Maybe the application here also matters. Maybe you could write a very small C# tool that you’d run and it would just try to read the keys and show them in a simple form. That’d be the .NET part tested as well.
I can login as localadmin too. That is what I did.
Can you help me with what I should do next step by step?
Contact your IT dept. Ask them if they have put restrictions on any registry keys
Ah, yes, of course. Logging in as local admin is required to run regedit.
When you are logged in as local admin, does Rhino start properly?
If so, I agree with Ivelin - you’ll need to work with IT to figure out why these registry keys are blocked.
In a university environment it is probable that Group Policy Objects (GPOs) are being used to lock down the registry keys by default and enable only the specific keys needed for different groups of users. The IT Ops team can use procmon to identify which registry keys you try to access when running Rhino and create a GPO giving access to those keys for Rhino users.
Or we could make it easy for them, and say that the keys are in HKEY_LOCAL_MACHINE\Software\McNeel\ - all of those should be readable by everyone.
The IT department now changed the permissions of HKEY_LOCAL_MACHINE\Software\McNeel. See below picture. I checked if the problem exist when I login as local-admin, but we have the same problem!. What are the next steps?
The problem is still there:
He’s showing a screenshot of registry access. It’s kind of similiar to what you’ll see in the file explorer.
If I remembered correctly,
Deny access prioritizes to
Allow. It’s possible
Users group denys access to that key. If it’s the case,
Everyone with Read allowed wouldn’t work.
PS: It’s also possible GPO limits it.
Did you restart the PC after they edited the permissions?
In your original post the failing registry access was Write, not Read, so I think we are barking up the wrong tree. I don’t think Rhino attempts to write into HKEY_LOCAL_MACHINE\Software\McNeel at this stage. It does attempt to do so in HKEY_USERS. Getting the IT bods to run procmon as previously suggested is the best way to identify all the registry access, in particular where access is being denied.
Incidentally, re. @gankeyu’s point about the priority of different assignments, if you click on the Advanced button, you can get to a window where you enter a specific user Id to see what access the various settings allow that individual - much easier than trying to work it out!
yes I did. The problem is still there.