+ Post New Thread
Results 1 to 5 of 5
Scripts Thread, Script a changing of the owner on regkeys? in Coding and Web Development; ...
  1. #1
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    334
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    24

    Script a changing of the owner on regkeys?

    I am having some problems with sophos so have needed to uninstall and reinstall it. Because Sophos can be a pain to uninstall on some workstation, Sophos tech support has supplied me with a script that un installs Sophos to apply on startup.

    I am still having problems uninstalling with the script on a number of workstations. And I found that there seem to be some corrupt reg keys that it canít delete.

    When I manually load regedit and try to delete the keys I still canít. I then checked the permissions and the owner of the reg keys did not exist. After adding a owner I could manually delete the corrupt keys.

    Is there any way to script a changing of the owner on regkeys? I did look at regini.exe but that only changes permissions and not the owner.

  2. #2

    Join Date
    Jul 2007
    Location
    Devon
    Posts
    233
    Thank Post
    8
    Thanked 9 Times in 8 Posts
    Rep Power
    16
    I've just looked into this to prevent NetSupport School and other programs changing the DCI key to disable DirectX

    The way I went about it was to use the Security Tool snap-in, change the bits I wanted, then remove all the trash and deploy this to the machines using a batch file - worked very well.

    Batch Files: SeCEdit - Security Configuration Editor

  3. Thanks to Lithium from:

    MicrodigitUK (3rd December 2008)

  4. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    You can also use group policy to change permissions on a registry key - given that you want to delete the key, I'd just set the permissions to "everyone - full control"

    subinacl and setacl can also do reg permission but the syntax is hard :-)

  5. Thanks to srochford from:

    MicrodigitUK (3rd December 2008)

  6. #4

    Join Date
    Nov 2008
    Location
    Cape Wrath
    Posts
    32
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    17
    Script to add Administrators group and SYSTEM account to all keys. NOTE: This is just adding!

    Please make a full backup of the computer before using this script.

    1. Download and install SubInACL - Download details: SubInACL (SubInACL.exe)

    2. Create a file named reset.cmd in C:\Program Files\Windows Resource Kits\Tools folder.

    3. Edit the reset.cmd file with the following content.

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=system=f

    4. Enter the following command into the Run... box under the Start Menu:

    "C:\Program Files\Windows Resource Kits\Tools\reset.cmd"

    5. After a few minutes by processing subinacl, the permission will be reset.
    (Errors will pop up about keys that the script does not have permission to change, this is normal behaviour)




    FYI:

    "setowner=owner" will change the owner of the object e.g.
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=MyDomain\Administrators

  7. Thanks to PcDude from:

    MicrodigitUK (3rd December 2008)

  8. #5
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    334
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    24
    I have tried the "SECEDIT" method but on the owner tab the "Replace Owner on subcontainers and objects" tick box that is normally on the bottom if you go through advanced permeations on regedit is not available. This means that I still canít change the owner on the corrupted reg keys using this method.

    I then tried the "subinacl" method and it worked like a dream. Below is the actual command I used in the end.

    Code:
    "%programfiles%\Windows Resource Kits\Tools\subinacl" /subkeyreg HKEY_LOCAL_MACHINE\Software\sophos /setowner=Administrators /grant=everyone=f
    Thanks everyone for the help.

SHARE:
+ Post New Thread

Similar Threads

  1. ProFTPD owner of files
    By Mintsoft in forum *nix
    Replies: 13
    Last Post: 1st November 2010, 01:17 PM
  2. Replies: 9
    Last Post: 12th September 2008, 08:53 AM
  3. Changing passwords for SIMS users by script
    By academic_mwnci in forum MIS Systems
    Replies: 2
    Last Post: 3rd September 2008, 12:02 AM
  4. Logon script & Printer script question.
    By Galway in forum Windows
    Replies: 3
    Last Post: 29th August 2007, 11:00 AM
  5. Resolution Changing for RM
    By Mintsoft in forum Windows
    Replies: 17
    Last Post: 10th May 2006, 07:39 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •