1
1
Windows 7 workstation,
Launch 'regedit.exe' as 'Administrator'
Find the following registry key:
HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}
Right click and select 'Permissions' Change owner to administrators group. Change permissions for administrators group. Grant Full Control. I get an error saying:
unable to save permission, access denied
Why do get access denied when I run as administrator?
reza
Posted 2012-10-25T23:50:59.497
Reputation: 245
6
Administrator does not mean "you get all rights to do anything." Administrator happens to be an account (or in your case, most likely the Local Administrators group) which by default is given some sensitive privileges like SeDebugPrivilege and similar. However, as far as the security subsystem is concerned, it is just an account. (Very much unlike root in Unix-like operating systems) If you aren't the owner of the key in question, and your account does not have WRITE_DAC access to the registry key in question, then you won't be able to change the access control list on the key in question.
Try taking ownership first. By default, the local administrators group has SeTakeOwnershipPrivilege, which allows taking ownership of any object even without the WRITE_OWNER permission being granted by the object's discretionary access control list. Once you are the owner, you should be implicitly granted READ_CONTROL (which allows you to read the security descriptor on the object in question), and WRITE_DAC (which allows you to write to the DACL on the key in question). (Assuming the OWNER_RIGHTS SID isn't in use; that's extremely unlikely)
Billy ONeal
Posted 2012-10-25T23:50:59.497
Reputation: 7 021
Apologies for awakening a dead question, but how exactly do you "take ownership"? What do you mean by that? – Fund Monica's Lawsuit – 2015-01-05T22:15:25.070
1@newbiedoodle: Make a security descriptor with yourself as the owner (InitializeSecurityDescriptor / SetSecurityDescriptorOwner), and call SetSecurityInfo / SetNamedSecurityInfo or similar with it. – Billy ONeal – 2015-01-05T22:19:32.940
@newbie: Sorry, was responding as if it were a StackOverflow question. :) In the registry editor go to the security editor and click "Advanced" and owner is listed at the top. – Billy ONeal – 2015-01-05T22:21:15.737
@BillyONeal Eh, still got it. It took a little more Googling, but same thing. Thanks again. – Fund Monica's Lawsuit – 2015-01-05T22:25:56.083
What is the UAC set for? – None – 2012-10-25T23:52:05.940
Are you on a domain? If so, the domain security settings may be restricting you. – None – 2012-10-25T23:52:54.847