You are currently offline, waiting for your internet to reconnect

How To Secure Performance Data in Windows 2000, Windows NT, Windows XP

This article was previously published under Q146906
SUMMARY
Microsoft Windows 2000, Windows NT, or Windows XP provides access to a variety of performance data that collectively represents the state of the computer. This performance data is stored in the registry key HKEY_PERFORMANCE_DATA. The default configuration of Windows NT gives everyone the ability to query this performance data, including remote users.

In some environments, you may want to restrict access to this performancedata because some performance data may be considered sensitive. An exampleof potentially sensitive performance data is the list of running processesin the system. This article describes how to regulate access to thisperformance data programmatically by using the Win32 API.
MORE INFORMATION
The security on the following registry key dictates which users or groupscan gain access to the performance data:
HKEY_LOCAL_MACHINE\  SOFTWARE\  Microsoft\  Windows NT\  CurrentVersion\  Perflib				
In order for users to query performance data, they must have KEY_READaccess to the above registry key. An example of reasonable security on theperformance data would be to grant Administrators KEY_ALL_ACCESS access andInteractive (users logged onto the workstation interactively) KEY_READaccess. This particular configuration would prevent non-administratorremote users from querying performance data.

Note that this operation can be performed by using the registry editorutility (Regedt32.exe).

Sample Code

/* This sample illustrates how to regulate access to the performance data provided by the registry key HKEY_PERFORMANCE_DATA. The security on the following registry key dictates which users or groups can gain access to the performance data: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib This sample opens the registry key for WRITE_DAC access, which allows for a new Dacl to be applied to the registry key. A Dacl is then built, which grants the following users access: Administrators are granted full control to allow for future updates to the security on the key and to allow for querying performance data. Interactively logged on users, through the well-known Interactive Sid, are granted KEY_READ access, which allows for querying performance data. The new Dacl is then applied to the registry key using the RegSetKeySecurity() Win32 API. This sample relies on the import library Advapi32.lib. Note that not all errors will cause an information message to be displayed. */ #include <windows.h>#include <stdio.h>#define RTN_OK 0#define RTN_USAGE 1#define RTN_ERROR 13int__cdeclmain(    void    ){    SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;    PSID pInteractiveSid = NULL;    PSID pAdministratorsSid = NULL;    SECURITY_DESCRIPTOR sd;    PACL pDacl = NULL;    DWORD dwAclSize;    HKEY hKey;    LONG lRetCode;    BOOL bSuccess = FALSE; // assume this function fails    //     // open the performance key for WRITE_DAC access    //     lRetCode = RegOpenKeyEx(        HKEY_LOCAL_MACHINE,       TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib"),        0,        WRITE_DAC,        &hKey        );    if(lRetCode != ERROR_SUCCESS) {        fprintf(stderr, "RegOpenKeyEx error! (rc=%lu)\n", lRetCode);        return RTN_ERROR;    }    //     // prepare a Sid representing any Interactively logged-on user    //     if(!AllocateAndInitializeSid(        &sia,        1,        SECURITY_INTERACTIVE_RID,        0, 0, 0, 0, 0, 0, 0,        &pInteractiveSid        )) goto cleanup;    //     // prepare a Sid representing the well-known admin group    //     if(!AllocateAndInitializeSid(        &sia,        2,        SECURITY_BUILTIN_DOMAIN_RID,        DOMAIN_ALIAS_RID_ADMINS,        0, 0, 0, 0, 0, 0,        &pAdministratorsSid        )) goto cleanup;    //     // compute size of new acl    //     dwAclSize = sizeof(ACL) +        2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +        GetLengthSid(pInteractiveSid) +        GetLengthSid(pAdministratorsSid) ;    //     // allocate storage for Acl    //     pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);    if(pDacl == NULL) goto cleanup;    if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))        goto cleanup;    //     // grant the Interactive Sid KEY_READ access to the perf key    //     if(!AddAccessAllowedAce(        pDacl,        ACL_REVISION,        KEY_READ,        pInteractiveSid        )) goto cleanup;    //     // grant the Administrators Sid GENERIC_ALL access to the perf key    //     if(!AddAccessAllowedAce(        pDacl,        ACL_REVISION,        KEY_ALL_ACCESS,        pAdministratorsSid        )) goto cleanup;    if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))        goto cleanup;    if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) {        fprintf(stderr, "SetSecurityDescriptorDacl error! (rc=%lu)\n",            GetLastError());        goto cleanup;    }    //     // apply the security descriptor to the registry key    //     lRetCode = RegSetKeySecurity(        hKey,        (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,        &sd        );    if(lRetCode != ERROR_SUCCESS) {        fprintf(stderr, "RegSetKeySecurity error! (rc=%lu)\n",            lRetCode);        goto cleanup;    }    bSuccess = TRUE; // indicate successcleanup:    RegCloseKey(hKey);    RegCloseKey(HKEY_LOCAL_MACHINE);    //     // free allocated resources    //     if(pDacl != NULL)        HeapFree(GetProcessHeap(), 0, pDacl);    if(pInteractiveSid != NULL)        FreeSid(pInteractiveSid);    if(pAdministratorsSid != NULL)        FreeSid(pAdministratorsSid);    if(!bSuccess) return RTN_ERROR;    return RTN_OK;}				
3.51 4.00 perfmon performance
Properties

Article ID: 146906 - Last Review: 07/11/2005 18:39:00 - Revision: 2.2

  • Microsoft Platform Software Development Kit-January 2000 Edition
  • kbhowto kbapi kbkernbase kbperfmon kbsecurity kbcode KB146906
Feedback