Keys must only be accessible to the user they're intended for and no other account, service, or group. - **GUI:** - ***[File] Properties - Security - Advanced*** 1. Set ***Owner*** to the key's user 2. Remove all users, groups, and services, *except for the key's user*, under **_Permission Entries_** 3. Set key's user to **_Full Control_** <br> - **CLI:** <pre><code powershell> :: Set Variable :: set key="C:\Path\to\key" :: Remove Inheritance :: cmd /c icacls %key% /c /t /inheritance:d :: Set Ownership to Owner :: cmd /c icacls %key% /c /t /grant %username%:F :: Remove All Users, except for Owner :: cmd /c icacls %key% /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users ; cmd /c icacls %key% </code></pre> - While the last command will remove all possible users on almost all systems, still verify