21 May
2008
21 May
'08
3:44 p.m.
I didn't find a way yet (and didn't look to hard) to make the subkeys inherit these new permissions. Otherwise I have to do this for every key.
I don't think you can if you don't actually create the key. The caller of RegCreateKeyEx is able to set the default DACL for the key, and subkeys will inherit this if they don't set their own DACL. In this case we expect that some system process is creating the key, so we have to change the DACL after the fact.
In other words, I think your function looks fine :) --Juan