2
The Short and the Sweet:
Is there any way to truly disable the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts in Win7?
On the affected systems, users should NOT be able to set their own associations, so that inability is not a liability here. But it's not enough to bar users; that's easy. I also need to bar Windows itself from writing to the key, and not even SYSTEM read-only permissions have proven able to do that (see end of post).
The Long and the Ugly:
Have a situation on Win7 Pro SP1, updated (critical only) through October 2017. VLC and various editing apps are used for audio and video files. Unfortunately, for a couple of types of files I need Windows Media Player as a viewer, so I can't get rid of the stinker, and that's a problem. I've got a very carefully configured set of multimedia file extensions set up using normal extensions and filetypeIDs in HKLM\Software\Classes. I install VLC and editing apps without allowing any of them to associate with anything, and I then create all the associations and context-menu entries myself, eliminating a lot of their own and native Microsoft context-menu clutter in the process to facilitate a better workflow.
The problem with this idyllic dream is that Windows Media Player makes an end-run around my config by hijacking asscoations with the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts. If you just delete the key, Windows simply recreates it and repopulates it. So I need to completely disable/lock the FileExts registry key so that it doesn't disrupt the careful setup I've configured.
But this isn't just a WMP issue: additional programs can cause the same type of problem with their respective file types. I have a similar issue with graphics applications. So please do not offer solutions that simply handle WMP. I need a solution that completely disables the user-choice override offered via the FileExts key. In other words, I need to make the FileExts key inaccessible to not just everyone but everything.
It doesn't matter if this causes me to lose some program's functionality down the road: if some app won't set up its associations the right way in HKLM\Software\Classes, I'll do it myself. So please, no finger-wagging at me over that issue. The fact is that FileExts is utterly unnecessary for Win7 to run. It's even unnecessary for WMP to run--the only thing it does is allow Microsoft a way to sink its claws in deep so it's really difficult to wrest control away from the apps it wants you to use (e.g. WMP). Well, OK, it also allows users an easy GUI way to set associations for single file types. But as I noted above in the TL/DR, that's not an issue here.
What I've attempted: after taking ownership of the key and then deleting everything under it, I imposed read-only permissions on both SYSTEM and the administrators group to no avail (first Deny everything, then give back Query Value, Enumerate subkeys, Notify, Read Control). That should have locked down the key like an iron chastity belt, but no dice. Despite the fact that the warning message says that Deny permissions will trump everything else, they don't. At next system restart, FileExts once again displays its hundred-odd default entries.
So is there a way to empty and then genuinely bar this key, or has M$ made it impossible?
This is a Q&A site frequented by users able to grasp the reason for your question. There's no need to litter it with pre-emptive strikes against negative reactions you've not received. – I say Reinstate Monica – 2017-11-12T05:07:30.347
Didn't mean to give offense. It just seems that there's always at least one responder who insists on telling you to leave well enough alone, Microsoft designed it that way for a good reason, etc. And those people just get in the way. Don't want to annoy anyone who might have the solution, though, so if an apology is needed, you have it. – Ironword – 2017-11-12T06:26:20.220
Your edit is all that was needed. – I say Reinstate Monica – 2017-11-12T13:42:16.880