I'm attempting to programmatically change the owner of a registry key but I can't get it to work using a few different methods in CMD or PowerShell. Is this even possible?
The key is owned by "System". I need to delete it on a bunch of computers. I am able to successfully do this manually by doing the following:
- Open Key permissions > Advanced
- Change owner to myself
- Add a permission entry to give myself full control
- Select "replace owner of subcontainers and objects" and select "Replace all child object permission entries with interitable permission entries from this object".
- Delete the key
But doing this through a script does not work. I get an error at the first step of taking ownership that the "Access is denied" or something similar. Here are some of the methods I have tried:
CMD1:
reg add "HKEY_LOCAL_MACHINE\Path_To_Key\Key_Name" /f /t REG_SZ /d username /reg:64
ERROR: Access is denied.
CMD2:
takeown /f "HKEY_LOCAL_MACHINE\Path_To_Key\Key_Name"
ERROR: The system cannot find the path specified.
PS1:
$keyPath = "HKEY_LOCAL_MACHINE\SYSTEM\Path_To_Key\Key_Name"
$username = "username"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership)
$acl = $key.GetAccessControl()
$acl.SetOwner([System.Security.Principal.NTAccount] $username)
$key.SetAccessControl($acl)
$key.Close()
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $acl = $key.GetAccessControl()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
PS2:
$keyPath = "HKLM:\SYSTEM\Path_To_Key\Key_Name"
$owner = "YOUR_USERNAME"
# Take ownership
$key = [Microsoft.Win32.Registry]::OpenBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, [Microsoft.Win32.RegistryView]::Registry64).OpenSubKey($keyPath, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership)
$acl = $key.GetAccessControl()
$acl.SetOwner([System.Security.Principal.NTAccount] $owner)
[Microsoft.Win32.Registry]::SetAccessControl($keyPath, $acl)
Method invocation failed because [Microsoft.Win32.Registry] does not contain a method named 'OpenBaseKey'.
At line:5 char:1
+ $regKey = [Microsoft.Win32.Registry]::OpenBaseKey([Microsoft.Win32.Re ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
I have also looked at a few other options, including this suggestion but also got the error "You cannot call a method on a null-valued expression".
Additionally, I have tried deleting the key using a desktop management system, which I can launch command prompt as nt authority\system but I still get an error when deleting the key ERROR: Access is denied.
I imagine since I can do this manually with my admin account, there must be a way to do it through a script. Any thoughts would be greatly appreciated!