When you set EVERYONE DENY permissions you receive a warning that only the OWNER of the key will be able to change permissions or access it. On my Windows 10 system, the owner is SYSTEM
. In most cases, it would be either SYSTEM
, TRUSTED INSTALLER
, or ADMINISTRATORS
.
Therefore, we can fix this issue by running regedit
as SYSTEM
. In order to do so, we need to download pstools and extract the tools to a folder on your computer. On my system, I extracted them to D:\Downloads
.
Now, we want to run Regedit as SYSTEM. To do this, open an administrative command prompt and change directories to where you expanded the PSTOOLS file (CD D:\Downloads
). In that folder, is psexec.
We will run the command psexec -i -s regedit.exe
and Regedit will open.
Regedit is now running as the SYSTEM user. Therefore, HKEY_CURRENT_USER is not YOUR registry, it is the SYSTEM registry. Now we have to navigate to your registry key. We will find that under HKEY_USERS. This key holds the registry of all currently mounted (logged in) user registries.
Within HKEY_USERS you will find a series of keys that start with S-1-5-xxx and so on. The longer keys that end in -1001, -1002, etc. are your logged on users. Expand each one to find the one that corresponds with your user registry. You can open the Environment
key under each one and you will most likely see an item with the name of what user the key is associated with. By this method you can find the right S-1-5-xxx key. At the very least, you can open each one, and check the permissions of Control Panel\Keyboard.
You will definitely find which one has the bad permissions on it.
Now that you know how to find the Control Panel\Keyboard
key that corresponds with your user account you can simply right-click it and change permissions. Remove the EVERYONE DENIED permission.
On a side note, the system is able to continue to make changes to the key because SYSTEM owns the key. If you are trying to prevent the system from making changes to this key, then what you want to do is change the ownership of the key to your own user name. Then deny SYSTEM from making changes to the key. However, you cannot deny "Full control" to SYSTEM or the system won't even be able to read the key and no telling what will happen. Instead, you will need to go to "Advanced permissions" and deny the "Set Value" permission.
psexec -i -s regedit.exe
and you'll be able to change permissions.