0

I am trying to delete the following registry key via CMD but am getting "ACCESS DENIED"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pastel

  1. The above registry cannot be deleted manually as it gives an error

  2. To deal with Permissions I've used PSExec and ran the following command as administrator, which brings up Registry Editor with supposedly full Permissions but I still cannot delete the registry key

    psexec -i -d -s c:\windows\regedit.exe

I am running Windows 7. How can I grant permission and delete the registry key from CMD using script or at Windows start-up?

Edit: Above registry and its sub-folders has following permissions.

CREATOR OWNER: Special Permissions ----> If I Disable Inheritance and change permission to grant full access as soon I hit OK and right click>permission the Full access resets to special permissions.

SYSTEM: Full Control, Read Administrators: Full Control, Read Users: Full Control, Read

Edit#2:

I've used following script but still no success

REM ----------------------------------------------------------------

cd /d %~dp0

@ECHO OFF

Title Replacing permissions on HKEY_CLASSES_ROOT\DesktopBackground\Shell\Display

setacl.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pastel" -ot reg -actn setowner -ownr "n:Administrators"

Pause

REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pastel /f

Pause

Exit

REM ----------------------------------------------------------------
Improve this question
9
  • If you open that key in regedt32.exe and right click permissions, what do you see?
    – DavidPostill
    Commented Jul 3, 2015 at 18:06
  • What are you actually trying to accomplish? This key does not exist on regular systems. In fact, this question is the only reference to it.
    – Daniel B
    Commented Jul 3, 2015 at 18:22
  • @DavidPostill I've updated question
    – LEO
    Commented Jul 4, 2015 at 6:58
  • @DanielB No that's not reference and this key doesn't exist on regular system, its left overs from a software after uninstalling. I want to remove these keys as they are causing trouble when I re-install that software.
    – LEO
    Commented Jul 4, 2015 at 7:03
  • @leo, I would try logging in using the default Administrator account (not as a user who is a member of the Administrators Group) and try from that account. The default Administrator has a few more privileges than created accounts in the Administrators Group.
    – DavidPostill
    Commented Jul 4, 2015 at 7:41

1 Answer 1

Reset to default
3

Hold control and shift when opening the command prompt. This will open the command prompt as an Administrator (probably after popping up a UAC dialog). Then you should have full rights to do whatever you want with the registry. Be EXTREMELY careful though, because messing with the registry is the quickest way to completely kill a Windows machine.

Edit:

Thanks to @DavidPostill I realize I should clarify some more. Some registry keys in Windows are set to the System group. In Windows, System is the level above Administrator (i.e. System has even more rights and power than Admin). Running psexec -s runs whatever options you supplied as System. However, only an Administrator has the permissions to execute anything as System. Psexec will not warn you of this (at least as of the last time I used it); it will just run with whatever the highest privileges it can, which is likely your user account's privileges. Executing psexec with -s from an Administrator shell should solve this problem.

Improve this answer
2
  • 1
    Not necessarily. Some keys have special permissions (for example full permissions only for SYSTEM) - this particular key could be one of them.
    – DavidPostill
    Commented Jul 3, 2015 at 18:03
  • also there exists a program out there called "run as system" which from an admin it can be used to run regedit, and will allow for deletion of most of the stubborn registry items that do not seem to change permission using the other methods.
    – Psycogeek
    Commented Jul 6, 2015 at 0:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .