1

I'm working on a Python 3.7 script that eventually will be a CLI program like reg.exe is. I'm aiming to include the ability to add, delete and query keys and subkeys. At this point, I can create a new Key and iterate through all keys within the specific path however; once I try to write a value to the new key I made, I get a WinError 5 - Access denied.

Is there a way I can include in the script a way to have access to write to the registry?

I'm still a beginner with Python and programming, I've had a look at documents but I cant figure this one out.

Any help will be greatly appreciated. My code soo far:

import winreg

reg_connection = winreg.ConnectRegistry(None, winreg.HKEY_CURRENT_USER)

reg_key = winreg.OpenKey(reg_connection, r"SOFTWARE\Microsoft\\")

winreg.CreateKey(reg_key, "New Key")

for key in range(3000):
    try:
        show_sub_keys = winreg.EnumKey(reg_key, key)
        print(show_sub_keys)
    except WindosError:
        break

new_key_value = winreg.OpenKey(reg_connection, r"SOFTWARE\Microsoft\New Key")
winreg.SetValueEx(new_key_value, "New Value",0,winreg.REG_SZ, "This Value")
winreg.CloseKey(new_key_value)
Improve this question
1
  • 1
    Don't use ConnectRegistry just to access the local registry. It maps a predefined key handle (i.e. HKEY_LOCAL_MACHINE, HKEY_USERS, or HKEY_PERFORMANCE_DATA) to an RPC handle for remote registry access. HKEY_CURRENT_USER is a predefined-handle that by default maps to a handle for the current user's registry key, "\Registry\User\<User SID String>". This is meaningless for remote access (no user profile is loaded), so it's not supported. Commented Dec 9, 2018 at 4:01

1 Answer 1

Reset to default
1 
new_key_value = winreg.OpenKey(reg_connection, r"SOFTWARE\Microsoft\New Key")

Here you do not specify an argument for the optional access parameter, so the call passes the default value of KEY_READ. Hence you can only read from the key, but not write.

You should pass an argument for the access parameter, that specifies the permissions you need:

new_key_value = winreg.OpenKey(reg_connection, r"SOFTWARE\Microsoft\New Key", 0, 
                               winreg.KEY_SET_VALUE)

For further details, see the winreg reference.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Generally we request KEY_READ (i.e. READ_CONTROL | KEY_NOTIFY | KEY_ENUMERATE_SUB_KEYS | KEY_QUERY_VALUE) and/or KEY_WRITE (i.e. READ_CONTROL | KEY_CREATE_SUB_KEY | KEY_SET_VALUE) access, or equivalently GENERIC_READ and/or GENERIC_WRITE access.
@eryksun In the case of this question, only KEY_SET_VALUE is required. Requesting more access than needed would violate the principle of least privilege. In particular, the DACL of a key may grant you permissions to write individual values, but prevents you from creating sub keys, in which case requesting KEY_WRITE would fail.
winreg.CreateKey(reg_key, "New Key")... really?
Thanks for the help on this one :) because im new to this, its a bit confusing at first, but I understand now what seems to be the better way from these suggestions. Thanks everyone. I'll review the Winreg library again until i understand it better.
If I need further help with the program, is it best to ask it here as its already the topic or does that need to be asked elsewhere?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.