Is there a way to check whether the current user can write to the registry? More specifically if it's not an administrator, can it write to HKEY_LOCAL_MACHINE or the policy keys on HKEY_CURRENT_USER.
I tried with LookupPrivilegeValue() but I don't think it's the right thing to do.
Code is appreciated.
Theres one really simple and reliable way to see if the user has write access to a registry key:-
LONG err = RegOpenKeyEx(....,KEY_READ|KEY_WRITE);
if(err) {
// Test err to see if its a permission error. if so, the user does not have permission.
Related
I’m making a command that should only be ran by people that can kick or ban, assuming that the role they have is some sort of mod or admin. I’ve only seen answers for previous versions, like .hasPermissions.
what do i do?
As said in this question (self-answered by me), .hasPermission() has been removed. Use .permissions.has() instead
if (message.member.permissions.has("KICK_MEMBERS")) {
// member HAS kick members permissions
}
You can also check multiple permissions at the same time. This is just an example that would probably not be used
if (message.member.permissions.has(["MANAGE_GUILD", "SEND_MESSAGES"])) {
// member HAS *BOTH* permissions to send messages and manage server
}
You can check all the permission flags at the discord.js docs for Permissions.FLAGS
It's really simple
if (message.member.permissions.has('KICK_MEMBERS') || message.member.permissions.has('BAN_MEMBERS')) {
//your code here
}
I need to make a lock command for a bot I'm making with discord.js but I don't know how. I need it to lock the channel when I do ".lock" by changing "Send messages" setting for the "Community" role to false, and set it back to True when I do ".unlock".
Does anyone know how to do this?
Here are the steps:
Get the "community" role's id. Store it in some variable (I'm calling it communityRoleId in this example).
Call <Message>.channel.permissionOverwrites.edit(communityRoleId, { SEND_MESSAGES: false }) when someone calls the lock command. This creates a permission overwrite for the community role saying that that role can't send messages in the channel.
For the unlock command, you can either delete the permission overwrite you made with the lock command or edit it so the community role can send messages again. To delete it, you can just <Message>.channel.permissionOverwrites.delete(communityRoleId), and to edit it, you can <Message>.channel.permissionOverwrites.edit(communityRoleId, { SEND_MESSAGES: true })
Edit: Be sure to also run checks to see if the person using the command has an "admin" role or sufficient permissions or something like that, you don't want random people being able to lock channels!
After i successfully create a new user, add user to built-in admins group, i would like to edit the newly created user's registry (this program is an elevated-as-admin program). I called NetUserAdd(), NetLocalGroupAddMembers(), LogonUser(), and then, finally LoadUserProfile() so the user's directory exists.
Excuse the sloppy code, but this is what I am doing after that:
DuplicateTokenEx(hToken,TOKEN_ALL_ACCESS,&sa,SecurityImpersonation,TokenPrimary,&hNewToken);
ImpersonateLoggedOnUser(hNewToken);
HKEY hKey;
LSTATUS stat = RegOpenCurrentUser(KEY_READ|KEY_WRITE, &hKey);
// stat is 5 (ACCESS_DENIED) when KEY_WRITE is added, it
// returns 0 (ERROR_SUCCESS) when it's just KEY_READ
RegCloseKey(hKey);
RevertToSelf();
CloseHandle(hNewToken);
The error is on the RegOpenCurrentUser() line. It errors out when I ask to write to that user's HKU registry. It works perfectly fine if I use just KEY_READ
Is this even possible what I am trying to do? Is the user's registry hive even created yet? Or does the user have to physically sign on to create it?
Ultimately what i would want to do is create GPO's for the new user.
If you already have the user profile loaded with LoadUserProfile(), you don't really need to use RegOpenCurrentUser() at all. You can instead use the hProfile field of the PROFILEINFO that LoadUserProfile() returns:
hProfile
Type: HANDLE
A handle to the HKEY_CURRENT_USER registry subtree.
...
When the LoadUserProfile call returns successfully, the hProfile member receives a registry key handle opened to the root of the user's subtree, opened with full access (KEY_ALL_ACCESS).
I am trying to read an msExchMailboxSecurityDescriptor, to find whether it contains a Full Access to another person. The access control entries contain the trustees in the netbios format (DOMAIN\Username).
SecurityDescriptor secDesc = (SecurityDescriptor)userDirectoryEntry.Properties["msExchMailboxSecurityDescriptor"].Value;
AccessControlList usrAcl = (AccessControlList)secDesc.DiscretionaryAcl;
foreach (AccessControlEntry ace in (IEnumerable)usrAcl)
{
var netbiosDn = ace.Trustee.Split('\\')[0];
var netbiosUser = ace.Trustee.Split('\\')[1];
// now, the problem:
UserPrincipal user = UserPrincipal.FindByIdentity(
new PrincipalContext(ContextType.Domain, netbiosDn),
netbiosUser
);
This works until the last line, where I have to connect to the correct AD server and get some user info. Obviously, this fails when there is no server available for that domain, like any of the "NT AUTHORITY" or "BUILTIN" "domains". It does not only fail, it needs quite some time until it does.
How on earth would I distinguish which ones are AD domains, where I can connect to the AD server, and which ones aren't?
Some example users I may find in the Security Descriptor, just for you to get a feel for the problem:
CONTOSO\Alex
CONTOSO\Michael
SUBDOMAIN\Kirk
TRUSTED\George
NTPD\ChiefBrown
NT AUTHORITY\SELF
NT INSTANS\INTERAKTIV
BUILTIN\Администраторы
BUILDING2\Владимир
VORDEFINERT\Administrator
Take a look at SecurityIdentifier.IsWellKnown
You can pass various values, including WellKnownSidType.NTAuthoritySid to determine what kind of SID you have.
(See also this PowerShell code on translating into readable names.)
I am trying to connect to D3 Database with MVSP java api. So far:
I have downloaded the mvapi.jar
added it in project lib folder
written the sample code for connection inside main method
String url = "jdbc:mv:d3:hostname:portNo";
Properties props = new Properties();
props.setProperty("username", "");
props.setProperty("password", "");
String account = "AGCO";
String password = "";
MVConnection connection = null;
try {
// Getting error at this point
connection = new MVConnection(url,props);
MVStatement mvStatement = connection.createStatement();
connection.logTo(account,password);
MVResultSet results = mvStatement.executeQuery(query);
}
com.tigr.mvapi.exceptions.MVException: server error with errorCode 1023.
I checked the console but I'm not able to figure out the actual cause or whether I am entering the wrong username, password.
Please suggest what I am doing wrong.
First, you have to set a breakpoint or trace which function is throwing the errors. Then check the routes, (FileName) probably you will have much more experience than I do, but keep in mind that giving the full route ("account,filename," where the last comma is important) is never a bad idea while keep you safer and is mandatory if the filename is in a different account that you are logged to.
And like always please verify these things:
You have enough licenses. Try to close any terminal you have opened for testing your queries. Yes you know is true. One connection one license. Sometimes MVSP let you two under the same IP but chek this.
MVSP service is running. See Pick D3 documentation.
Your USER and ACCOUNT are both ENABLED to access in the MVSP server otherwise you won't be able to access these files or login with the user through the API. See the documentation to enable in the MVSP.Menu account.
I hope this helps.