1
I have a problem with registry permissions. During using my PC it freeze because of SSD controller issue. After rebooting and replacing SATA for SSD - PC was able to recognize SSD and start Windows 8.1. But looks like permissions for services in registry are screwed. A lot of services couldn't start because of Access Denied
issue.
Process Monitor
says that they tried to access HKLM\System\CurrentControlSet\Control\
section. My typical permissions for registry nodes in that sections are:
Users > Read access
Administrators > Full Control access
SYSTEM > Full Control access
CREATOR OWNER > Full Control access
ALL APPLICATION PACKAGES > Full Control access
And service specific permissions are lost. I can restore permissions manually, for example i've added NT SERVICE\Dhcp
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
and then service was able to start fine. But it's hard to know what keys should be allowed to access by what services. I can use Process Monitor
to get this data, but it might be too long. Other way - I can give Everyone
user Full control
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
, but it's not secure way.
So is there any existing way to restore default permissions for services registry keys?
I've tried to restore it with secedit
, but it didn't help. I can also try to do Windows Repair from installation DVD, but it might take a lot of time. Maybe there is existing way for such things?
As another option i can make some simple tool that will analyze permissions from one correct computer, and then reset the same with my corrupted computer.
Windows System Restore was disabled, so i can't restore with it.
It's the kind of task I'd give to Windows aio from tweaking. com - http://www.tweaking.com/content/page/windows_repair_all_in_one.html
– Tetsujin – 2015-10-12T10:13:41.963I'd suggest restoring your registry from a backup. – qasdfdsaq – 2015-10-12T11:06:58.860
I don't have backup, so in my case it would be Windows Repair or full reinstall, that still a way, but a long one :( – Sergey Litvinov – 2015-10-12T11:18:35.433
1This happened after some malware hijacked the services. After all traces of the software itself were gone, registry permissions were badly tweaked. I'm shocked there isn't some tool that simply resets
services
permissions. The essential Windows services and permissions are universal for a given OS release. In my situation, screwed up were Base Filtering Engine (fundamental to networking), Firewall, DHCP, and some helpers (Shared, Tcpip, Winsock2). I ended up addingLocal Service
for some,Network Service
for others, andEveryone
for a few where neither of the above worked. – BaseZen – 2018-09-01T15:15:01.173