1

I have a problem with registry permissions. During using my PC it freeze because of SSD controller issue. After rebooting and replacing SATA for SSD - PC was able to recognize SSD and start Windows 8.1. But looks like permissions for services in registry are screwed. A lot of services couldn't start because of Access Denied issue.

Process Monitor says that they tried to access HKLM\System\CurrentControlSet\Control\ section. My typical permissions for registry nodes in that sections are:

Users > Read access
Administrators > Full Control access
SYSTEM > Full Control access
CREATOR OWNER  > Full Control access
ALL APPLICATION PACKAGES  > Full Control access

And service specific permissions are lost. I can restore permissions manually, for example i've added NT SERVICE\Dhcp to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp and then service was able to start fine. But it's hard to know what keys should be allowed to access by what services. I can use Process Monitor to get this data, but it might be too long. Other way - I can give Everyone user Full control to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\, but it's not secure way.

So is there any existing way to restore default permissions for services registry keys? I've tried to restore it with secedit, but it didn't help. I can also try to do Windows Repair from installation DVD, but it might take a lot of time. Maybe there is existing way for such things?

As another option i can make some simple tool that will analyze permissions from one correct computer, and then reset the same with my corrupted computer.

Windows System Restore was disabled, so i can't restore with it.

Improve this question
4
  • It's the kind of task I'd give to Windows aio from tweaking. com - tweaking.com/content/page/windows_repair_all_in_one.html
    – Tetsujin
    Commented Oct 12, 2015 at 10:13
  • I'd suggest restoring your registry from a backup.
    – qasdfdsaq
    Commented Oct 12, 2015 at 11:06
  • I don't have backup, so in my case it would be Windows Repair or full reinstall, that still a way, but a long one :(
    – Sergey Litvinov
    Commented Oct 12, 2015 at 11:18
  • 1
    This happened after some malware hijacked the services. After all traces of the software itself were gone, registry permissions were badly tweaked. I'm shocked there isn't some tool that simply resets services permissions. The essential Windows services and permissions are universal for a given OS release. In my situation, screwed up were Base Filtering Engine (fundamental to networking), Firewall, DHCP, and some helpers (Shared, Tcpip, Winsock2). I ended up adding Local Service for some, Network Service for others, and Everyone for a few where neither of the above worked.
    – BaseZen
    Commented Sep 1, 2018 at 15:15

1 Answer 1

Reset to default
1

A lot of services couldn't start because of Access Denied issue.

Instead of looking for a permissions rollback, I will try to give a different point of view to solve that specific problem that I quoted.

You could try to give the necessary user permissions to the entire service's registry key tree with SetACL application, which you could download here (it's freeware):

https://helgeklein.com/download/

Steps

  1. Perform a restoration point, otherwise open the command prompt (CMD.exe) and run these orders to make a backup of the service key tree:

    Reg.exe Export "HKLM\SYSTEM\CurrentControlSet\Services" "%Userprofile%\Desktop\CurrentControlSet.reg"

    And:

    Reg.exe Export "HKLM\SYSTEM\ControlSet001\Services" "%Userprofile%\Desktop\ControlSet001.reg"

    (it will be saved as a registry script in the current user's desktop)

  2. Run these commands to take ownership and also full acces of your current user on the registry key trees:

    "SetACL.exe" -on "HKLM\SYSTEM\CurrentControlSet\Services" -ot "reg" -ownr "n:%UserName%"        -rec "Yes" -actn "setowner" -silent
"SetACL.exe" -on "HKLM\SYSTEM\CurrentControlSet\Services" -ot "reg" -ace  "n:%UserName%;p:full" -rec "Yes" -actn "ace"      -silent

    And:

    "SetACL.exe" -on "HKLM\SYSTEM\ControlSet001\Services" -ot "reg" -ownr "n:%UserName%"        -rec "Yes" -actn "setowner" -silent
"SetACL.exe" -on "HKLM\SYSTEM\ControlSet001\Services" -ot "reg" -ace  "n:%UserName%;p:full" -rec "Yes" -actn "ace"      -silent

  3. Restart the PC and see if it resulted in the expected access denial removal.

Improve this answer
1
  • 1
    Thanks! But the problem with such approach is that each service has own user. For example DCHP Client services has NT SERVICE\Dhcp user, and a lot of services also has own users. And i dont want to manually run for each of them such update..
    – Sergey Litvinov
    Commented Oct 12, 2015 at 9:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .