Can't delete registry key

handvprice
handvprice used Ask the Experts™
on
Also posted this on WinXP, but the more minds the better:

I (as administrator) deleted a former user's account and profile. Now, I can't delete some registry keys-it says "Error deleting key". I suspect these keys in HKLM/software are from programs installed under that user (who also had administrator privileges). I've tracked the problem to Permissions; if I try to take ownership, it shows prior owner as "Unknown", but I can successfully take ownership despite it saying it failed. It then shows a permission belonging to the SID of the former user, which can then be deleted. Then I add permission under my administrator account, and if there are no further subkeys, I can delete the key finally.

The problem is, none of the subkeys appear until I take ownership, and the former user's SID doesn't show up until all this fiddling; so I have to then take ownership of each key one at a time; new deeper subkeys then appear, etc. For some key trees it's not bad; but for some (like an Intuit application's) it's a pain. Trying to have the "take ownership" and "add permission" apply to all children doesn't work (it just says failed, and doesn't do anything).

Safe mode didn't help. I haven't tried recovery console (cause I can't find the xp disk right now), but from a post here it doesn't appear that would work either. I suppose if there were a way to create an owner with the same SID, but that doesn't appear possible. Otherwise? (I've read MS's KB on taking permission...)

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
login as Administrator
Start-->Run-->regedt32
Select the perticular key or the tree
Select Security-->Permission-->Add everyone-->Apply
Then you should be able to delete the particular key or string/


Author

Commented:
No good:
1) I think you're talking about win2000; regedt32 just runs regedit in win xp, with slightly different commands.

2) I tried to add Everyone with full permissions to the whole HKLM/software branch, but did still get an error message "Registry Editor could not set security in the key currently selected, or some of its subkeys" and didn't change the problem keys. I tried again on just the problem key, with same result. Trying to expand the subbranches eventually still gives "Error opening key"...

Next?
nader alkahtaniInformation security consultant

Commented:
1.You MUST logon LOCALLY with Administrator rights

2.You must be not controlled by Group Policy

OR :

Step1. Boot into Safe Mode and Log on as Administrator:
====
1. Restart the computer.
2. Keep pressing the F8 key until the Windows Startup menu appears.
3. Select "Safe Mode" and press Enter.
4. Log on as the Administrator account.


Step2. Take the ownership of these keys
====
1. Click Start->Run, type "regedit" without the quotation marks and then
press Enter.
2. Locate the key which you want to take the ownership of.
3. On the Edit menu, click Permission.
4. Click Advanced, and then click the Owner tab.
5. In the Name list, click your user name, Administrator if you are logged
in as Administrator, or click the Administrators group. If you want to take
ownership of this key, click to select the "Replace owner on subcontainers
and objects" check box.
6. Click OK. If you are prompted to replace the permission settings, click
Yes.
7. Click OK.


After that, we can delete or modify these keys.


I hope this helps.


Regards,



http://www.derkeiler.com/Newsgroups/microsoft.public.windowsxp.security_admin/2002-10/16430.html
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Author

Commented:
Nadir,
All that is what I did. However, when click Permission of the "bad" key, it says "You do not have permission to view the current permission settings for _keyname_ (I'll put that here as the name of the "bad" key), but you can make permission changes. When I click OK, I get to the permissions window, where the "Group or user names" window is empty. I click Advanced, and Permission entries box is empty. I then click Owner, and it shows "Current owner of this item" as "Unable to display current owner. I take ownership with my Administrators account, checking "Replace owner on subcontainers and Objects. I click OK, and it gives an error window Security "Unable to set new owner on _keyname_. Access is denied". I click OK, OK again on permissions window. If I again check permissions, now it shows "Group or User names" as SYSTEM and the former users SID!

I can then, if I wished, Remove the old SID, then add Administrators, which makes the key "good" now, and I can delete it or leave it. But given that this whole process would have to be done with every key and subkey which are bad, and one program added about 30 of these, and probably 20 programs were installed under that former user's account, I can't bring myself to do it all this way. Any better way???

nader alkahtaniInformation security consultant

Commented:
Add every one group with Full Control

and SYSTEM account with Full Control

make inherit  for all keys and subkeys

then tell me

Author

Commented:
Tried it on several levels of the higher keys; didn't make any difference to the "bad" lower keys. After clicking OK, it says "Registry editor could not set security in the key currently selected, or some of its subkeys."

Next?
nader alkahtaniInformation security consultant

Commented:
did you try this ??

right click on the key then Permission --> Advanced --> Effective Permissions  then add system and administrator and Full Control

Author

Commented:
Just tried it - exactly same results (i.e., didn't work).

Next? I think I could tell someone how to make this a repeatable problem, if anyone else wants to try it...........
nader alkahtaniInformation security consultant

Commented:
Give me 2 days to analyse this prblem

OK ?
Rich RumbleSecurity Samurai
Top Expert 2006

Commented:
Have you tried a program like "Reclean" or "RegMaid" from M$?  http://support.microsoft.com/default.aspx?scid=kb;en-us;156078
ftp://ftp.microsoft.com/Softlib/MSLFILES/REGMAID.EXE (ftp://ftp.microsoft.com/Softlib/MSLFILES)

regedt32 and regedit are a bit different...
http://www.pcquest.com/content/technology/401030301.asp however xp seems to use just one as you indiacted...

I'll bet those two programs may be able to help you, remember to back up your registry... may want to try on a ghosted image of the pc or a pc you do not care much for....
-rich
I know this sounds simple, and perhaps it introduces some security risk, I'm unsure. But here's how I alleviated a similar problem:

I had been doing a viral/spyware clean on a WinXP Home machine that has 2 administrator level users plus the primary administrator. The user accounts were set to use private "My Documents" directories, etc., which I believe is where the source of the problem began. In order to remove certain infections I had to attack some files in each account from another account, so I adjusted their privacy settings for their documents directories, etc.

In the process of this spyware clean I was running into a wall with removing a few registry entries (for the Dyfuca trojan spyware, in particular). The spyware cleaners couldn't remove the entries, and going into regedit presented the same error as was described above.

"Error deleting key"

"Registry editor could not set security in the key currently selected, or some of its subkeys."

On many other keys (just random regular non-spyware entries), I just couldn't "open" the key at all, it stating their was an error.

**
To make a long story short, after trying to just go a level higher in the subtree, I instead went to the top of the tree of HKCR, clicked "Permissions", on the first box (not in advanced) I added the Administrators Group, then set their permissions to full. I was in one of the user accounts (with computer administrator rights) at the time.

After this, I was able to easily remove any key.
Ok, I take that back.... not any key.

There's still a few that are disagreeable -- for instance, HKCR/.disabled, and deny any attempt to adjust permissions, even with advanced settings.

Author

Commented:
Appreciate the response; I'd pretty much given up on the question, and have in fact reformatted and reinstalled.

But I had previously attempted that technique of adding permission for all administrators to every level up the tree; I believe it just kept giving me the message "Some or all of the lower keys could not be changed"...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial