Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/146906

From BetaArchive Wiki

HOWTO: How To Secure Performance Data in Windows NT

Q146906



The information in this article applies to:


  • Microsoft Win32 Software Development Kit (SDK), used with:
    • the operating system: Microsoft Windows NT, versions 3.51, 4.0
    • the operating system: Microsoft Windows 2000





SUMMARY

Windows NT provides access to a variety of performance data that collectively represents the state of the computer. This performance data is stored in the registry key HKEY_PERFORMANCE_DATA. The default configuration of Windows NT gives everyone the ability to query this performance data, including remote users.

In some environments, you may want to restrict access to this performance data because some performance data may be considered sensitive. An example of potentially sensitive performance data is the list of running processes in the system. This article describes how to regulate access to this performance data programmatically by using the Win32 API.



MORE INFORMATION

The security on the following registry key dictates which users or groups can gain access to the performance data:

HKEY_LOCAL_MACHINE\ 
 SOFTWARE\ 
 Microsoft\ 
 Windows NT\ 
 CurrentVersion\ 
 Perflib 

In order for users to query performance data, they must have KEY_READ access to the above registry key. An example of reasonable security on the performance data would be to grant Administrators KEY_ALL_ACCESS access and Interactive (users logged onto the workstation interactively) KEY_READ access. This particular configuration would prevent non-administrator remote users from querying performance data.

Note that this operation can be performed by using the registry editor utility (Regedt32.exe).

Sample Code

/*
 This sample illustrates how to regulate access to the performance data
 provided by the registry key HKEY_PERFORMANCE_DATA.

 The security on the following registry key dictates which users or groups
 can gain access to the performance data:

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

 This sample opens the registry key for WRITE_DAC access, which allows
 for a new Dacl to be applied to the registry key.

 A Dacl is then built, which grants the following users access:

 Administrators are granted full control to allow for future updates to the
 security on the key and to allow for querying performance data.

 Interactively logged on users, through the well-known Interactive Sid,
 are granted KEY_READ access, which allows for querying performance
 data.

 The new Dacl is then applied to the registry key using the
 RegSetKeySecurity() Win32 API.

 This sample relies on the import library Advapi32.lib.
 Note that not all errors will cause an information message to be
 displayed.

 */ 

#include <windows.h>
#include <stdio.h>

#define RTN_OK 0
#define RTN_USAGE 1
#define RTN_ERROR 13

int
__cdecl
main(
    void
    )
{
    SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
    PSID pInteractiveSid = NULL;
    PSID pAdministratorsSid = NULL;
    SECURITY_DESCRIPTOR sd;
    PACL pDacl = NULL;
    DWORD dwAclSize;
    HKEY hKey;
    LONG lRetCode;
    BOOL bSuccess = FALSE; // assume this function fails

    // 
    // open the performance key for WRITE_DAC access
    // 
    lRetCode = RegOpenKeyEx(
        HKEY_LOCAL_MACHINE,
       TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib"),
        0,
        WRITE_DAC,
        &hKey
        );

    if(lRetCode != ERROR_SUCCESS) {
        fprintf(stderr, "RegOpenKeyEx error! (rc=%lu)\n", lRetCode);
        return RTN_ERROR;
    }

    // 
    // prepare a Sid representing any Interactively logged-on user
    // 
    if(!AllocateAndInitializeSid(
        &sia,
        1,
        SECURITY_INTERACTIVE_RID,
        0, 0, 0, 0, 0, 0, 0,
        &pInteractiveSid
        )) goto cleanup;

    // 
    // prepare a Sid representing the well-known admin group
    // 
    if(!AllocateAndInitializeSid(
        &sia,
        2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0,
        &pAdministratorsSid
        )) goto cleanup;

    // 
    // compute size of new acl
    // 
    dwAclSize = sizeof(ACL) +
        2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
        GetLengthSid(pInteractiveSid) +
        GetLengthSid(pAdministratorsSid) ;

    // 
    // allocate storage for Acl
    // 
    pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
    if(pDacl == NULL) goto cleanup;

    if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
        goto cleanup;

    // 
    // grant the Interactive Sid KEY_READ access to the perf key
    // 
    if(!AddAccessAllowedAce(
        pDacl,
        ACL_REVISION,
        KEY_READ,
        pInteractiveSid
        )) goto cleanup;

    // 
    // grant the Administrators Sid GENERIC_ALL access to the perf key
    // 
    if(!AddAccessAllowedAce(
        pDacl,
        ACL_REVISION,
        KEY_ALL_ACCESS,
        pAdministratorsSid
        )) goto cleanup;

    if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
        goto cleanup;

    if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) {
        fprintf(stderr, "SetSecurityDescriptorDacl error! (rc=%lu)\n",
            GetLastError());
        goto cleanup;
    }

    // 
    // apply the security descriptor to the registry key
    // 
    lRetCode = RegSetKeySecurity(
        hKey,
        (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,
        &sd
        );

    if(lRetCode != ERROR_SUCCESS) {
        fprintf(stderr, "RegSetKeySecurity error! (rc=%lu)\n",
            lRetCode);
        goto cleanup;
    }

    bSuccess = TRUE; // indicate success

cleanup:

    RegCloseKey(hKey);
    RegCloseKey(HKEY_LOCAL_MACHINE);

    // 
    // free allocated resources
    // 
    if(pDacl != NULL)
        HeapFree(GetProcessHeap(), 0, pDacl);

    if(pInteractiveSid != NULL)
        FreeSid(pInteractiveSid);

    if(pAdministratorsSid != NULL)
        FreeSid(pAdministratorsSid);

    if(!bSuccess) return RTN_ERROR;

    return RTN_OK;
} 

Additional query words: 3.51 4.00 perfmon performance

Keywords : _IK kbAPI kbKernBase kbOSWin2000 kbPerfMon kbSecurity kbDSupport kbGrpDSKernBase
Issue type : kbhowto
Technology : kbWin32SDKSearch kbAudDeveloper kbSDKSearch kbWin32sSearch


Last Reviewed: November 22, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.