I wanted to delete some registry keys by command line during Windows 7 installation, but the keys in question are owned by "TRUSTED INSTALLER" and user does not have permissions to delete the reg keys. Googling pointed me towards SUBINACL ... The original version of subinacl.exe shipped with the Windows Resource Kit was buggy, A better, non buggy version can be downloaded from the Microsoft website. Microsoft - Subinacl or you can download the extracted exe from .msi installer here Extracted - Subinacl Example of "subinacl" Useage:- Copy "subinacl.exe" to system32 folder Example below removes "Screen Resolution" from Win 7 right-click menu. The Example .cmd file script does as follows:- 1. check if "subinacl.exe" exists in system32 2. take ownership of "subinacl.exe" 3. grant permissions to "subinacl.exe" 4. setting owner of reg key and any sub keys 5. granting owner "FULL" permission of reg key and any sub keys 6. deleting reg key and any sub keys Example .cmd file script:- Code: @echo off if exist %windir%\system32\subinacl.exe ( takeown /F %windir%\system32\subinacl.exe >nul icacls %windir%\system32\subinacl.exe /GRANT *S-1-1-0:F >nul subinacl /subkeyreg HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display /setowner=%username% >nul subinacl /subkeyreg HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display /grant=%username%=F >nul reg delete "HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display" /f >nul ) exit since adding subinacl.exe to my system32 folder, I can now take control of reg keys previously owned by "TRUSTED INSTALLER" using command line. p.s. My testing of subinacl.exe was performed on 32bit OS
Problem on x64 system Code: SUCCESS: The file (or folder): "E:\Windows\system32\subinacl.exe" now owned by user "jos7\jos". processed file: E:\Windows\system32\subinacl.exe Successfully processed 1 files; Failed processing 0 files DesktopBackground\Shell\Display : new ace for jos7\jos HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display - RegSetKeySecurity Error : 5 Access is denied. DesktopBackground\Shell\Display\command : new ace for jos7\jos HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command - RegSetKeySecurity Error : 5 Access is de nied. Elapsed Time: 00 00:00:00 Done: 2, Modified 0, Failed 2, Syntax errors 0 Last Done : HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command Last Failed: HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command - RegSetKeySecurity Error : 5 Access is denied. ERROR: Access is denied.
Ok, checked the script and forgot 1 line Now works 100% on x64! Code: SUCCESS: The file (or folder): "E:\Windows\system32\subinacl.exe" now owned by user "jos7\jos". processed file: E:\Windows\system32\subinacl.exe Successfully processed 1 files; Failed processing 0 files DesktopBackground\Shell\Display : jos7\jos is the new owner HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display : 1 change(s) DesktopBackground\Shell\Display\command : jos7\jos is the new owner HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command : 1 change(s) Elapsed Time: 00 00:00:00 Done: 2, Modified 2, Failed 0, Syntax errors 0 Last Done : HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command DesktopBackground\Shell\Display : new ace for jos7\jos HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display : 1 change(s) DesktopBackground\Shell\Display\command : new ace for jos7\jos HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command : 1 change(s) Elapsed Time: 00 00:00:00 Done: 2, Modified 2, Failed 0, Syntax errors 0 Last Done : HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display\command The operation completed successfully. Press any key to continue . . . Do you have more of this? See you have Reboot and Shutdown, Poweriso.... Interesting! So, I can run this from runonce after install?
@woebetide... Good to see it works on x64bit OS Yes, you can run from runonce, after install. The PowerISO ... Reboot ... Shutdown on my right-click menu was done by regedit. Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\Background\shell\PowerISO >Open...] "Icon"="C:\\Program Files\\PowerISO\\PowerISO.exe" "Position"="Middle" [HKEY_CLASSES_ROOT\Directory\Background\shell\PowerISO >Open...\command] @="C:\\Program Files\\PowerISO\\PowerISO.exe" [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot] "Position"="Bottom" "Icon"="nircmd.exe,-2" [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot\command] @="nircmd.exe exitwin reboot" [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot >Safe] "Icon"="nircmd.exe,-2" "Position"="Bottom" [HKEY_CLASSES_ROOT\Directory\Background\shell\Reboot >Safe\command] @="msconfig.exe -2" [HKEY_CLASSES_ROOT\Directory\Background\shell\Shutdown] "Position"="Bottom" "Icon"="nircmd.exe,-1" [HKEY_CLASSES_ROOT\Directory\Background\shell\Shutdown\command] @="nircmd.exe exitwin poweroff" nircmd.exe was added to my "Windows" folder (not system32) for most of the reboot|shutdown actions, and I added the icons to nircmd.exe with Restorator. NIRCMD (x64 bit is available). In fact, if you want nircmd.exe (x64bit - with added icons), then you can get it here NIRCMD(x64)-edited subinacl... appears to be very powerful and useful, and can also take ownership and set permissions for directories and files. These links may give you some ideas for other uses, and alternative switches:- http://kurrajong.co.uk/cms/scripting/200809/SL54/ http://blogs.msdn.com/b/astebner/archive/2006/09/04/739820.aspx I have just recently started testing subinacl functions & switches in virtual machine.
I used the same tool to reset windows registry permissions. I had problem install some adobe products. Here is a guide on how to reset windows registry permissions: techxe.com/tag/reset-registry-permissions hope this helps some one needy, regards
hey mate You have nice tweaks applied to your context menu... I want nircmd.exe (x86 - with added icons),the link you have posted is expired....please re upload the .exe file if possible.I shall be very much grateful to you........ thnx
As well as the tool suggested in the opening post, you can also use SetACL. Example Code: SetACL.exe -on "HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Display" -ot reg -actn ace -ace "n:Administrators;p:full" -actn setowner -ownr "n:Administrators" -silent Reg Delete "HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Display" /f>nul