Keys must only be accessible to the user they're intended for and no other account, service, or group.

- **GUI:**
  - ***[File] Properties - Security - Advanced***
    1. Set ***Owner*** to the key's user
    2. Remove all users, groups, and services, *except for the key's user*, under **_Permission Entries_**
    3. Set key's user to **_Full Control_**

<br>

 - **CLI:**

    <!-- language: lang-powershell -->

        :: Set Variable ::
        set key="C:\Path\to\key"
    
        :: Remove Inheritance ::
        cmd /c icacls %key% /c /t /inheritance:d
    
        :: Set Ownership to Owner ::
        cmd /c icacls %key% /c /t /grant %username%:F
    
        :: Remove All Users, except for Owner ::
        cmd /c icacls %key%  /c /t /remove Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users

        :: Verify ::
        cmd /c icacls %key%