[Batch] Registry Key Permissions (by command line)

Discussion in 'Scripting' started by searchengine, Feb 22, 2011.

  1. searchengine

    searchengine Guest

    #1 searchengine, Feb 22, 2011
    Last edited by a moderator: Apr 20, 2017
    I wanted to delete some registry keys by command line during Windows 7 installation, but the keys in question are owned by "TRUSTED INSTALLER" and user does not have permissions to delete the reg keys.

    Googling pointed me towards SUBINACL ...

    The original version of subinacl.exe shipped with the Windows Resource Kit was buggy, A better, non buggy version can be downloaded from the Microsoft website. Microsoft - Subinacl or you can download the extracted exe from .msi installer here Extracted - Subinacl

    Example of "subinacl" Useage:-

    Copy "subinacl.exe" to system32 folder

    Example below removes "Screen Resolution" from Win 7 right-click menu.

    The Example .cmd file script does as follows:-

    1. check if "subinacl.exe" exists in system32
    2. take ownership of "subinacl.exe"
    3. grant permissions to "subinacl.exe"
    4. setting owner of reg key and any sub keys
    5. granting owner "FULL" permission of reg key and any sub keys
    6. deleting reg key and any sub keys

    Example .cmd file script:-
    Code:
    @echo off
    
    if exist %windir%\system32\subinacl.exe (
       takeown /F %windir%\system32\subinacl.exe >nul
       icacls %windir%\system32\subinacl.exe /GRANT *S-1-1-0:F >nul
       subinacl /subkeyreg HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display /setowner=%username% >nul
       subinacl /subkeyreg HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display /grant=%username%=F >nul
       reg delete "HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display" /f >nul
    )
    exit
    [​IMG]

    since adding subinacl.exe to my system32 folder, I can now take control of reg keys previously owned by "TRUSTED INSTALLER" using command line.

    p.s. My testing of subinacl.exe was performed on 32bit OS
     
  2. woebetide

    woebetide MDL Member

    May 28, 2007
    240
    78
    10
    #2 woebetide, Feb 23, 2011
    Last edited by a moderator: Apr 20, 2017
    Problem on x64 system
    Code:
    SUCCESS: The file (or folder): "E:\Windows\system32\subinacl.exe" now owned by user "jos7\jos".
    processed file: E:\Windows\system32\subinacl.exe
    Successfully processed 1 files; Failed processing 0 files
    DesktopBackground\Shell\Display : new ace for jos7\jos
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display - RegSetKeySecurity Error : 5 Access is denied.
    
    DesktopBackground\Shell\Display\command : new ace for jos7\jos
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command - RegSetKeySecurity Error : 5 Access is de
    nied.
    
    
    
    Elapsed Time: 00 00:00:00
    Done:        2, Modified        0, Failed        2, Syntax errors        0
    Last Done  : HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command
    Last Failed: HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command - RegSetKeySecurity Error : 5
     Access is denied.
    
    ERROR: Access is denied.
     
  3. woebetide

    woebetide MDL Member

    May 28, 2007
    240
    78
    10
    #3 woebetide, Feb 23, 2011
    Last edited by a moderator: Apr 20, 2017
    Ok, checked the script and forgot 1 line:eek:

    Now works 100% on x64!
    Code:
    SUCCESS: The file (or folder): "E:\Windows\system32\subinacl.exe" now owned by user "jos7\jos".
    processed file: E:\Windows\system32\subinacl.exe
    Successfully processed 1 files; Failed processing 0 files
    DesktopBackground\Shell\Display : jos7\jos is the new owner
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display : 1 change(s)
    DesktopBackground\Shell\Display\command : jos7\jos is the new owner
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command : 1 change(s)
    
    
    Elapsed Time: 00 00:00:00
    Done:        2, Modified        2, Failed        0, Syntax errors        0
    Last Done  : HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command
    DesktopBackground\Shell\Display : new ace for jos7\jos
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display : 1 change(s)
    DesktopBackground\Shell\Display\command : new ace for jos7\jos
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command : 1 change(s)
    
    Elapsed Time: 00 00:00:00
    Done:        2, Modified        2, Failed        0, Syntax errors        0
    Last Done  : HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command
    The operation completed successfully.
    Press any key to continue . . .
    Do you have more of this?
    See you have Reboot and Shutdown, Poweriso....

    Interesting!
    So, I can run this from runonce after install?
     
  4. searchengine

    searchengine Guest

    #4 searchengine, Feb 23, 2011
    Last edited by a moderator: Apr 20, 2017
    (OP)
    @woebetide...
    Good to see it works on x64bit OS :)

    Yes, you can run from runonce, after install.

    The PowerISO ... Reboot ... Shutdown on my right-click menu was done by regedit.

    Code:
    Windows Registry Editor Version 5.00
    
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\PowerISO >Open...]
    "Icon"="C:\\Program Files\\PowerISO\\PowerISO.exe"
    "Position"="Middle"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\PowerISO >Open...\command]
    @="C:\\Program Files\\PowerISO\\PowerISO.exe"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot]
    "Position"="Bottom"
    "Icon"="nircmd.exe,-2"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot\command]
    @="nircmd.exe exitwin reboot"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot >Safe]
    "Icon"="nircmd.exe,-2"
    "Position"="Bottom"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot >Safe\command]
    @="msconfig.exe -2"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\Shutdown]
    "Position"="Bottom"
    "Icon"="nircmd.exe,-1"
    
    [HKEY_CLASSES_ROOT\Directory\Background\shell\Shutdown\command]
    @="nircmd.exe exitwin poweroff"
    nircmd.exe was added to my "Windows" folder (not system32) for most of the reboot|shutdown actions, and I added the icons to nircmd.exe with Restorator. NIRCMD (x64 bit is available).

    In fact, if you want nircmd.exe (x64bit - with added icons), then you can get it here NIRCMD(x64)-edited

    subinacl... appears to be very powerful and useful, and can also take ownership and set permissions for directories and files.

    These links may give you some ideas for other uses, and alternative switches:-

    http://kurrajong.co.uk/cms/scripting/200809/SL54/

    http://blogs.msdn.com/b/astebner/archive/2006/09/04/739820.aspx

    I have just recently started testing subinacl functions & switches in virtual machine. :bye:
     
  5. woebetide

    woebetide MDL Member

    May 28, 2007
    240
    78
    10
    Thanks, Now i can also start to play with all this stuff in VM:)
     
  6. dasche

    dasche MDL Novice

    Jul 30, 2009
    3
    2
    0
    I used the same tool to reset windows registry permissions. I had problem install some adobe products. Here is a guide on how to reset windows registry permissions:

    techxe.com/tag/reset-registry-permissions

    hope this helps some one needy,

    regards
     
  7. ashish96

    ashish96 MDL Novice

    Sep 21, 2010
    32
    5
    0
    #7 ashish96, Mar 27, 2011
    Last edited: Mar 27, 2011
    hey mate
    You have nice tweaks applied to your context menu...
    I want nircmd.exe (x86 - with added icons),the link you have posted is expired....please re upload the .exe file if possible.I shall be very much grateful to you........:)
    thnx
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Compo

    Compo MDL Member

    Mar 29, 2011
    136
    106
    10
    #8 Compo, Aug 1, 2011
    Last edited by a moderator: Apr 20, 2017
    As well as the tool suggested in the opening post, you can also use SetACL.

    Example
    Code:
    SetACL.exe -on "HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Display" -ot reg -actn ace -ace "n:Administrators;p:full" -actn setowner -ownr "n:Administrators" -silent
    Reg Delete "HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Display" /f>nul