3
1
I have this method to block registry keys and prevent accidental or deliberate deletion or rewriting, either by a user or by malware
example of keys:
"HKEY_CLASSES_ROOT\Applications\cmd.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\cmd.exe"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment\ComSpec"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment\PATHEXT"
etc.
Protect keys: Create a c:\protect.txt with this content:
HKEY_CLASSES_ROOT\Applications\cmd.exe [2 19]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\cmd.exe [2 19]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment\ComSpec [2 19]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment\PATHEXT [2 19]
etc
And execute command
regini c:\block.txt
Question: How I can reverse these changes?
Important Note: What I want is a solution to automate the process with batch (a ".bat" to block and a ".bat" to reverse/restore original permission).. but first read or export keys permission to restore
Thanks a lot.
When I create a new registry key, it is created without administrative permissions (only special permits). In the case of existing keys (to avoid complicating the batch script), what I do is determine which permissions have these keys when you originally and restoration, rather than put to 1-17 key, I put the number corresponding to the original value of permits. Thanks – BrianC – 2016-07-09T23:31:29.100
I would like to know the key permissions via cmd.exe – BrianC – 2016-07-09T23:49:07.307
@brianc You need to find a copy of
regdmp
. Unfortunatelyregdmp
is no longer downloadable from Microsoft. – DavidPostill – 2016-07-09T23:51:39.093Maybe with this i solved the problem.. testing. Thanks
– BrianC – 2016-07-10T00:07:36.140