I have a problem with registry permissions. During using my PC it freeze because of SSD controller issue. After rebooting and replacing SATA for SSD - PC was able to recognize SSD and start Windows 8.1. But looks like permissions for services in registry are screwed. A lot of services couldn't start because of Access Denied
issue.
Process Monitor
says that they tried to access HKLM\System\CurrentControlSet\Control\
section. My typical permissions for registry nodes in that sections are:
Users > Read access
Administrators > Full Control access
SYSTEM > Full Control access
CREATOR OWNER > Full Control access
ALL APPLICATION PACKAGES > Full Control access
And service specific permissions are lost. I can restore permissions manually, for example i've added NT SERVICE\Dhcp
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
and then service was able to start fine. But it's hard to know what keys should be allowed to access by what services. I can use Process Monitor
to get this data, but it might be too long. Other way - I can give Everyone
user Full control
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
, but it's not secure way.
So is there any existing way to restore default permissions for services registry keys?
I've tried to restore it with secedit
, but it didn't help. I can also try to do Windows Repair from installation DVD, but it might take a lot of time. Maybe there is existing way for such things?
As another option i can make some simple tool that will analyze permissions from one correct computer, and then reset the same with my corrupted computer.
Windows System Restore was disabled, so i can't restore with it.
services
permissions. The essential Windows services and permissions are universal for a given OS release. In my situation, screwed up were Base Filtering Engine (fundamental to networking), Firewall, DHCP, and some helpers (Shared, Tcpip, Winsock2). I ended up addingLocal Service
for some,Network Service
for others, andEveryone
for a few where neither of the above worked.