Wooltown Posted August 3, 2005 Share Posted August 3, 2005 Hello ! Is there a way to update the security descriptors in the Registry using Script or another tool ? I would like to remove some registry settings via script, that I don't have permission to change. I can manually change the security using REGEDT32 on Win 2000/NT/XP, but that is not a solution on all computers. /Sven Link to comment Share on other sites More sharing options...
Coder_Demon Posted August 3, 2005 Share Posted August 3, 2005 Hello !Is there a way to update the security descriptors in the Registry using Script or another tool ?I would like to remove some registry settings via script, that I don't have permission to change.I can manually change the security using REGEDT32 on Win 2000/NT/XP, but that is not a solution on all computers./Sven<{POST_SNAPBACK}>Hello. I've got the same problem, my friend wrote a program on C++ for changing permissins in the registry(I didn't find any thing like it in the internet). Use it at you own risk, but I don't find any problems in it. When you setting up permissions in Win 2000\XP you have to keep in mind the notion "inheritance", it works just like the CACLS command. Use it like this (RPP.EXE and RPP.CFG due to be in same folder as your script.):RunWait (@ScriptDir&"\RPP.EXE "&@ScriptDir&"\RPP.CFG",@ScripDir,@SW_HIDE)RPP.zip Link to comment Share on other sites More sharing options...
Wooltown Posted August 3, 2005 Author Share Posted August 3, 2005 Hello. I've got the same problem, my friend wrote a program on C++ for changing permissins in the registry(I didn't find any thing like it in the internet). Use it at you own risk, but I don't find any problems in it. When you setting up permissions in Win 2000\XP you have to keep in mind the notion "inheritance", it works just like the CACLS command. Use it like this (RPP.EXE and RPP.CFG due to be in same folder as your script.):RunWait (@ScriptDir&"\RPP.EXE "&@ScriptDir&"\RPP.CFG",@ScripDir,@SW_HIDE)<{POST_SNAPBACK}>Hello !When I use this syntax, Everyone gets Full accessPKEY = HKEY_LOCAL_MACHINESUBKEY = SYSTEM\CurrentControlSet\Enum\USBSTORPERMISSIONS = E:A:SBut When I use this, System is in the list, but no access, Everyone is missing in the list in REGEDT32.PKEY = HKEY_LOCAL_MACHINESUBKEY = SYSTEM\CurrentControlSet\Enum\USBSTORPERMISSIONS = LS:A:S;E:A:S;/Sven Link to comment Share on other sites More sharing options...
DaveF Posted August 3, 2005 Share Posted August 3, 2005 SubInACL is a command-line tool from Microsoft that can add, remove and change (substitute) entries in the system registry Access Control List. It works on Windows XP and Server 2003.It's not really simple to use or to learn, but it will do anything you need with registry permissions.Though it's available in the Server 2003 resource Kit, I really recommend using the link above to download it, because the version of subinacl.exe that was in the original release (in 2003) of the Resource Kit was broken, and as of the last time I checked the copy in the Resource Kit is still broken. Yes yes yes, there it was. Youth must go, ah yes. But youth is only being in a way like it might be an animal. No, it is not just being an animal so much as being like one of these malenky toys you viddy being sold in the streets, like little chellovecks made out of tin and with a spring inside and then a winding handle on the outside and you wind it up grrr grrr grrr and off it itties, like walking, O my brothers. But it itties in a straight line and bangs straight into things bang bang and it cannot help what it is doing. Being young is like being like one of these malenky machines. Link to comment Share on other sites More sharing options...
Wooltown Posted August 3, 2005 Author Share Posted August 3, 2005 Thank you for the help; SubInACL works just fine, exactly was I needed! /Sven Link to comment Share on other sites More sharing options...
Coder_Demon Posted August 4, 2005 Share Posted August 4, 2005 (edited) Hello !When I use this syntax, Everyone gets Full accessPKEY = HKEY_LOCAL_MACHINESUBKEY = SYSTEM\CurrentControlSet\Enum\USBSTORPERMISSIONS = E:A:SBut When I use this, System is in the list, but no access, Everyone is missing in the list in REGEDT32.PKEY = HKEY_LOCAL_MACHINESUBKEY = SYSTEM\CurrentControlSet\Enum\USBSTORPERMISSIONS = LS:A:S;E:A:S;/Sven<{POST_SNAPBACK}>Hi, You've forget one thing. This registry's subkey (SYSTEM\CurrentControlSet\Enum\USBSTOR) was read only for "Everyone" and full acces for "System". And when you tried set permission with read only rights, system couldn't do it. Get it ?Use PSEXEC (www.sysinternals.com) with "-S" key to run your script with system's rights or run it as service.And one more thing, when you'll check permissions in Regedit32, check the "Advanced..." button and "View/Edit" button.P.S.: SubInACL doesn't work on NT 4.0 (critical for me) instead of my suggestion (works on every NT platforms) Edited August 4, 2005 by Coder_Demon Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now