SLPS Protected Applications Throw Exceptions on Non-English Windows Operating Systems

This document explains how to create a registry key for an application protected by Microsoft Software Licensing and Protection Services (SLPS) that runs on non-English Microsoft Windows operating systems. You must have access to the Microsoft Visual Studio 2005 or later development system and administrator rights to successfully set the registry permissions when you execute the code provided in the Steps for Resolution section. 

 

Symptoms of the Problem 

During the development cycle, developers may see a System.Security.Principal.IdentityNotMappedException exception, with the message, "Some or all identity references could not be translated." during installation. This occurs when calling the ILicenseStore.ConfigurePermissions method where the built-in Users group name is localized. 

 

End users may see the error message: "Licensing storage is inaccessible. Please verify your permissions." 

 

Cause of the Problem 

There is an issue with the installation of SLPS-protected applications on non-English Windows operating systems. In some cases, permissions are set incorrectly on the SLPS license store registry branch (HKLM\Software\Microsoft\SLP Services). It occurs on non-English Windows operating systems when the ILicenseStore.ConfigurePermissions method is called and the built-in Users group name has been localized. 

 

This issue can cause applications to throw the exceptions mentioned earlier. SLPS protected applications store licenses and related information in the registry under the key, HKLM\Software\Microsoft\SLP Services. The HKEY_LOCAL_MACHINE (HKLM) location is specifically chosen to ensure that a license is visible to all users on the machine. 

 

Windows Vista Users: On Windows Vista, the key must be created in the non-virtualized HKLM hive. 

 

Note: Microsoft reserves the right to change the location of the registry key. 

 

Steps for Resolution 

Typically, an application must run with elevated permissions to be capable of writing to the HKLM hive. Since the majority of SLPS protected applications run with user permissions, it is necessary to change the permissions on the SLPS license store key (HKLM\Software\Microsoft\SLP Services) to enable any member of the built-in Users group to activate and use an SLPS-protected application. To achieve this, the SLPS runtime exposes an API, the ILicenseStore.ConfigurePermissions method, which is intended to set the permissions appropriately when called by a process with elevated permissions – typically an application’s installer program. 

 

The ILicenseStore.ConfigurePermissions method works by granting ReadKey, WriteKey, SetValue, CreateSubKey, and QueryValues permissions on HKLM\Software\Microsoft\SLP Services to the built-in Users group. 

 

This resolution describes how to work around this issue until the ILicenseStore.ConfigurePermissions method is fixed in a future release of SLPS. 

If non-English Windows operating system support is a critical requirement for your product, you can add code to your installation or other elevated process to set these permissions instead of using the ILicenseStore.ConfigurePermissions method. To work around this issue, call the following code before any other SLP Services-related code is invoked. 

 

[C#]

using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

namespace RegistryPermissions
{
    class Program
    {
        public static void Main()
        {
            try
            {
                // Translate 'Users' account appropriately for this OS.
                SecurityIdentifier sid = new
                    SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
                NTAccount translatedAccount = sid.Translate(typeof(NTAccount)) as
                                              NTAccount;
                string translatedUsers = translatedAccount.ToString();

                // Create a registry access rule allowing all users
                // Read/write access to the SLPS key.
                RegistryRights rights = RegistryRights.ReadKey |
                                        RegistryRights.WriteKey |
                                        RegistryRights.SetValue |
                                        RegistryRights.CreateSubKey |
                                        RegistryRights.QueryValues;

                InheritanceFlags inheritance = InheritanceFlags.ContainerInherit |
                InheritanceFlags.ObjectInherit;

                RegistryAccessRule accessRule = new
                                                RegistryAccessRule(translatedUsers,
                                                rights,
                                                inheritance,
                                                PropagationFlags.None,
                                                AccessControlType.Allow);

                // Retrieve or create the SLPS application registry key.
                string appKeyPath = @"SOFTWARE\Microsoft\SLP Services";
                RegistryKey appKey = Registry.LocalMachine.OpenSubKey(appKeyPath,
                                     true);

                if (appKey == null)
                {
                    appKey = Registry.LocalMachine.CreateSubKey(appKeyPath);
                }

                // Update the ACLs for this key.
                RegistrySecurity accessControl = appKey.GetAccessControl();
                accessControl.AddAccessRule(accessRule);
                appKey.SetAccessControl(accessControl);
            }
            catch (Exception e)
            {
                throw new Exception("Error configuring SLPS registry.", e);
            }
        }
    }
}

 

See Also 

ILicenseStore.ConfigurePermissions Method

What do you think about this topic? Send feedback!
Show: