Trouble deleting registry using CMD

0

1

I am trying to delete the following registry key via CMD but am getting "ACCESS DENIED"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pastel

  1. The above registry cannot be deleted manually as it gives an error

  2. To deal with Permissions I've used PSExec and ran the following command as administrator, which brings up Registry Editor with supposedly full Permissions but I still cannot delete the registry key

    psexec -i -d -s c:\windows\regedit.exe

I am running Windows 7. How can I grant permission and delete the registry key from CMD using script or at Windows start-up?

Edit: Above registry and its sub-folders has following permissions.

CREATOR OWNER: Special Permissions ----> If I Disable Inheritance and change permission to grant full access as soon I hit OK and right click>permission the Full access resets to special permissions.

SYSTEM: Full Control, Read Administrators: Full Control, Read Users: Full Control, Read

Edit#2:

I've used following script but still no success

REM ----------------------------------------------------------------

cd /d %~dp0

@ECHO OFF

Title Replacing permissions on HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display

setacl.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pastel" -ot reg -actn setowner -ownr "n:Administrators"

Pause

REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pastel /f

Pause

Exit

REM ----------------------------------------------------------------

LEO

Posted 2015-07-03T17:49:57.330

Reputation: 33

If you open that key in regedt32.exe and right click permissions, what do you see? – DavidPostill – 2015-07-03T18:06:33.130

What are you actually trying to accomplish? This key does not exist on regular systems. In fact, this question is the only reference to it. – Daniel B – 2015-07-03T18:22:15.093

@DavidPostill I've updated question – LEO – 2015-07-04T06:58:28.050

@DanielB No that's not reference and this key doesn't exist on regular system, its left overs from a software after uninstalling. I want to remove these keys as they are causing trouble when I re-install that software. – LEO – 2015-07-04T07:03:36.613

@leo, I would try logging in using the default Administrator account (not as a user who is a member of the Administrators Group) and try from that account. The default Administrator has a few more privileges than created accounts in the Administrators Group. – DavidPostill – 2015-07-04T07:41:12.927

@DavidPostill I have same issue with PC running window 8 what should I do with that, by the it didn't worked using default Admin account on Win 7 – LEO – 2015-07-04T14:56:49.453

@leo. No idea, other that using one of the many progrmas that clean up bad installs, for example http://www.iobit.com/en/advanceduninstaller.php or http://www.revouninstaller.com/revo_uninstaller_free_download.html

– DavidPostill – 2015-07-04T14:59:11.820

it can be done via regedit by changing permissions: first change the ownership to your current account, then add permissions for it, but no idea how to do it via command line. Per your command line, seems that only owner is changed but permission is not added. – Chris.C – 2015-07-04T18:53:02.460

@Chris.C how to change ownership and permissions plz tell me what are the steps. – LEO – 2015-07-05T11:20:20.050

Answers

2

Hold control and shift when opening the command prompt. This will open the command prompt as an Administrator (probably after popping up a UAC dialog). Then you should have full rights to do whatever you want with the registry. Be EXTREMELY careful though, because messing with the registry is the quickest way to completely kill a Windows machine.

Edit:

Thanks to @DavidPostill I realize I should clarify some more. Some registry keys in Windows are set to the System group. In Windows, System is the level above Administrator (i.e. System has even more rights and power than Admin). Running psexec -s runs whatever options you supplied as System. However, only an Administrator has the permissions to execute anything as System. Psexec will not warn you of this (at least as of the last time I used it); it will just run with whatever the highest privileges it can, which is likely your user account's privileges. Executing psexec with -s from an Administrator shell should solve this problem.

Garrett

Posted 2015-07-03T17:49:57.330

Reputation: 386

1Not necessarily. Some keys have special permissions (for example full permissions only for SYSTEM) - this particular key could be one of them. – DavidPostill – 2015-07-03T18:03:42.753

also there exists a program out there called "run as system" which from an admin it can be used to run regedit, and will allow for deletion of most of the stubborn registry items that do not seem to change permission using the other methods. – Psycogeek – 2015-07-06T00:44:17.187

Asked: 2015-07-03T17:49:57.330

Viewed: 935 times

Active: 2019-03-18T17:44:00.807