{
	"id": "a1a6c6b0-ff82-46ca-8763-56b377d76a69",
	"created_at": "2026-04-06T03:37:12.251612Z",
	"updated_at": "2026-04-10T13:11:51.496835Z",
	"deleted_at": null,
	"sha1_hash": "da38a43c967b5da9da42a11876f26c63be81a194",
	"title": "Registry Key Security and Access Rights - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44070,
	"plain_text": "Registry Key Security and Access Rights - Win32 apps\r\nBy stevewhims\r\nArchived: 2026-04-06 03:20:05 UTC\r\nThe Windows security model enables you to control access to registry keys. For more information about security,\r\nsee Access-Control Model.\r\nYou can specify a security descriptor for a registry key when you call the RegCreateKeyEx or\r\nRegSetKeySecurity function. If you specify NULL, the key gets a default security descriptor. The ACLs in a\r\ndefault security descriptor for a key are inherited from its direct parent key.\r\nTo get the security descriptor of a registry key, call the RegGetKeySecurity, GetNamedSecurityInfo, or\r\nGetSecurityInfo function.\r\nThe valid access rights for registry keys include the DELETE, READ_CONTROL, WRITE_DAC, and\r\nWRITE_OWNER standard access rights. Registry keys do not support the SYNCHRONIZE standard access right.\r\nThe following table lists the specific access rights for registry key objects.\r\nValue Meaning\r\nKEY_ALL_ACCESS (0xF003F)\r\nCombines the STANDARD_RIGHTS_REQUIRED,\r\nKEY_QUERY_VALUE, KEY_SET_VALUE,\r\nKEY_CREATE_SUB_KEY, KEY_ENUMERATE_SUB_KEYS,\r\nKEY_NOTIFY, and KEY_CREATE_LINK access rights.\r\nKEY_CREATE_LINK (0x0020) Reserved for system use.\r\nKEY_CREATE_SUB_KEY\r\n(0x0004)\r\nRequired to create a subkey of a registry key.\r\nKEY_ENUMERATE_SUB_KEYS\r\n(0x0008)\r\nRequired to enumerate the subkeys of a registry key.\r\nKEY_EXECUTE (0x20019) Equivalent to KEY_READ.\r\nKEY_NOTIFY (0x0010)\r\nRequired to request change notifications for a registry key or for\r\nsubkeys of a registry key.\r\nKEY_QUERY_VALUE (0x0001) Required to query the values of a registry key.\r\nKEY_READ (0x20019)\r\nCombines the STANDARD_RIGHTS_READ,\r\nKEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and\r\nKEY_NOTIFY values.\r\nhttps://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN\r\nPage 1 of 2\n\nValue Meaning\r\nKEY_SET_VALUE (0x0002) Required to create, delete, or set a registry value.\r\nKEY_WOW64_32KEY (0x0200)\r\nIndicates that an application on 64-bit Windows should operate on the\r\n32-bit registry view. This flag is ignored by 32-bit Windows. For\r\nmore information, see Accessing an Alternate Registry View.\r\nThis flag must be combined using the OR operator with the other\r\nflags in this table that either query or access registry values.\r\nWindows 2000: This flag is not supported.\r\nKEY_WOW64_64KEY (0x0100)\r\nIndicates that an application on 64-bit Windows should operate on the\r\n64-bit registry view. This flag is ignored by 32-bit Windows. For\r\nmore information, see Accessing an Alternate Registry View.\r\nThis flag must be combined using the OR operator with the other\r\nflags in this table that either query or access registry values.\r\nWindows 2000: This flag is not supported.\r\nKEY_WRITE (0x20006)\r\nCombines the STANDARD_RIGHTS_WRITE, KEY_SET_VALUE,\r\nand KEY_CREATE_SUB_KEY access rights.\r\nWhen you call the RegOpenKeyEx function, the system checks the requested access rights against the key's\r\nsecurity descriptor. If the user does not have the correct access to the registry key, the open operation fails. If an\r\nadministrator needs access to the key, the solution is to enable the SE_TAKE_OWNERSHIP_NAME privilege\r\nand open the registry key with WRITE_OWNER access. For more information, see Enabling and Disabling\r\nPrivileges.\r\nYou can request the ACCESS_SYSTEM_SECURITY access right to a registry key if you want to read or write\r\nthe key's system access control list (SACL). For more information, see Access-Control Lists (ACLs) and SACL\r\nAccess Right.\r\nTo view the current access rights for a key, including the predefined keys, use the Registry Editor (Regedt32.exe).\r\nAfter navigating to the desired key, go to the Edit menu and select Permissions.\r\nSource: https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN\r\nhttps://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN"
	],
	"report_names": [
		"registry-key-security-and-access-rights?redirectedfrom=MSDN"
	],
	"threat_actors": [],
	"ts_created_at": 1775446632,
	"ts_updated_at": 1775826711,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/da38a43c967b5da9da42a11876f26c63be81a194.pdf",
		"text": "https://archive.orkl.eu/da38a43c967b5da9da42a11876f26c63be81a194.txt",
		"img": "https://archive.orkl.eu/da38a43c967b5da9da42a11876f26c63be81a194.jpg"
	}
}