What registry access can you get without Administrator privileges?

Asked 9/9, 2008 at 23:29 Answered 9/9, 2008 at 23:53

Solved registry privileges administrator

I know that we shouldn't being using the registry to store Application Data anymore, but in updating a Legacy application (and wanting to do the fewest changes), what Registry Hives are non-administrators allowed to use?

Can I access all of HKEY_CURRENT_USER (the application currently access HKEY_LOCAL_MACHINE) without Administrator privileges?

Priedieu answered 9/9, 2008 at 23:29 Comment(2)

"I know that we shouldn't being using the registry to store Application Data anymore" - I don't think this is entirely true. The registry has many advantages over the file system and I'm not aware of any guidance from Microsoft to stop using it in application development. You probably shouldn't use it to store large amounts of application data, but it is a good place to store settings and configuration data. – Alboin 2/3, 2017 at 18:52

I think that Microsoft have strongly implied you should use something else now, such as XML config files, because they are doing so themselves. – Birkett 7/6, 2021 at 22:58

112

In general, a non-administrator user has this access to the registry:

Read/Write to:

HKEY_CURRENT_USER

Read Only:

HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT (which is just a link to HKEY_LOCAL_MACHINE\Software\Classes)

It is possible to change some of these permissions on a key-by-key basis, but it's extremely rare. You should not have to worry about that.

For your purposes, your application should be writing settings and configuration to HKEY_CURRENT_USER. The canonical place is anywhere within

HKEY_CURRENT_USER\Software\YourCompany\YourProduct\

You could potentially hold settings that are global (for all users) in HKEY_LOCAL_MACHINE. It is very rare to need to do this, and you should avoid it. The problem is that any user can "read" those, but only an administrator (or by extension, your setup/install program) can set them.

Other common source of trouble: your application should not write to anything in the Program files or the Windows directories. If you need to write to files, there are several options at hand; describing all of them would be a longer discussion. All of the options end up writing to a subfolder or another under %USERPROFILE% for the user in question.

Finally, your application should stay out of HKEY_CURRENT_CONFIG. This hive holds hardware configuration, services configurations and other items that 99.9999% of applications should not need to look at (for example, it holds the current plug-and-play device list). If you need anything from there, most of the information is available through supported APIs elsewhere.

Eldoria answered 9/9, 2008 at 23:53 Comment(4)

Thank you. Saved a fruitless search on MSDN, although a link would be nice. This Q&A wants more exposure. – Expunction 23/5, 2017 at 5:20

HKEY_CLASSES_ROOT is a merged view of HKLM\SOFTWARE\Classes and HKCU\SOFTWARE\Classes according to learn.microsoft.com/en-us/windows/desktop/winprog64/…. Thus, writing is allowed depending on the merge source. And you can create new entries, for example you can create a custom protocol handler without administrator privileges (just tested it). – Waw 20/1, 2019 at 23:2

I was aware of this information, but then how can (for example) Spotify install itself without Admin rights and create registry items in HKEY_CLASSES_ROOT, HKEY_LOCAL_MACHINE, HKEY_USERS and HKEY_CURRENT_USER. The even weirder thing is that you need Admin rights to uninstall Spotify. Any ideas how this is possible? – Andersen 15/3, 2019 at 10:43

What about 32-bit apps on 64-bit windows? Is it the app reading this setting so it has to be in the 32-bit section of the registry, or is it windows so it can stay in the 64-bit part? – Kalbli 22/8, 2019 at 10:9

Yes, you should be able to write to any place under HKEY_CURRENT_USER without having Administrator privileges. But this is effectively a private store that no other user on this machine will be able to access, so you can't put any shared configuration there.

Fainthearted answered 9/9, 2008 at 23:44 Comment(2)

Note that HKEY_CURRENT_USER\Software\Policies is read-only for non-administrators. – Waw 20/1, 2019 at 23:16

I am unable to save anywhere in HKEY_CURRENT_USER. Including places I created in VB6. Where is a guaranteed place to save a simple string? – Irmairme 22/5, 2021 at 2:20

Recommended topics

Hot tags