How can I get elevated permissions (UAC) via impersonation under a non-interactive login?

Question

I have a class library that keeps system-wide configuration data in the registry (HKLM\\Software\\XXX). This library is used in various applications (services, windows forms

Answer 1

I don't understand how Microsoft could claim that no security checks would be performed. I took a quick look at the code and these methods are not too much more than wrappers around the native RegOpenKeyEx/RegCreateKeyEx functions, so obviously security checks are going to be made. RegistryKeyPermissionCheck seems to control whether or not the RegistryKey class itself does its own internal security checking prior to P/Invoking the native functions. So you can pass whatever flags you want to this RegistryKey class, but if the underlying registry key doesn't grant you access then you're going to get an access denied exception.

As for LogonUser(), from what I've read it seems that it is always going to give you the restricted token.