What is the difference: LoadUserProfile -vs- RegOpenCurrentUser

Question

These two APIs are very similar but it is unclear what the differences are and when each should be used (Except that LoadUserProfile is specified for use with CreateProcessAsUser which I am not using. I am simply impersonating for hive accesss).

LoadUserProfile http://msdn.microsoft.com/en-us/library/bb762281(VS.85).aspx

RegOpenCurrentUser http://msdn.microsoft.com/en-us/library/ms724894(VS.85).aspx

According to the Services & the Registry article: http://msdn.microsoft.com/en-us/library/ms685145(VS.85).aspx we should use RegOpenCurrentUser when impersonating.

But what does/should RegOpenCurrentUser do if the user profile is roaming - should it load it?

As far as I can tell from these docs, both APIs provide a handle to the HKEY_CURRENT_USER for the user the thread is impersonating. Therefore, they both "load" the hive i.e. lock it as a database file and give a handle to it for registry APIs.

It might seem that LoadUserProfile loads the user profile in the same way as the User does when he/she logs on, whereas RegOpenCurrentUser does not - is this correct? What is the fundamental difference (if any) in how these two APIs mount the hive?

What are the implications and differences (if any) between what happens IF

1. A user logs-on or logs-off while each of these impersonated handles is already in use?

2. A user is already logged-on when each matching close function (RegCloseKey and UnloadUserProfile) is called?

Answer 1

But what does/should RegOpenCurrentUser do if the user profile is roaming - should it load it?

It doesn't load the profile. Think about it this way: If it did, you'd have to somehow call UnloadUserProfile() when finished with the handle to HKEY_CURRENT_USER.

It might seem that LoadUserProfile loads the user profile in the same way as the User does when he/she logs on, whereas RegOpenCurrentUser does not - is this correct?

Yes.

What is the fundamental difference (if any) in how these two APIs mount the hive?

None.

What are the implications and differences (if any) between what happens IF A user logs-on or logs-off while each of these impersonated handles is already in use?

They'll get their own handle (to the same key) that's opened and closed.

A user is already logged-on when each matching close function (RegCloseKey and UnloadUserProfile) is called?

Ditto.

Answer 2

As I am currently trying to accomplish the same thing you are I thought I would chime in with what I've found over the last few days.

I'm working in a Windows XP sp3 environment and trying to achieve impersonation with CurrentUser registry access in two different scenarios

If you come across anything useful I would be greatly appreciative if you share your experience. My stack overflow question can be found here

Administrator > Limited User & Limited User > Administrator

What I've noticed so far is (in Windows XP sp3)

LoadUserProfile():

Only works when the impersonating user has SeRestoreName and SeBackupName privileges enabled among others (simply enabling these two for the limited user in question was not enough as it still failed with an access denied error - See my StackOverflow question for more details on that). The only way I'm able to successfully call LoadUserProfile() so far is to do so by an Administrator account before starting impersonation.

RegOpenCurrentUser():

Only works "properly" when the user's profile is already loaded, In every attempt I've made so far I'm only able to get a handle to the S-1-5-18 hive unless the users hive is loaded and accessible under HKEY_USERS already

Answer 3

The two functions are used in different situations.

LoadUserProfile is suitable if the user profile is not already loaded.

RegOpenCurrentUser is suitable if the user profile is already loaded, i.e., if you want to access the registry hive for a user who is already interactively logged on.

Note that LoadUserProfile is usually called without impersonation (because you must have admin privilege to use it) but RegOpenCurrentUser has to be called with impersonation.