Note:I am requesting a generalized procedure or methodology. I need to access protected areas of the registry. Please understand that I'm not (currently) seeking to fix a specific problem with the registry. I just want to be able to keep the standard security model in place while temporarily accessing protected entries. I'm unable to get any access to a specific subkey of HKLM:\SYSTEM\CurrentControlSet\Services\ unless I'm in safe mode. I understand this a protected registry key. How do I (temporarily) gain access to this key. I've tried a few things: 1) I am unable to view or change the securitydescriptors of this subkey with regedit. I cannot take ownership of the subkey nor can I force the subkey to inherit security permissions from its parent. 2) I cannot see this key with Powershell's get-childitems. Attempting to set-location to this key gives me "requested registry access is not allowed". 3) Using sysinternal's psexec.exe with the /s switch, I can get (what seems to be) a cmd.exe instance with the SYSTEM user's credentials. But "reg query <this key>" _still_ gives me Access Denied. 4) In Safe Mode when logged in as Administrator I do seem to have full access. (But I need to do this without rebooting) Is there some way to interact with the service providing protection to give temporary access to this key only?

Correction: I am NOT able to view or change the values or permissions on this key in Safe Mode either. (which is odd because I distinctly remember being able to view it in safe mode before...)

The only way to do this is to force a change of ownership from an elevated process and re-ACLing the key. Running regedit as Administrator and changing the ACLs should be sufficient. Doing this will quite likely compromise the security/stability of the system however, the keys have security protection on them for a very good reason.

Unfortunately, I've been unable to take ownership of this subkey. I cannot even view/query the ACL for it. I've tried doing this a few ways: RipT wrote: 1) I am unable to view or change the securitydescriptors of this subkey with regedit. I cannot take ownership of the subkey nor can I force the subkey to inherit security permissions from its parent. 1a) Running regedit as administrator is not helpful in this case. (I tried the ctrl+alt+enter key combination from the start menu and also tried the "run as administrator" option. I get the access denied error when: -- selecting the subkey in the tree view pane -- right-clicking and selecting Permissions. This message says that I cannot view the permissions but can make changes; however, -- attempting to add the Administrators or SYSTEM objects to the ACL in the permissions dialog -- attempting to change ownership of the subkey within the "Advanced Security Settings for <subkey>" dialog. -- setting the owner on the troublesome subkey's parent key with "Replace owner on subcontainers and objects" checked gives me "Registry Editor could not set owner on the key currently selected, or some of its subkeys." 1b) Running regedit as administrator in safe mode does not help. I get the same error messages as (1a) 1c) Running regedit as SYSTEM does not help. I get the same error messages as (1a). Note: it is possible to get regedit to run with SYSTEM credentials -- I believe this was in session 0 as well... I imagine this means that SYSTEM does not have access to this key either. (I will not describe how I did this unless asked by a Microsoft employee. I consider it an exploit and cannot recommend it! See (3a) below for a similar technique that is not exploitive but probably not supported.) RipT wrote: 3) Using sysinternal's psexec.exe with the /s switch, I can get (what seems to be) a cmd.exe instance with the SYSTEM user's credentials. But "reg query <this key>" _still_ gives me Access Denied. 3a) Technique (3) can be used to get a "limited functionality" cmd.exe windowwith SYSTEM credentials in session 0. I have been unable to spawn any but the simplist processes out of it. e.g. regedit runs but no window is shown. *Carefull with this!* I think my next step will be to attempt to write an installer with settings to change the permissions on this subkey. This seems to be the only way to get TrustedInstaller credentials. @AndyCadley: Thank you for your reply. If you have some more time, could you take another look at this problem? I can't seem to get anyone's attension. Am I missing something simple? ------- "Help, help, I'm being repressed!"

RipT wrote: I think my next step will be to attempt to write an installer with settings to change the permissions on this subkey. This seems to be the only way to get TrustedInstaller credentials. Ack! I hope I can find some other resources. Look at this one about MSI and UAC interaction during the installation process: http://blogs.msdn.com/rflaming/archive/2006/09/21/765452.aspx ClickOnce?!

It might help if you could give a specifc example of a key that exhibits this behaviour. I can't find any under Services that suffers from this (though maybe I missed it). There are some elsewherethat belong to the Plug and Play manager, in which case you really need to go through the official driver management APIs to ensure that the driver cache remains consistent.

Actually, I am having this issue now, in case anyone else has a suggestion. I have a service called Device Lock that I cannot remove. the key is under Current Control Set\Services and is called Device Lock. I'm sure the intention is to keep anyone from removing the service, but I am the administrator and should be able to remove it. Jim McBee - Blog - http://mostlyexchange.blogspot.com

I've got a Microsoft Visual Studio 2005 Professional Edition - ENU SP 1 installer that's giving me: Error 1402. Could not open key: UNKNOWN\Components\994894662D421934AA4C6858AC3FE81\0E8BA73496BF22242B086AF4D32E5219 Verify that you have sufficient access to that key, or contact your support personnel. I believe that maps to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\994894662D4219345AA4C6858AC3FE81\0E8BA73496BF22242B086AF4D32E5219 Which, when selected, right-clicked and "Permissions", gives me "No groups or users have permission to access this object. However, the owner of this object can assign permissions". Attempts to set an owner on the key gives me "access denied".