1
I have a very stubborn registry key which is impossible to delete or access:
HKLM\Software\Symantec\Symantec Endpoint Protection\CurrentVersion
. When I try to open it in regedit
, it says "An error is preventing this key from being opened. Details: The system cannot find the file specified."
When I try to delete the whole branch, all I get is "Error while deleting key"
.
Following some advice I found elsewhere, I tried downloading the RegDelNull utility from Sysinternals, but scanning the whole HKLM
tree did not reveal any items to delete. However, when I specified the entire path to the bad key, I got the following message:
"A null context handle was passed from the client to the host during a remote procedure call."
Why did regedit complain about being unable to find the file specified? Is it something related to the way registry entries are stored?
More importantly, how do I delete the keys when they cannot even be deleted by the utility made for precisely this purpose?
What is the path to the key, and do you have permissions for it? – Jonno – 2016-02-12T15:05:43.290
Key added. Being the admin of the system, I have all the permissions I should need. – JohnEye – 2016-02-12T15:11:27.707
Not necessarily - registry keys have their own permissions (right click -> Permissions). Make sure administrators/your account has permission to modify. – Jonno – 2016-02-12T15:12:14.357
A permission problem would manifest differently though, wouldn't it? I have checked though and have both read and write permissions set to Allow for the account I'm using. – JohnEye – 2016-02-12T15:14:20.333
Some keys need "full access," not just read-write. For my system builds, there's at least one registry key I have to go give full access to my account (or all accounts). – bgStack15 – 2016-02-12T16:39:10.090
Sorry, what I meant to say is that I have "Read" and "Full control" privileges. There's no "Write" permission, apparently my brain just made that up when seeing "Read" :-) – JohnEye – 2016-02-12T16:43:51.977
You did pass the
-s
flag to RegDelNull, right? Can you use RegEdit's Permissions UI to take ownership of the key? – Ben N – 2016-02-12T16:59:53.130Is Symantec EP still installed/running on the system? – Ƭᴇcʜιᴇ007 – 2016-02-12T18:05:44.957
You may have to change the owner in permissions for that registry key. – Moab – 2016-02-12T22:11:00.213
@BenN: Sure I did. The owner is the Administrators group which I am a member of. – JohnEye – 2016-02-15T16:12:37.357
@Ƭᴇcʜιᴇ007: No, it was removed, although apparently not as cleanly as I would like it to be. – JohnEye – 2016-02-15T16:13:17.443