I have a problem with registry permissions. During using my PC it freeze because of SSD controller issue. After rebooting and replacing SATA for SSD – PC was able to recognize SSD and start Windows 8.1. But looks like permissions for services in registry are screwed. A lot of services couldn't start because of Access Denied
issue.
Process Monitor
says that they tried to access HKLM\System\CurrentControlSet\Control\
section. My typical permissions for registry nodes in that sections are:
Users > Read access
Administrators > Full Control access
SYSTEM > Full Control access
CREATOR OWNER > Full Control access
ALL APPLICATION PACKAGES > Full Control access
And service specific permissions are lost. I can restore permissions manually, for example i've added NT SERVICE\Dhcp
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
and then service was able to start fine. But it's hard to know what keys should be allowed to access by what services. I can use Process Monitor
to get this data, but it might be too long. Other way – I can give Everyone
user Full control
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
, but it's not secure way.
So is there any existing way to restore default permissions for services registry keys?
I've tried to restore it with secedit
, but it didn't help. I can also try to do Windows Repair from installation DVD, but it might take a lot of time. Maybe there is existing way for such things?
As another option i can make some simple tool that will analyze permissions from one correct computer, and then reset the same with my corrupted computer.
Windows System Restore was disabled, so i can't restore with it.
Best Answer
Instead of looking for a permissions rollback, I will try to give a different point of view to solve that specific problem that I quoted.
You could try to give the necessary user permissions to the entire service's registry key tree with SetACL application, which you could download here (it's freeware):
https://helgeklein.com/download/
Steps
Perform a restoration point, otherwise open the command prompt (CMD.exe) and run these orders to make a backup of the service key tree:
And:
(it will be saved as a registry script in the current user's desktop)
Run these commands to take ownership and also full acces of your current user on the registry key trees:
And:
Restart the PC and see if it resulted in the expected access denial removal.