Tuesday, July 18, 2017

Access control lists for power configuration

Changes to power settings are written through the cooperation of the Power service. That service, like most, runs as SYSTEM, so there has to be some other means of access control than just normal Registry key ACLs. And sure enough, there is in this key:

HKLM\SYSTEM\CurrentControlSet\Control\Power\SecurityDescriptors

Each value appears to be the GUID of a setting type. "Default" likely applies to all the other operations The data is the ACL in SDDL format. The specific permissions available are Registry permissions (KR for read, KW for write, KA for all). Changes to these ACLs require a reboot to take effect.

No comments:

Post a Comment