take ownership of reg key and all subkeys?

Discussion in 'Windows 10' started by RanCorX2, Feb 28, 2018.

  1. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    does anyone know the best way to get full access to locked registry key via a batch file? i tried subinacl but although it said keys were modified, when i checked them in regedit, the owner was still not administrators and only read access was set.
     
  2. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    2,233
    5,278
    90
    1) Use SetACL to takeownership of file or folder or registry.

    2) Use NSudo to run your batch file, will give Trusted Installer Privilege.


     
  3. kaljukass

    kaljukass MDL Addicted

    Nov 26, 2012
    902
    310
    30
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    does anyone know the command for setacl to take ownership or a key and subkeys? i tried setacl in the past but failed to find the exact commands i needed.
     
  5. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    2,233
    5,278
    90
    Code:
    ::-------------------------------------------------------------------------------------------
    :: Function to Take Ownership of Files
    :: Input Parameters [ %~1 : Wildcard file Names ]
    ::-------------------------------------------------------------------------------------------
    :TakeFilesOwnership
    
    :: Changing Ownership and Setting File Permissions
    for /f "tokens=*" %%i in ('dir %1%2 /b /s') do (
        :: Changing File Ownership
        "%SetACL%" -on "%%i" -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" >nul
    
        :: Setting File Permissons
        "%SetACL%" -on "%%i" -ot file -actn ace -ace "n:S-1-5-32-544;s:y;p:full" >nul
    )
    
    goto :eof
    ::-------------------------------------------------------------------------------------------
    
    ::-------------------------------------------------------------------------------------------
    :: Function to Take Ownership of Files or Folders That Have to be Replaced/Deleted Recursively
    :: Input Parameters [ %~1 : File Name or Folder Name ]
    ::-------------------------------------------------------------------------------------------
    :TakeFilesFoldersOwnerShip
    
    :: Changing Ownership of Files or Folders Permissions.
    %SetACL% -on "%~1" -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec cont_obj >nul
    
    :: Setting Files or Folders Permissions.
    %SetACL% -on "%~1" -ot file -actn ace -ace "n:S-1-5-32-544;s:y;p:full" -rec cont_obj >nul
    
    goto :eof
    ::-------------------------------------------------------------------------------------------
    
    ::-------------------------------------------------------------------------------------------
    :: Function to Take Ownership of File or Folder
    :: Input Parameters [ %~1 : file Name or Folder Name ]
    ::-------------------------------------------------------------------------------------------
    :TakeFileFolderOwnership
    
    :: Changing Ownership of Fle or Folder Permission
    "%SetACL%" -on "%~1" -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" >nul
    
    :: Setting File or Folder Permission
    "%SetACL%" -on "%~1" -ot file -actn ace -ace "n:S-1-5-32-544;s:y;p:full" >nul
    
    goto :eof
    ::-------------------------------------------------------------------------------------------
    
    ::-------------------------------------------------------------------------------------------
    :: Function to Take Ownership of Image Registy Key
    :: Input Parameters [ %~1 : Image Registry Key Path ]
    ::-------------------------------------------------------------------------------------------
    :TakeRegistryOwnership
    
    :: Changing Image Registry Key Ownership
    "%SetACL%" -on "%~1" -ot reg -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec yes >nul
    
    :: Setting Image Registry Key Permission
    "%SetACL%" -on "%~1" -ot reg -actn ace -ace "n:S-1-5-32-544;s:y;p:full" -rec yes >nul
    
    goto :eof
    ::-------------------------------------------------------------------------------------------
    
    
    Where %SetACL% is a variable containing the path to the SetACL.exe

     
  6. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    thanks but is there something a bit clearer to understand? reg permissions via batch files has always gone over my head.

    I just want full access to a key and it's sub keys with the owner set to administrators i don't fully understand setacl.
     
  7. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    how do i use nsudo? i tried to get it to run a batch file and it keeps opening command prompt.
     
  8. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    2,233
    5,278
    90
    If you directly use the SetACL.exe then the command will be like:

    Code:
    SetACL.exe -on "HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final" -ot reg -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec yes
    
    SetACL.exe -on "HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final" -ot reg -actn ace -ace "n:S-1-5-32-544;s:y;p:full" -rec yes
    
    
    If you use the function I had posted earlier then the command would be like:

    Code:
    call :TakeRegistryOwnership "HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final"
    
    The above commands takes registry ownership of the key HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final and it's sub-keys.


    Use NSudo.exe -U:T -P:E <Executable-File> where <Executable-File> can be any executable file like .bat, .cmd, .exe, .com

    I suggest you to use NSudo to run your batch files so that it takes care of file/registry permissions.

     
  9. sebus

    sebus MDL Guru

    Jul 23, 2008
    5,900
    1,791
    180
    Nsudo is definitely the easiest, most elegant option!
     
  10. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    still can't get nsudo working, it just opens a cmd prompt when i try run a batch.
     
  11. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    Thanks for the reg commands, that's exactly what I wanted.
     
  12. eddo2018

    eddo2018 MDL Junior Member

    Jan 6, 2018
    68
    31
    0

    The idea is that using nsudo you don't need to mess the registry permissions and ownership at all. Just launch regedit from the cmd yo're getting then you can delete and add any key or value.

    The same is applicable for the filesystem. Launch (say) YXexplorer with nsudo and you will be able to delete any file.

    It's easier to do than to explain.
     
  13. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    866
    427
    30
    now that i know how to use setacl i'm just using that now, now i can run my batches without any run as ti apps, they just didn't work for what i wanted to do, runasti wouldn't run a batch file unless it was on the desktop or in the root of a drive, if i tried running it from a folder it would just flash up and close...really annoying.