2

There is a way via a CLI or GUI application to grant Admin rights to ALL the keys/Values of an entire registry Hive (like System, SAM, ntuser.dat, etc)?

The problem is that I'm using the Dism tool provided by Microsoft to service and deploy Windows, I'm trying to perform some Dism operations that removes pre-installed packages from a WIM image that I've previouslly mounted, I'm able to remove few packages but for most of them Dism reports me that I have access denied to touch the Hives, so I suppose that to properlly remove some packages Dism needs to update or delete keys from the WIM Hives, then I need to grant Admin rights to those keys!

I normally use SetACL application to grant Admin rights on a single or multiple keys/values of the local Registry, but for a Hive I don't have idea how to.

PS: I've wasted days trying to investigate and search for information but by the moment I didn't find ANY existing information related to how to perform this operation, why?, why there is no (or at least not easy to found) information about this kind of operation over all the World Wide Web?, I'm miss understanding the real problem or doing something wrong?.

This is the command that I'm using:

.\Dism.exe /Remove-Package /PackageName:"(name)" /Image:"(mounted dir)" /English /LogPath:"(file.log)" /LogLevel:"2"

And this is a sample from the log which is full of this kind of Hive Errors:

2014-04-12 04:29:18, Error CBS Only package owners can remove package: Checkpoint-VpnPlugin-Package~31bf3856ad364e35~amd64~es-ES~6.3.9600.16384 [HRESULT = 0x80070005 - E_ACCESSDENIED]

2014-04-12 04:29:18, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/WinMount/Windows/System32/config/SOFTWARE, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]

2014-04-12 04:29:18, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/WinMount/Windows/System32/config/SYSTEM, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]

2014-04-12 04:29:18, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/WinMount/Windows/System32/config/SECURITY, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]

2014-04-12 04:29:18, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/WinMount/Users/default/ntuser.dat, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]

I'm douing all this in a VirtualMachine.

I don't know if it matters but notice that I have granted full Admin rights on all the files and folders of the mounted directory, I can copy/write/delete from system-restricted directories, I mean that seems I don't have any problem with the files rights.

Improve this question
2
  • 1
    Are you running any anti virus? Turn off all AV programs or maybe you are not running the cmd line as administrator when you execute dism
    – Logman
    Commented Apr 12, 2014 at 3:01
  • @Logman no I don't have any AV installed in the VM (even I disabled Windows Defender), and I'm running the account as Admin, also I log session from the hidden Administrator account which has all rights, thanks for comment!
    – ElektroStudios
    Commented Apr 12, 2014 at 13:08

1 Answer 1

Reset to default
2

What you want to do doesn't work out of the box. You get E_ACCESSDENIED becasue the packages still belong to a Windows Edition. You must kill that dependency first.

There is already a tool out for a while which does all steps for you.

Run install_wim_tweak.exe /p <MountPath> /l to enum all packages. Now run install_wim_tweak.exe /p <MountPath> /c FEATURE /r to kill it.

Example:

install_wim_tweak.exe /p "C:\Mount" /c Microsoft-Hyper-V /r

This kills all Hyper-V related features from the mounted WIM in folder C:\Mount.

Improve this answer
3
  • 1
    Thankyou for your help, I would like to mark your answer as the accepted one but I still having a relative problem, the wimtweak tool is not able to remove packages from my WIM (it says that removal success without throwing any error but really are not removed, packages still installed after) but I've solved it just using the command wimtweak.exe /p <MountPath> to take rights + mount registry, then to remove packages I use DISM (yes now DISM can remove packages successfully after using that single wimtweak command), the problem is, how to cleanup the image after packages are removed?
    – ElektroStudios
    Commented Apr 12, 2014 at 16:28
  • I mean that I would like to clean the WinSXS directory after removing all the packages to remove the associated files of removed packages, but if I try the DISM command with the parameters /CleanUp-Image /StartComponentCleanup after removing all the packages DISM says me that I can't cleanup 'cause pending packages operations. I'm lost. Please, could you help me?
    – ElektroStudios
    Commented Apr 12, 2014 at 16:29
  • 1
    this is correct. Removing the packages requires some changes which can be only done when the is Windows running. And running the cleanup command requires that there are no pending changes.
    – magicandre1981
    Commented Apr 12, 2014 at 19:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .