Keys must only be accessible to the user they're intended for and no other account, service, or group. - **GUI:** - ***[File] Properties - Security - Advanced*** 1. Set ***Owner*** to the key's user 2. Remove all users, groups, and services, *except for the key's user*, under **_Permission Entries_** 3. Set key's user to **_Full Control_** <br> - **CLI:** <!-- language: lang-powershell --> :: Set Variable :: set key="C:\Path\to\key" :: Remove Inheritance :: cmd /c icacls %key% /c /t /inheritance:d :: Set Ownership to Owner :: cmd /c icacls %key% /c /t /grant %username%:F :: Remove All Users, except for Owner :: cmd /c icacls %key% /c /t /remove Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users :: Verify :: cmd /c icacls %key%