Alternate data stream of “<system32>\config\system isn't modifiable by a process even when run by the administrator RRS feed

  • Question

  • The background:

    We write in a few alternate data streams (ADS) of the registry hub file "<system32>\config\system", where our programme keeps some information.

    Clearly, our approach is founded on the following assumptions:


    The file "system" is used in the current windows version.


    It occurs under the directory "<system32>\config"


    ADS of the file "system" is modifiable by an application running in administrative mode.


    All versions of Windows (NT based) continue to use a file system like NTFS supporting ADS.

    We observed that this approach works for both Windows 2000 and Windows XP, but not for Windows 7.

    To be precise - point number 3 isn’t applicable for Windows 7 i.e., ADS of "system" file can’t be accessed by a process even when it is executed by a user with administrator’s privilege. This means for Windows 7 this approach fails; there is an access failure.

    The query:

    1. How can we solve this problem with Windows 7 ?

    2. Can we hold on these assumptions of ours for the upcoming version of windows ? Can Microsoft suggest something in this direction ?

    Thursday, January 20, 2011 6:21 AM


  • Have you tried to run the program with admin rights? I think the tool also fails in 2000/XP when you run it with user rights.

    Include a manifest to your App:

    <?xml version="1.0" encoding="utf-8"?>
    <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
      <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
            <requestedExecutionLevel level="requireAdministrator" />

    Create and Embed an Application Manifest (UAC)


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter
    Thursday, January 20, 2011 1:49 PM