
Const HKEY_CURRENT_USER   = &H80000001
Const HKEY_LOCAL_MACHINE  = &H80000002
Const HKEY_USERS          = &H80000003

' Chose computer name, registry tree and key path
'
strComputer = "MyCOMPUTERName" ' Use . for current machine
hDefKey = HKEY_LOCAL_MACHINE
strKeyPath = "SOFTWARE\Microsoft\Internet Explorer"

' Connect to registry provider on target machine with current user
'
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

' Try to enum the subkeys of the key path we've chosen. We can't if the key doesn't exist
'
If oReg.EnumKey(hDefKey, strKeyPath, arrSubKeys) = 0 Then
  wscript.echo "Key exists!"
Else
  wscript.echo "Key does not exists!"
End If

pjtech · ‎02-04-2011

So if my only route is HKEY_Users, do I have wildcards or whatever it is called? So I can scan all SIDs?

pjtech · ‎02-04-2011

the key I am looking for is in HKEY_CURRENT_USER and it would appear that entire path is blocked on Windows 7 but not XP. From the best I can tell the permissions are the same..

Hemoco · ‎02-04-2011

pjtech wrote:
the key I am looking for is in HKEY_CURRENT_USER and it would appear that entire path is blocked on Windows 7 but not XP. From the best I can tell the permissions are the same..

HKEY_CURRENT_USER refers to the user doing the scanning (not to the logged on user)
most likely there is no profile for this user on the computer.

pjtech · ‎02-03-2011

I have installed procmon, had to actually remove kaspersky entirely for it to work right. I have been tracking svchost.exe and wmiprvse.exe on both the client and server, as well as the lansweeperservice.exe on the server. Everything has a result of Success with a few "Name not found" results, but no failures or Access denied errors.

Registry Scanning of Windows 7, Access Denied

New to Lansweeper?

Try Lansweeper For Free