ASP.NET Encryption Tool Version 1.0.3705.410
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Usage:
------
aspnet_setreg -k:<subkey> [-u:<username>] -p:<password>
aspnet_setreg -k:<subkey> -c:<sqlConnectionString>
aspnet_setreg -k:<subkey> -d:<stateConnectionString>
aspnet_setreg -k:<subkey> -g

Options:
--------
-k:<subkey>                   A registry subkey in the HKLM hive. Encrypted data is stored
                              as REG_BINARY value beneath HKLM\<subkey>\ASPNET_SETREG and
                              the DACL is adjusted as follows:
                              	* HKLM\<subkey>\ASPNET_SETREG and all children are given
                              	  Full Control for System, Administrators, and Creator Owner.
                              	* HKLM\<subkey>\ASPNET_SETREG disallows inheritable permissions
                              	  from parent to propagate to this object and all child objects.

-u:<username>                 A user account.  Domain is optional in format <domain>\<user>.

-p:<password>                 A user account password.

-c:<sqlConnectionString>      A connection string for <sessionState sqlConnectionString=/>.

-d:<stateConnectionString>    A connection string for <sessionState stateConnectionString=/>.

-g                            Display discretionary access-control list for specified registry subkey.

Examples:
---------
aspnet_setreg -k:Software\MyASP.NET\Identity -u:user -p:password

aspnet_setreg -k:Software\MyASP.NET\SessionState -c:"data source=server;user id=user;password=password"
aspnet_setreg -k:Software\MyASP.NET\SessionState -g

Note:
-----
The process identity requires the following file permissions:

  Temporary ASP.NET Files                                      Full Control
  %TEMP%                                                       Full Control
  %WINDIR%\Microsoft.NET\Framework\v1.x.xxxx                   Read & Execute, List Folder Contents, Read
  %WINDIR%\Microsoft.NET\Framework\v1.x.xxxx\CONFIG            Read & Execute, List Folder Contents, Read
  Physical root of website and virtual directories             Read & Execute, List Folder Contents, Read

The process identity requires read permission to registry keys storing <identity/> credentials or 
a <sessionState/> connection string.  Regedt32.exe may be used to view/modify registry key permissions.

The ASPNET account is by default a member of only the Users group
and is granted the following rights:

  SE_NETWORK_LOGON_NAME                  "Access this computer from the network"
  SE_BATCH_LOGON_NAME                    "Logon as a batch job"
  SE_SERVICE_LOGON_NAME                  "Logon as a service"
  SE_DENY_INTERACTIVE_LOGON_NAME         "Deny log on locally"
  SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME  "Deny log on through Terminal Services"
