Can't be done, ACL is integral to Windows and is there for 'your protection'. Plus they made it so 2008 cannot install to FAT32 (avoiding NTFS style ACL's).
Anyways the best alternative for files/folders is the right click take ownership shell extension.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant *S-1-5-32-544:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant *S-1-5-32-544:F"
[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant *S-1-5-32-544:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant *S-1-5-32-544:F /t"
But for registry you'll have to learn how to take ownership from powershell. For instance this snip will allow me to delete a LOCKEDKEY.
$key = "registry::HKCU\Software\Microsoft\LOCKEDKEY"
$acl = Get-Acl -Path $key
$permission = 'Administrators','FullControl','ContainerInherit, ObjectInherit','None','Allow'
$accessRule = New-Object System.Security.Accesscontrol.RegistryAccessRule $permission;$acl.SetAccessRule($accessRule)
$acl | Set-Acl -Path $key
Remove-ItemProperty -Path $key
That is the way it works for the past 6 years with TrustedInstaller.
Alternatively you can spawn your regedit or batch scripts via TrustedInstaller token using a third party app like Devxexec.exe. This way you can avoid any permissions changes as TrustedInstaller has access to everything that you do not (and vice versa)
@ECHO OFF
devxexec.exe /user:TrustedInstaller regedit.exe
PAUSE
It's NOT an XY Problem. I don't want to deal with permissions during a particular session. There is NOTHING I can do when in that session that should not be allowed. I just want to act with confidence that actions I take will occur without any static from the OS about any sort of access restrictions There's no need for the OS to check, as I am in "god mode". I don't want Windows to protect me from myself. The particulars of the situation are beside the point, I am looking for a way to not care about permissions for a session or account. – ggb667 – 2017-02-22T16:24:59.433
I turned my comment from the accepted answer in to a full answer. If you want a way to run in "god mode" windows then launching Explorer as system will do that. – Scott Chamberlain – 2017-02-22T17:01:31.657
Not really. Even with files you may have to take ownership and set the ACLs, but it was really with regards to other things like deleting a printer or other things that I was concerned about. – ggb667 – 2017-02-27T19:26:23.803
2
This really sounds like a XY Problem, why don't you ask instead about the "obscure registry settings permissions" or even go to the even bigger picture and explain what you are trying to do that required you to change the registry in the first place.
– Scott Chamberlain – 2013-12-29T06:54:04.520