CheckAccess method of the StdRegProv class

The CheckAccess method verifies that the user has the specified permissions.

This topic uses Managed Object Format (MOF) syntax. For more information about using this method, see Calling a Method.

Syntax

uint32 CheckAccess(
  [in]  uint32 hDefKey = HKEY_LOCAL_MACHINE,
  [in]  string sSubKeyName,
  [in]  uint32 uRequired = 3,
  [out] bool   bGranted
);

Parameters

hDefKey [in]

A registry tree, also known as a hive, that contains the sSubKeyName path. The default value is HKEY_LOCAL_MACHINE.

The following trees are defined in WinReg.h.

HKEY_CLASSES_ROOT (2147483648)

HKEY_CURRENT_USER (2147483649)

HKEY_LOCAL_MACHINE (2147483650)

HKEY_USERS (2147483651)

HKEY_CURRENT_CONFIG (2147483653)

sSubKeyName [in]

The key to be verified.

uRequired [in]

A parameter that specifies the access permissions to be verified. You can add these values together to verify more than one access permission. The default value is 3, KEY_QUERY_VALUE plus KEY_SET_VALUE. The following access permission values are defined in WinNT.h.

KEY_QUERY_VALUE (1)

Required to query the values of a registry key.

KEY_SET_VALUE (2)

Required to create, delete, or set a registry value.

3 (KEY_QUERY_VALUE | KEY_SET_VALUE)

Default value, allows querying, creating, deleting, or setting a registry value.

KEY_CREATE_SUB_KEY (4)

Required to create a subkey of a registry key.

KEY_ENUMERATE_SUB_KEYS (8)

Required to enumerate the subkeys of a registry key.

KEY_NOTIFY (16)

Required to request change notifications for a registry key or for subkeys of a registry key.

KEY_CREATE (32)

Required to create a registry key.

DELETE (65536)

Required to delete a registry key.

READ_CONTROL (131072)

Combines the STANDARD_RIGHTS_READ, KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY values.

WRITE_DAC (262144)

Required to modify the DACL in the object's security descriptor.

WRITE_OWNER (524288)

Required to change the owner in the object's security descriptor.

bGranted [out]

If true, the user has the specified access permissions.

Return value

In C++, the method returns a uint32 value that is 0 (zero) if successful. If the function fails, the return value is a nonzero error code that is defined in WinError.h. In C++, use the FormatMessage function with the FORMAT_MESSAGE_FROM_SYSTEM flag to get a generic description of the error. You can also look up return values under the WMI Error Constants.

In scripting or Visual Basic, the method returns an integer value that is 0 (zero) if successful. If the function fails, the return value is a nonzero error code that you can look up in WbemErrorEnum.

Remarks

The Registry Provider CheckAccess method allows you to determine whether the user of a script has a particular access right on a registry subkey or entry. The Registry Provider does not provide a way to list all of the access rights on a given subkey or entry, or to make any changes to the access rights.

This method returns false if you do not have appropriate permissions; the method also returns false if the parent key described in hDefKey does not exist.

Examples

The List Registry Key Access Rights VBScript sample uses WMI to check access rights for the logged on user to the HKLM\SYSTEM\CurrentControlSet portion of the registry.

The Robust Office Inventory Scan Tool (ROISCAN) is a VBScript script to inventory all Microsoft Office installations on the computer to aid in troubleshooting patch and product installation issues.

The following VBScript code example shows how to use the CheckAccess method to verify that the user has the right to read the values of the registry key:

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet

' Create constants for access rights and registry hive 
const KEY_QUERY_VALUE = &H0001
const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ 
                     strComputer & "\root\default:StdRegProv")

strKeyPath = "SYSTEM\CurrentControlSet"

' Does the account under which the script runs have the 
'    right to query the SYSTEM\CurrentControlSet key
objReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight
If bHasAccessRight = True Then
    Wscript.Echo "Has Query Value Access Rights on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet"
Else
    Wscript.Echo "No Query Value Access Rights on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet"
End If

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\default
MOF
RegEvent.mof
DLL
Stdprov.dll

See also

StdRegProv

Modifying the System Registry

WMI Tasks: Registry