Change registry key permissions

[supraspecies]

Yes, I know there are dozens of topics with that, and I browsed each and every one. None helped.

I need to change permissions of a couple keys. For example this one:

HKEY_CLASSES_ROOTInternetShortcutshellOpenCommand

I can't figure out how to use SetACL even with the following UDF:

'?do=embed' frameborder='0' data-embedContent>>

and using REGINI.exe didn't do me much good either.

 

I'd really appreciate the easiest way to do this as I'm not an advanced AutoIT user. My current OS is Win7 x64, but something compatible with WinXP would be good, as I'm using XP on second machine and a universal solution would be appreciated.

[jguinch]

Did you try SubInACL.exe from Microsoft ?

[supraspecies]

Did you try SubInACL.exe from Microsoft ?

 

Tried now. It looks like Microsoft tools will not change permissions of these keys (Classes?). Both - REGINI and SubInACL seem to fail. They do work on other reg keys, but Classes? No. Or maybe I'm doing something wrong.

I think the problem is that they are owned by TrustedInstaller.

EDIT: Even SetACL seems to fail for me on keys owned by TrustedInstaller. I guess there's something I'm missing.

 

EDIT 2:

Ok... It seems I finally found commands that work.

SetACL.exe -on "HKEY_CLASSES_ROOTInternet.HHCtrl.1" -ot reg -actn setowner -ownr "n:Administrators"

 

^ This makes Admin an owner

 

SetACL.exe -on "HKEY_CLASSES_ROOTInternet.HHCtrl.1" -ot reg -actn ace -ace "n:Administrators;p:full"

 

^ and this sets the permissions.

 

Seems to work on any keys. So far...   Pardon me for not really an AutoIT-related question. Making a script out of this won't be a problem.

 

 

P.S. I will mark topic as "solved" when I am sure everything works as intended. Currently looking for a way to apply that to all subkeys/values.

Edited July 10, 2014 by supraspecies

[DXRW4E]

the official tool is the SECEDIT.exe

C:Windowssystem32cmd.exe /C ECHO Y| SECEDIT.EXE /CONFIGURE /CFG C:UsersDXRW4EDesktopSECEDIT.inf /DB C:WindowsPrefetchTemp.sdb /OVERWRITE /AREAS REGKEYS /LOG C:WindowsPrefetchTemp.log /QUIET

or
C:\Windows\System32\cmd.exe /C ECHO Y| SECEDIT.EXE /CONFIGURE /CFG C:UsersDXRW4EDesktopSECEDIT.inf /DB C:WindowsPrefetchTemp.sdb /OVERWRITE /AREAS FILESTORE /LOG C:WindowsPrefetchTemp.log /QUIET

 

SECEDIT.inf

[Version]
signature="$CHICAGO$"
Revision=1

[Profile Description]
Description="MyName"

[File Security]
"C:UsersDXRW4EDesktoptest.txt",2,"O:BAD:PAI(A;CI;FA;;;SY)(A;CI;FA;;;BA)(A;CI;FR;;;BU)"

[Registry Keys]
"CLASSES_ROOTInternetShortcutshellOpenCommand",2,"O:BAD:PAI(A;CI;KA;;;SY)(A;CI;KA;;;BA)(A;CI;KR;;;BU)"
 

 

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379593%28v=vs.85%29.aspx

SE_REGISTRY_KEY
    Indicates a registry key. A registry key object can be in the local registry, such as CLASSES_ROOTSomePath or in a remote registry, such as ComputerNameCLASSES_ROOTSomePath.

    The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".

 

 

Ciao.

Edited July 10, 2014 by DXRW4E

[supraspecies]

Thanks!

[jguinch]

I advise you to look at this article, especially this part:

 

Class registration and file name extension information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. The HKEY_LOCAL_MACHINESoftwareClasses key contains default settings that can apply to all users on the local computer. The HKEY_CURRENT_USERSoftwareClasses key contains settings that apply only to the interactive user. The HKEY_CLASSES_ROOT key provides a view of the registry that merges the information from these two sources. HKEY_CLASSES_ROOT also provides this merged view for applications designed for previous versions of Windows.