Today in this tutorial, we are going to share a few methods which will allow you to take ownership and grant permission and full control on any Registry key in Windows from command line.
All of these methods will work in all Windows versions!
METHOD 1: Take Ownership of Registry Keys Using SetACL Utility
This is the best way to take ownership of Registry keys as well as any file or folder from command line in Windows. This method will work 100% in all Windows versions.
SetACL is a 3rd party free utility which basically works like a DOS command. You just need to download the utility file and then run the required commands in Command Prompt to take ownership of any desired Registry key.
STEP 1:
First of all download the SetACL Utility from following link:
Just click on the EXE version given for Administrators to download the correct file.
STEP 2:
you'll get 2 versions of the utility: one for 32-bit Windows edition and the other for 64-bit Windows edition. use accoring to your Machine Bit.
STEP 3:
Now there are 2 ways to use this utility. You can either keep the SetACL.exe file anywhere you want for example E:\SetACL folder and then open Command Prompt window as Administrator and then use the full path of SetACL command E:\SetACL\SetACL.exe to run the command. Or you can copy the SetACL.exe file to C:\Windows\System32 folder which will allow you to use the SetACL command from anywhere. We'll advise you to copy the EXE file to C:\Windows\System32 folder so that you can open Command Prompt as Administrator from anywhere and can run SetACL command directly without any problem.
STEP 4:
Now once you have copied the SetACL.exe file, its time to use the command to take ownership of Registry keys. SetACL command can be executed using following syntax in Command Prompt opened as Administrator:
SetACL -on name -ot type -actn action
Now lets talk about the syntax in details:
The terms given in Bold will remain intact and the terms given in Italic will change as following:
-on: This parameter requires to provide the name and full path of a file or a folder or a Registry key which you want to take ownership of.
-ot: This parameter requires to provide object type. If you want to take ownership of a file or folder, then set object type as file. If you want to take ownership of Registry key, set object type as reg
-actn: This parameter requires to provide action details i.e. what action do you want to perform on the mentioned object. There are many possible values for -actn parameter. Since we are going to use SetACL command to take ownership and grant permission on Registry keys, we'll use setowner and ace values only.
To better understand the command syntax, lets take an example:
Suppose we want to take ownership of HKEY_CLASSES_ROOT\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder key in Registry Editor, then we'll need to run SetACL command in Command Prompt in 2 parts as given below:
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder" -ot reg -actn setowner -ownr "n:Administrators"SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder" -ot reg -actn ace -ace "n:Administrators;p:full"
First command will make Administrator as the owner of the Registry key and the second command will grant full permission and control to Administrator on the key.
So you just need to replace the Registry key mentioned inside double-quotes ("") with your desired Registry key in both commands and then open Command Prompt as Administrator and run both commands one by one. It'll automatically take ownership and assign full permission and control on that Registry key.
METHOD 2: Take Ownership of Registry Keys Using SubInACL Utility
This is an official command-line tool released by Microsoft which can be used to view and change security information, ownership, permissions, etc of files, folders, Registry keys, services, etc in Windows operating system.
Although the tool was released for Windows 2000, XP and Server 2003 but it can be used in newer Windows versions as well.
You can use this tool with the help of following steps:
STEP 1:
First of all download the SubInACL utility from following link:
STEP 2:
Its an MSI installer file which copies the SubInACL.exe file to "C:\Program Files (x86)\Windows Resource Kits\Tools\" folder in 64-bit Windows editions and to "C:\Program Files\Windows Resource Kits\Tools\" folder in 32-bit Windows editions.
Alternatively, you can extract the MSI file using 7-Zip to direct use SubInACL.exe file without installing it.
STEP 3:
Similar to SetACL utility, you can either keep the SubInACL.exe file in "Program Files" folder then open Command Prompt window as Administrator and then use CD command to activate the "Program Files\Windows Resource Kits\Tools\" folder containing SubInACL.exe file to use the command. Or you can copy the SubInACL.exe file to C:\Windows\System32 folder which will allow you to use the SubInACL command from anywhere. We'll advise you to copy the EXE file to C:\Windows\System32 folder so that you can open Command Prompt as Administrator from anywhere and can run SubInACL.exe command directly without any problem.
STEP 4:
Now its time to learn how to use the SubInACL.exe command. You can run the command using following syntax in Command Prompt window opened as Administrator:
SubInACL /type name /action
Now lets talk about the syntax in details:
/type: Replace type with the correct object type. If you want to take ownership of a file or folder, then replace type with file and if you want to take ownership of a Registry key, replace type with keyreg or subkeyreg. The difference between keyreg and subkeyreg is that keyreg only takes ownership of the defined Registry key but the subkeyreg will take ownership of the defined key as well as all sub-keys present under it.
name: Replace this parameter with the name and full path of the file, folder or Registry key.
/action: This parameter requires to define the action which will be taken on the object. Since we are going to take ownership of the Registry key and then grant full permission and control on the key, we'll use /setowner=administrators /grant=administrators=f as the action.
Again lets take an example to better understand the command syntax:
SUBINACL /keyreg "HKEY_CLASSES_ROOT\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder" /setowner=administrators /grant=administrators=f
The above mentioned command will make Administrator as the owner of the Registry key and will grant full permission and control to Administrator on the key.
So you just need to replace the Registry key mentioned inside double-quotes ("") with your desired Registry key in the command and then open Command Prompt as Administrator and run the command. It'll automatically take ownership and assign full permission and control on that Registry key.
PS: To know about all parameters of SubInACL command, just run the SubInACL /helpcommand in Command Prompt and it'll provide full list of the complete syntax and parameters.
METHOD 3: Set Permissions on Registry Keys Using Built-in REGINI Command
This command comes bundled with Windows OS and can be used to set permissions on Registry keys. Using this command is very simple. You first need to create a script with required parameters in Notepad and save the script as .txt file and then run REGINI command with correct parameters to grant full permissions on the desired Registry key.
STEP 1:
First open Notepad and provide desired Registry key name and desired permission set aka ACL (Access Control List) using following format:
Key_name [ACL]
Replace Key_name with the desired key name but make sure you provide the Registry key name with correct syntax as following:
\Registry\machine\software\classes (for HKEY_CLASSES_ROOT key)
\Registry\machine ( for HKEY_LOCAL_MACHINE key)
\Registry\user\user_sid (for HKEY_CURRENT_USER key) (replace user_sid with the correct Security ID associated with user)
\Registry\user (for HKEY_USERS key)
So if we talk about our previous example, the Registry key "HKEY_CLASSES_ROOT\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder" will be given as following in the script file:
\Registry\machine\software\classes\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder
Replace ACL with the desired permission set which can be chosen from following list:
1 (to provide Administrators Full Access)
2 (to provide Administrators Read Access)
3 (to provide Administrators Read and Write Access )
4 (to provide Administrators Read, Write and Delete Access)
5 (to provide Creator/Owner Full Access)
6 (to provide Creator/Owner Read and Write Access)
7 (to provide Everyone Full Access)
8 (to provide Everyone Read Access)
9 (to provide Everyone Read and Write Access)
10 (to provide Everyone Read, Write and Delete Access)
17 (to provide System Full Access)
18 (to provide System Read and Write Access)
19 (to provide System Read Access)
Now [ACL] in the script file can be set as any desired set, for example:
[1 6 9 17]
Above mentioned ACL will grant full control to Administrators and System and read and write access to creator and everyone groups.
So the script file content will look like as following:
\Registry\machine\software\classes\CLSID\{679f85cb-0220-4080-b29b-5540cc05aab6}\ShellFolder [1 6 9 17]
You can use any combination of ACL according to your requirements.
NOTE: Remember the existing permissions on the defined Registry key will be replaced by the new permissions set given by you in the script. So make sure to include permissions for all accounts. If you forget to include permissions for an account such as SYSTEM account, it'll be deleted from the accounts list present in that Registry key permissions.
STEP 2:
Save the file with any desired name for example ACL.TXT and then open Command Prompt as Administrator and run following command:
REGINI full_path_of_script_file
If you saved the script file in E:\drive, then command will be as following:
REGINI E:\ACL.TXT
That's it. It'll immediately change the permissions on the mentioned Registry key.
=== === === === === === === === ===
That's it. Method 1 is the most efficient and 100% working method to take ownership and grant full permissions and control on any Registry key in any Windows version. If you have any doubts, feel free to ask it in your comment...
0 comments:
Post a Comment