IE11增强保护模式下的注册表访问限制
[英]Registry access restrictions in IE11 Enhanced Protected Mode
问题描述
I have a plugin that is being loaded to the IE and tries to read the registry in 
我有一个正在加载到IE的插件,并尝试在其中读取注册表
HKCU\\Software...
path, and being denied. 路径,并被拒绝。 What are the paths in registry (if any) that are permitted to the add-on that should be compatible with the EPM, for read/write? 注册表中允许该附件与EPM兼容以进行读/写的路径是什么(如果有)? Thanks! 谢谢!
1 个解决方案
解决方案1
0 2014-04-01 20:37:31
This is not well documented by Microsoft/MSDN but this preso by Mark Yason has some good info. Microsoft / MSDN并没有很好地对此进行文档记录,但是Mark Yason的这份摘要具有一些好的信息。
It describes that access is based upon the “ALL APPLICATION PACKAGES” ACE , which gives read access to the following: 它描述了访问是基于“所有应用程序包” ACE的 ,该ACE授予对以下内容的读取访问权:
- HKCU\\Software...\\Explorer\\RunMRU HKCU \\ SOFTWARE \\ Explorer的\\ RunMRU中
- HKCU\\Software...\\Explorer\\RecentDocs HKCU \\ SOFTWARE \\ Explorer的\\ RecentDocs
- HKCU\\Software...\\Internet Explorer\\TypedURLs HKCU \\软件... \\ Internet Explorer \\ TypedURLs
- HKLM\\Software...\\Low Rights\\ElevationPolicy HKLM \\软件... \\低权限\\ ElevationPolicy
- HKLM\\Software...\\Windows NT\\CurrentVersion (Registered Owner/Org.) HKLM \\软件... \\ Windows NT \\ CurrentVersion(注册所有者/组织)
And it lets you write to: 它使您可以写入:
- HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\ HKCU \\ Software \\ Classes \\ Local Settings \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ AppContainer \\ Storage \\
Note that these are registry areas controlled by MSFT and their access can change in the future. 请注意,这些是由MSFT控制的注册表区域,它们的访问权限将来可能会更改。
However, being controlled by an ACE means that access can be obtained via out-of-band means, such as an installer. 但是,由ACE控制意味着可以通过带外手段(例如安装程序)获得访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.