does anyone know the best way to get full access to locked registry key via a batch file? i tried subinacl but although it said keys were modified, when i checked them in regedit, the owner was still not administrators and only read access was set.
1) Use SetACL to takeownership of file or folder or registry. 2) Use NSudo to run your batch file, will give Trusted Installer Privilege.
does anyone know the command for setacl to take ownership or a key and subkeys? i tried setacl in the past but failed to find the exact commands i needed.
Code: ::------------------------------------------------------------------------------------------- :: Function to Take Ownership of Files :: Input Parameters [ %~1 : Wildcard file Names ] ::------------------------------------------------------------------------------------------- :TakeFilesOwnership :: Changing Ownership and Setting File Permissions for /f "tokens=*" %%i in ('dir %1%2 /b /s') do ( :: Changing File Ownership "%SetACL%" -on "%%i" -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" >nul :: Setting File Permissons "%SetACL%" -on "%%i" -ot file -actn ace -ace "n:S-1-5-32-544;s:y;p:full" >nul ) goto :eof ::------------------------------------------------------------------------------------------- ::------------------------------------------------------------------------------------------- :: Function to Take Ownership of Files or Folders That Have to be Replaced/Deleted Recursively :: Input Parameters [ %~1 : File Name or Folder Name ] ::------------------------------------------------------------------------------------------- :TakeFilesFoldersOwnerShip :: Changing Ownership of Files or Folders Permissions. %SetACL% -on "%~1" -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec cont_obj >nul :: Setting Files or Folders Permissions. %SetACL% -on "%~1" -ot file -actn ace -ace "n:S-1-5-32-544;s:y;p:full" -rec cont_obj >nul goto :eof ::------------------------------------------------------------------------------------------- ::------------------------------------------------------------------------------------------- :: Function to Take Ownership of File or Folder :: Input Parameters [ %~1 : file Name or Folder Name ] ::------------------------------------------------------------------------------------------- :TakeFileFolderOwnership :: Changing Ownership of Fle or Folder Permission "%SetACL%" -on "%~1" -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" >nul :: Setting File or Folder Permission "%SetACL%" -on "%~1" -ot file -actn ace -ace "n:S-1-5-32-544;s:y;p:full" >nul goto :eof ::------------------------------------------------------------------------------------------- ::------------------------------------------------------------------------------------------- :: Function to Take Ownership of Image Registy Key :: Input Parameters [ %~1 : Image Registry Key Path ] ::------------------------------------------------------------------------------------------- :TakeRegistryOwnership :: Changing Image Registry Key Ownership "%SetACL%" -on "%~1" -ot reg -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec yes >nul :: Setting Image Registry Key Permission "%SetACL%" -on "%~1" -ot reg -actn ace -ace "n:S-1-5-32-544;s:y;p:full" -rec yes >nul goto :eof ::------------------------------------------------------------------------------------------- Where %SetACL% is a variable containing the path to the SetACL.exe
thanks but is there something a bit clearer to understand? reg permissions via batch files has always gone over my head. I just want full access to a key and it's sub keys with the owner set to administrators i don't fully understand setacl.
If you directly use the SetACL.exe then the command will be like: Code: SetACL.exe -on "HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final" -ot reg -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec yes SetACL.exe -on "HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final" -ot reg -actn ace -ace "n:S-1-5-32-544;s:y;p:full" -rec yes If you use the function I had posted earlier then the command would be like: Code: call :TakeRegistryOwnership "HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final" The above commands takes registry ownership of the key HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final and it's sub-keys. Use NSudo.exe -U:T -P:E <Executable-File> where <Executable-File> can be any executable file like .bat, .cmd, .exe, .com I suggest you to use NSudo to run your batch files so that it takes care of file/registry permissions.
The idea is that using nsudo you don't need to mess the registry permissions and ownership at all. Just launch regedit from the cmd yo're getting then you can delete and add any key or value. The same is applicable for the filesystem. Launch (say) YXexplorer with nsudo and you will be able to delete any file. It's easier to do than to explain.
now that i know how to use setacl i'm just using that now, now i can run my batches without any run as ti apps, they just didn't work for what i wanted to do, runasti wouldn't run a batch file unless it was on the desktop or in the root of a drive, if i tried running it from a folder it would just flash up and close...really annoying.