I was trying to copy the register files from windows 10 located into the folder "C:\Windows\System32\config" using a Python script and the fuction copy2 from os library. Sadly it gives me the error 13 - Permission denied.
Error:
Traceback (most recent call last):
File "C:\Users\vagrant\Documents\recovery\recovery.py", line 1335, in <module>
GetStartUpPrograms(outputFileMain)
File "C:\Users\vagrant\Documents\recovery\recovery.py", line 1053, in GetStartUpPrograms
shutil.copy2(auxRegisterFilePath, destPathRegisters)
File "C:\Users\vagrant\AppData\Local\Programs\Python\Python311\Lib\shutil.py", line 436, in copy2
copyfile(src, dst, follow_symlinks=follow_symlinks)
File "C:\Users\vagrant\AppData\Local\Programs\Python\Python311\Lib\shutil.py", line 256, in copyfile
with open(src, 'rb') as fsrc:
^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: 'c:\\Windows\\System32\\config\\SYSTEM'
It seems that it is a permission/privileges/rights error for the open function from the os library.
I am using an administator power shell session and I have the other rights for the session as SeBackupPrivilege rights, which work, with other parts of the script, as the copy of log files.
Running the following command in order to know some privileges of the powershell session gives the follwing output:
(Get-PSSessionConfiguration -Name Microsoft.PowerShell).Permission
NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed
What I am missing here? Which privilege can allow me to copy the register files from windows 10 into another folder for further analysis? I do not know which privilege I am missing... it seems by the output of the command above I have all privileges possible...
Any way to bypass the windows rights?
Thank you for your time!
PS: I forgot the code where the problem arises.
"""Copy most important register files for further analysis"""
destPathRegisters = gl_currentVersionRegistersFolderPath
if(os.path.exists(destPathRegisters) == True and os.path.isdir(destPathRegisters) == True):
for path in gl_registersPathsList:
for file in gl_registersName:
auxPath = gl_disk + path
auxRegisterFilePath = os.path.join(auxPath, file)
if(os.path.exists(auxRegisterFilePath) == True):
shutil.copy2(auxRegisterFilePath, destPathRegisters)
I tried getting all privileges possible and showing privileges as shown above. I tried with another Power shell session doing it from the beggining. But nothing seems to work.
I tried copying it by hand with the windows GUI options and it says me that the files are openend and therefore they cannot be copied to another folder. (file seems closed, do not know which processes from windows could have it open, nut no application by my side is using it)
Maybe the problem are the rights how the file is opened with the function open(src,'rb') from the os library? How can I pass this function other rights through the call to the os.copy2() function in order to try to solve it? Or maybe this function does not have the power shell session rights?
Thank you for your time again.