I am trying to install a hot fix for Visual Studio 2008, but each time the install fails, and the report in the log file is that the installer does not have access to:
\\HKLM\Software\Classes\.map\OpenWithProgids
If I load regedit.exe I can't access that key, I get an "Access denied" error.
- I am a member of "Administrators"
- I am the only non-system account on the machine
- I have rebooted
- I have "Run as Administrator" on the installer and on regedit.exe
- I have enabled the Administrator account and logged on as such
- I have tried to give myself permissions to the key
- I have tried to give SYSTEM permissions to the key
- I have tried to take ownership of the key
I don't know what else to try, I am locked out of my own registry!
Help!
Edit:
I'm using Windows 7
Best Answer
Ok, I run into the same problem and found another working solution.
My unaccessible key, was a Properties Subkey of a ControlSet class; it was impossible to take own of, nor to show the current owner, with lot of popup error boxes from regedit when trying anything on it.
That was the locked key in my case:
(Note: it's usually the same while accessing it from CurrentControlSet, but not in that fixing solution, read forth why I'm accessing that way).
I was directed to that key, while getting lot of SysMon logs lines of ACCESS DENIED from SvcHost on the specific class key.
Edit: my situations trying to access that key, and regedit errors, were exactly those depicted by all the screen shots in this MS forum post.
As of 2020, it seems that the RegDACL tool from Heysoft, suggested above by Josh Compley, is being no more available. Then I've think of another solution.
I've instead used Process Hacker (https://processhacker.sourceforge.io) using his menu "Hacker - Run As" function to start a Regedit running with username SYSTEM (NTAUTHORITY\SYSTEM).
(That tool is more or less an evolution of well known Process Explorer by SysInternals, with some added/increased functionality. You will notice that, to be able do that, it builds and then deletes a temporary elevated service; it reports diligently this to you by itself, by means of toast messages from his tray icon, about services creation and deletion).
(Note that this is not the only way to do this. There's other tools too. Read at end of my post).
Then, with this SYSTEM elevated Regedit opened, and after moving to ControlSet001 for the reasons told below, and after reading the Caveats also below:
ControlSet
Note that, while being in Regedit elevated with the SYSTEM user, CurrentControlSet were not showing the sub-keys expected, and especially the one I was interested into, while at same time, the ControlSet001 showed to have the expected content.
Maybe, Ccs will take a different Current Control Set, depending on the current running user.
Anyway, having noticed this, I used ControlSet001 to make my changes, and all went well.
Caveats
Be careful and extremely cautions anyway: by using this SYSTEM elevated Regedit, you could do practically everything, and this is a big danger.
I could be able to read (and probably modify, I have't tried) any normally secured sections, as the SECURITY hive sub-keys!
This could be a very big danger, but also an opportunity, if you have incurred into a serious problem on these keys.
Benefits
Important, this procedure has consent to me to recover the locked key and its sub-keys and data, instead of trying of deleting it (there are tools on the net to delete locked keys). The sub-keys and values under it were all preserved, and made accessible again to the system.
This seems a more general-purpose solution, and do not depends on a particular tool, provided only that one has a means to launch a Regedit instance with SYSTEM elevated security authorization, and Process Hacker can do that.
Other tools to do this
I've also run into this other solution using PsExec to open the elevated Regedit in another thread, but I had already Process Hacker installed so I've used it instead: PsExec solution by Scott Chamberlain
Another completely different solution involving use of SubInAcl Ms utility is depicted here (Ms community post - seek reply by kitsune0). This will rework all the registry permissions, but IMHO I will not add full access to the simple user as stated, anyway.
Real-time windows access patching
With only this elevated Regedit opened, and an instance of Process Monitor running filtered (telling me of registry ACCESS DENIED messages in real time for users different from normal user), I could fix many different Windows Registry Access problems in "real time" (as the error lines come up on Process Monitor), while at the same time, recovering full key trees that for whatever unknown reason, were made inaccessible even to the system itself, and so, definitely repair a wide bunch of windows malfunctioning in a single, intensive round.
Be careful, while doing this, that not all ACCESS DENIED lines logged by SysMon are errors needing to be solved. Some are part of permission checking logic from the applications and system components, and do not require changing anything. You must concentrate on the repeated consecutive failed tries from components that are involved in some real malfunctioning you are experiencing from your system.
Final notes
Hope that my solution could help other people that is incurring in this very problem.
Always backup your whole system and registry hives before to do intensive registry mining and patching.
Disclaimer: I am not responsible of you destroying your windows system by means of this trick. Be very careful!