Windows – Restore default Windows registry permissions for services section

permissionsrestoreserviceswindows 8.1windows-registry

I have a problem with registry permissions. During using my PC it freeze because of SSD controller issue. After rebooting and replacing SATA for SSD – PC was able to recognize SSD and start Windows 8.1. But looks like permissions for services in registry are screwed. A lot of services couldn't start because of Access Denied issue.

Process Monitor says that they tried to access HKLM\System\CurrentControlSet\Control\ section. My typical permissions for registry nodes in that sections are:

Users > Read access
Administrators > Full Control access
SYSTEM > Full Control access
CREATOR OWNER  > Full Control access
ALL APPLICATION PACKAGES  > Full Control access

And service specific permissions are lost. I can restore permissions manually, for example i've added NT SERVICE\Dhcp to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp and then service was able to start fine. But it's hard to know what keys should be allowed to access by what services. I can use Process Monitor to get this data, but it might be too long. Other way – I can give Everyone user Full control to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\, but it's not secure way.

So is there any existing way to restore default permissions for services registry keys?
I've tried to restore it with secedit, but it didn't help. I can also try to do Windows Repair from installation DVD, but it might take a lot of time. Maybe there is existing way for such things?

As another option i can make some simple tool that will analyze permissions from one correct computer, and then reset the same with my corrupted computer.

Windows System Restore was disabled, so i can't restore with it.

Best Answer

A lot of services couldn't start because of Access Denied issue.

Instead of looking for a permissions rollback, I will try to give a different point of view to solve that specific problem that I quoted.

You could try to give the necessary user permissions to the entire service's registry key tree with SetACL application, which you could download here (it's freeware):

https://helgeklein.com/download/

Steps

  1. Perform a restoration point, otherwise open the command prompt (CMD.exe) and run these orders to make a backup of the service key tree:

    Reg.exe Export "HKLM\SYSTEM\CurrentControlSet\Services" "%Userprofile%\Desktop\CurrentControlSet.reg"

    And:

    Reg.exe Export "HKLM\SYSTEM\ControlSet001\Services" "%Userprofile%\Desktop\ControlSet001.reg"

    (it will be saved as a registry script in the current user's desktop)

  2. Run these commands to take ownership and also full acces of your current user on the registry key trees:

    "SetACL.exe" -on "HKLM\SYSTEM\CurrentControlSet\Services" -ot "reg" -ownr "n:%UserName%"        -rec "Yes" -actn "setowner" -silent
"SetACL.exe" -on "HKLM\SYSTEM\CurrentControlSet\Services" -ot "reg" -ace  "n:%UserName%;p:full" -rec "Yes" -actn "ace"      -silent

    And:

    "SetACL.exe" -on "HKLM\SYSTEM\ControlSet001\Services" -ot "reg" -ownr "n:%UserName%"        -rec "Yes" -actn "setowner" -silent
"SetACL.exe" -on "HKLM\SYSTEM\ControlSet001\Services" -ot "reg" -ace  "n:%UserName%;p:full" -rec "Yes" -actn "ace"      -silent

  3. Restart the PC and see if it resulted in the expected access denial removal.

Related Question