Can't delete registry key

Also posted this on WinXP, but the more minds the better:

I (as administrator) deleted a former user's account and profile. Now, I can't delete some registry keys-it says "Error deleting key". I suspect these keys in HKLM/software are from programs installed under that user (who also had administrator privileges). I've tracked the problem to Permissions; if I try to take ownership, it shows prior owner as "Unknown", but I can successfully take ownership despite it saying it failed. It then shows a permission belonging to the SID of the former user, which can then be deleted. Then I add permission under my administrator account, and if there are no further subkeys, I can delete the key finally.

The problem is, none of the subkeys appear until I take ownership, and the former user's SID doesn't show up until all this fiddling; so I have to then take ownership of each key one at a time; new deeper subkeys then appear, etc. For some key trees it's not bad; but for some (like an Intuit application's) it's a pain. Trying to have the "take ownership" and "add permission" apply to all children doesn't work (it just says failed, and doesn't do anything).

Safe mode didn't help. I haven't tried recovery console (cause I can't find the xp disk right now), but from a post here it doesn't appear that would work either. I suppose if there were a way to create an owner with the same SID, but that doesn't appear possible. Otherwise? (I've read MS's KB on taking permission...)

handvpriceAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

VRAGHAVANSCommented:
login as Administrator
Start-->Run-->regedt32
Select the perticular key or the tree
Select Security-->Permission-->Add everyone-->Apply
Then you should be able to delete the particular key or string/


handvpriceAuthor Commented:
No good:
1) I think you're talking about win2000; regedt32 just runs regedit in win xp, with slightly different commands.

2) I tried to add Everyone with full permissions to the whole HKLM/software branch, but did still get an error message "Registry Editor could not set security in the key currently selected, or some of its subkeys" and didn't change the problem keys. I tried again on just the problem key, with same result. Trying to expand the subbranches eventually still gives "Error opening key"...

Next?
nader alkahtaniConsultantCommented:
1.You MUST logon LOCALLY with Administrator rights

2.You must be not controlled by Group Policy

OR :

Step1. Boot into Safe Mode and Log on as Administrator:
====
1. Restart the computer.
2. Keep pressing the F8 key until the Windows Startup menu appears.
3. Select "Safe Mode" and press Enter.
4. Log on as the Administrator account.


Step2. Take the ownership of these keys
====
1. Click Start->Run, type "regedit" without the quotation marks and then
press Enter.
2. Locate the key which you want to take the ownership of.
3. On the Edit menu, click Permission.
4. Click Advanced, and then click the Owner tab.
5. In the Name list, click your user name, Administrator if you are logged
in as Administrator, or click the Administrators group. If you want to take
ownership of this key, click to select the "Replace owner on subcontainers
and objects" check box.
6. Click OK. If you are prompted to replace the permission settings, click
Yes.
7. Click OK.


After that, we can delete or modify these keys.


I hope this helps.


Regards,



http://www.derkeiler.com/Newsgroups/microsoft.public.windowsxp.security_admin/2002-10/16430.html
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

handvpriceAuthor Commented:
Nadir,
All that is what I did. However, when click Permission of the "bad" key, it says "You do not have permission to view the current permission settings for _keyname_ (I'll put that here as the name of the "bad" key), but you can make permission changes. When I click OK, I get to the permissions window, where the "Group or user names" window is empty. I click Advanced, and Permission entries box is empty. I then click Owner, and it shows "Current owner of this item" as "Unable to display current owner. I take ownership with my Administrators account, checking "Replace owner on subcontainers and Objects. I click OK, and it gives an error window Security "Unable to set new owner on _keyname_. Access is denied". I click OK, OK again on permissions window. If I again check permissions, now it shows "Group or User names" as SYSTEM and the former users SID!

I can then, if I wished, Remove the old SID, then add Administrators, which makes the key "good" now, and I can delete it or leave it. But given that this whole process would have to be done with every key and subkey which are bad, and one program added about 30 of these, and probably 20 programs were installed under that former user's account, I can't bring myself to do it all this way. Any better way???

nader alkahtaniConsultantCommented:
Add every one group with Full Control

and SYSTEM account with Full Control

make inherit  for all keys and subkeys

then tell me
handvpriceAuthor Commented:
Tried it on several levels of the higher keys; didn't make any difference to the "bad" lower keys. After clicking OK, it says "Registry editor could not set security in the key currently selected, or some of its subkeys."

Next?
nader alkahtaniConsultantCommented:
did you try this ??

right click on the key then Permission --> Advanced --> Effective Permissions  then add system and administrator and Full Control
handvpriceAuthor Commented:
Just tried it - exactly same results (i.e., didn't work).

Next? I think I could tell someone how to make this a repeatable problem, if anyone else wants to try it...........
nader alkahtaniConsultantCommented:
Give me 2 days to analyse this prblem

OK ?
Rich RumbleSecurity SamuraiCommented:
Have you tried a program like "Reclean" or "RegMaid" from M$?  http://support.microsoft.com/default.aspx?scid=kb;en-us;156078
ftp://ftp.microsoft.com/Softlib/MSLFILES/REGMAID.EXE (ftp://ftp.microsoft.com/Softlib/MSLFILES)

regedt32 and regedit are a bit different...
http://www.pcquest.com/content/technology/401030301.asp however xp seems to use just one as you indiacted...

I'll bet those two programs may be able to help you, remember to back up your registry... may want to try on a ghosted image of the pc or a pc you do not care much for....
-rich
techgurusCommented:
I know this sounds simple, and perhaps it introduces some security risk, I'm unsure. But here's how I alleviated a similar problem:

I had been doing a viral/spyware clean on a WinXP Home machine that has 2 administrator level users plus the primary administrator. The user accounts were set to use private "My Documents" directories, etc., which I believe is where the source of the problem began. In order to remove certain infections I had to attack some files in each account from another account, so I adjusted their privacy settings for their documents directories, etc.

In the process of this spyware clean I was running into a wall with removing a few registry entries (for the Dyfuca trojan spyware, in particular). The spyware cleaners couldn't remove the entries, and going into regedit presented the same error as was described above.

"Error deleting key"

"Registry editor could not set security in the key currently selected, or some of its subkeys."

On many other keys (just random regular non-spyware entries), I just couldn't "open" the key at all, it stating their was an error.

**
To make a long story short, after trying to just go a level higher in the subtree, I instead went to the top of the tree of HKCR, clicked "Permissions", on the first box (not in advanced) I added the Administrators Group, then set their permissions to full. I was in one of the user accounts (with computer administrator rights) at the time.

After this, I was able to easily remove any key.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techgurusCommented:
Ok, I take that back.... not any key.

There's still a few that are disagreeable -- for instance, HKCR/.disabled, and deny any attempt to adjust permissions, even with advanced settings.
handvpriceAuthor Commented:
Appreciate the response; I'd pretty much given up on the question, and have in fact reformatted and reinstalled.

But I had previously attempted that technique of adding permission for all administrators to every level up the tree; I believe it just kept giving me the message "Some or all of the lower keys could not be changed"...

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.