Jump to content
Sign in to follow this  

Change registry key permissions

Recommended Posts

Yes, I know there are dozens of topics with that, and I browsed each and every one. None helped.

I need to change permissions of a couple keys. For example this one:


I can't figure out how to use SetACL even with the following UDF:

'?do=embed' frameborder='0' data-embedContent>>

and using REGINI.exe didn't do me much good either.


I'd really appreciate the easiest way to do this as I'm not an advanced AutoIT user. My current OS is Win7 x64, but something compatible with WinXP would be good, as I'm using XP on second machine and a universal solution would be appreciated.

Share this post

Link to post
Share on other sites

Did you try SubInACL.exe from Microsoft ?


Tried now. It looks like Microsoft tools will not change permissions of these keys (Classes?). Both - REGINI and SubInACL seem to fail. They do work on other reg keys, but Classes? No. Or maybe I'm doing something wrong.

I think the problem is that they are owned by TrustedInstaller.

EDIT: Even SetACL seems to fail for me on keys owned by TrustedInstaller. I guess there's something I'm missing.



Ok... It seems I finally found commands that work.

SetACL.exe -on "HKEY_CLASSES_ROOTInternet.HHCtrl.1" -ot reg -actn setowner -ownr "n:Administrators"
^ This makes Admin an owner
SetACL.exe -on "HKEY_CLASSES_ROOTInternet.HHCtrl.1" -ot reg -actn ace -ace "n:Administrators;p:full"
^ and this sets the permissions.
Seems to work on any keys. So far...  :P Pardon me for not really an AutoIT-related question. Making a script out of this won't be a problem.
P.S. I will mark topic as "solved" when I am sure everything works as intended. Currently looking for a way to apply that to all subkeys/values.
Edited by supraspecies

Share this post

Link to post
Share on other sites

the official tool is the SECEDIT.exe

C:Windowssystem32cmd.exe /C ECHO Y| SECEDIT.EXE /CONFIGURE /CFG C:UsersDXRW4EDesktopSECEDIT.inf /DB C:WindowsPrefetchTemp.sdb /OVERWRITE /AREAS REGKEYS /LOG C:WindowsPrefetchTemp.log /QUIET

C:\Windows\System32\cmd.exe /C ECHO Y| SECEDIT.EXE /CONFIGURE /CFG C:UsersDXRW4EDesktopSECEDIT.inf /DB C:WindowsPrefetchTemp.sdb /OVERWRITE /AREAS FILESTORE /LOG C:WindowsPrefetchTemp.log /QUIET




[Profile Description]

[File Security]

[Registry Keys]



    Indicates a registry key. A registry key object can be in the local registry, such as CLASSES_ROOTSomePath or in a remote registry, such as ComputerNameCLASSES_ROOTSomePath.

    The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".




Edited by DXRW4E

Share this post

Link to post
Share on other sites

I advise you to look at this article, especially this part:


Class registration and file name extension information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. The HKEY_LOCAL_MACHINESoftwareClasses key contains default settings that can apply to all users on the local computer. The HKEY_CURRENT_USERSoftwareClasses key contains settings that apply only to the interactive user. The HKEY_CLASSES_ROOT key provides a view of the registry that merges the information from these two sources. HKEY_CLASSES_ROOT also provides this merged view for applications designed for previous versions of Windows.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Create New...