Keys must only be accessible to the user they're intended for and no other account, service, or group.

- **GUI:**
  - ***[File] Properties - Security - Advanced***
    1. Set ***Owner*** to the key's user
    2. Remove all users, groups, and services, *except for the key's user*, under **_Permission Entries_**
    3. Set key's user to **_Full Control_**

<br>

 - **CLI:**
  <pre><code powershell>
  :: Set Variable ::
  set key="C:\Path\to\key"

  :: Remove Inheritance ::
  cmd /c icacls %key% /c /t /inheritance:d

  :: Set Ownership to Owner ::
  cmd /c icacls %key% /c /t /grant %username%:F

  :: Remove All Users, except for Owner ::
  cmd /c icacls %key%  /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users ; cmd /c icacls %key%
  </code></pre>

 - While the last command will remove all possible users on almost all systems, still verify