Script a changing of the owner on regkeys?

MicrodigitUK · 02-12-2008, 03:24 PM

I am having some problems with sophos so have needed to uninstall and reinstall it. Because Sophos can be a pain to uninstall on some workstation, Sophos tech support has supplied me with a script that un installs Sophos to apply on startup.

I am still having problems uninstalling with the script on a number of workstations. And I found that there seem to be some corrupt reg keys that it can’t delete.

When I manually load regedit and try to delete the keys I still can’t. I then checked the permissions and the owner of the reg keys did not exist. After adding a owner I could manually delete the corrupt keys.

Is there any way to script a changing of the owner on regkeys? I did look at regini.exe but that only changes permissions and not the owner.

Lithium · 02-12-2008, 04:29 PM

I've just looked into this to prevent NetSupport School and other programs changing the DCI key to disable DirectX

The way I went about it was to use the Security Tool snap-in, change the bits I wanted, then remove all the trash and deploy this to the machines using a batch file - worked very well.

Batch Files: SeCEdit - Security Configuration Editor

srochford · 02-12-2008, 04:45 PM

You can also use group policy to change permissions on a registry key - given that you want to delete the key, I'd just set the permissions to "everyone - full control"

subinacl and setacl can also do reg permission but the syntax is hard :-)

PcDude · 03-12-2008, 10:17 AM

Script to add Administrators group and SYSTEM account to all keys. NOTE: This is just adding!

Please make a full backup of the computer before using this script.

1. Download and install SubInACL - Download details: SubInACL (SubInACL.exe)

2. Create a file named reset.cmd in C:\Program Files\Windows Resource Kits\Tools folder.
????: EduGeek.net Forums http://www.edugeek.net/forums/scripts/27424-script-changing-owner-regkeys.html

3. Edit the reset.cmd file with the following content.

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

4. Enter the following command into the Run... box under the Start Menu:

"C:\Program Files\Windows Resource Kits\Tools\reset.cmd"

5. After a few minutes by processing subinacl, the permission will be reset.
(Errors will pop up about keys that the script does not have permission to change, this is normal behaviour)

FYI:

"setowner=owner" will change the owner of the object e.g.
subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=MyDomain\Administrators

MicrodigitUK · 03-12-2008, 01:05 PM

I have tried the "SECEDIT" method but on the owner tab the "Replace Owner on subcontainers and objects" tick box that is normally on the bottom if you go through advanced permeations on regedit is not available. This means that I still can’t change the owner on the corrupted reg keys using this method.

I then tried the "subinacl" method and it worked like a dream. Below is the actual command I used in the end.

Code:

"%programfiles%\Windows Resource Kits\Tools\subinacl" /subkeyreg HKEY_LOCAL_MACHINE\Software\sophos /setowner=Administrators /grant=everyone=f

Thanks everyone for the help.

Welcome, Register for free! or Login below:
User Name		Remember Me?
Password

02-12-2008, 03:24 PM	#1
MicrodigitUK Join Date: May 2007 Location: Wiltshire (Sheldon/John of Gaunt) Posts: 88 Thanks: 4 Thanked 7 Times in 6 Posts Rep Power: 6	Script a changing of the owner on regkeys? I am having some problems with sophos so have needed to uninstall and reinstall it. Because Sophos can be a pain to uninstall on some workstation, Sophos tech support has supplied me with a script that un installs Sophos to apply on startup. I am still having problems uninstalling with the script on a number of workstations. And I found that there seem to be some corrupt reg keys that it can’t delete. When I manually load regedit and try to delete the keys I still can’t. I then checked the permissions and the owner of the reg keys did not exist. After adding a owner I could manually delete the corrupt keys. Is there any way to script a changing of the owner on regkeys? I did look at regini.exe but that only changes permissions and not the owner.

03-12-2008, 01:05 PM	#5
MicrodigitUK Join Date: May 2007 Location: Wiltshire (Sheldon/John of Gaunt) Posts: 88 Thanks: 4 Thanked 7 Times in 6 Posts Rep Power: 6	I have tried the "SECEDIT" method but on the owner tab the "Replace Owner on subcontainers and objects" tick box that is normally on the bottom if you go through advanced permeations on regedit is not available. This means that I still can’t change the owner on the corrupted reg keys using this method. I then tried the "subinacl" method and it worked like a dream. Below is the actual command I used in the end. Code: "%programfiles%\Windows Resource Kits\Tools\subinacl" /subkeyreg HKEY_LOCAL_MACHINE\Software\sophos /setowner=Administrators /grant=everyone=f Thanks everyone for the help.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Script or method of changing 'department' in all users in an OU	Ben_Stanton	Scripts	9	12-09-2008 08:53 AM
Changing passwords for SIMS users by script	academic_mwnci	MIS Systems	3	04-09-2008 10:52 AM
ProFTPD owner of files	Mintsoft	*nix	12	28-11-2007 01:55 PM
Logon script & Printer script question.	Galway	Windows	3	29-08-2007 11:00 AM
Resolution Changing for RM	Mintsoft	Windows	17	10-05-2006 07:39 AM

Thread Tools	Search Thread
Show Printable Version Email this Page	Search Thread: Advanced Search

		EduGeek.net Forums > Coding and Web Development > Scripts
Script a changing of the owner on regkeys?

02-12-2008, 04:29 PM	#2
Lithium Join Date: Jul 2007 Location: Devon Posts: 234 Thanks: 8 Thanked 9 Times in 8 Posts Rep Power: 5	I've just looked into this to prevent NetSupport School and other programs changing the DCI key to disable DirectX The way I went about it was to use the Security Tool snap-in, change the bits I wanted, then remove all the trash and deploy this to the machines using a batch file - worked very well. Batch Files: SeCEdit - Security Configuration Editor

02-12-2008, 04:45 PM	#3
srochford Join Date: Aug 2005 Location: London Posts: 1,698 Thanks: 9 Thanked 200 Times in 178 Posts Blog Entries: 1 Rep Power: 47	You can also use group policy to change permissions on a registry key - given that you want to delete the key, I'd just set the permissions to "everyone - full control" subinacl and setacl can also do reg permission but the syntax is hard :-)

03-12-2008, 10:17 AM	#4
PcDude Join Date: Nov 2008 Location: Cape Wrath Posts: 29 Thanks: 0 Thanked 3 Times in 3 Posts Rep Power: 2	Script to add Administrators group and SYSTEM account to all keys. NOTE: This is just adding! Please make a full backup of the computer before using this script. 1. Download and install SubInACL - Download details: SubInACL (SubInACL.exe) 2. Create a file named reset.cmd in C:\Program Files\Windows Resource Kits\Tools folder. ????: EduGeek.net Forums http://www.edugeek.net/forums/scripts/27424-script-changing-owner-regkeys.html 3. Edit the reset.cmd file with the following content. subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f subinacl /subdirectories %SystemDrive% /grant=administrators=f subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f subinacl /subdirectories %SystemDrive% /grant=system=f 4. Enter the following command into the Run... box under the Start Menu: "C:\Program Files\Windows Resource Kits\Tools\reset.cmd" 5. After a few minutes by processing subinacl, the permission will be reset. (Errors will pop up about keys that the script does not have permission to change, this is normal behaviour) FYI: "setowner=owner" will change the owner of the object e.g. subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=MyDomain\Administrators

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)