Hi All,

Windows keeps eluding to a regdmp.exe utility that can be used with regini to change registry permissions.  500 points to the first one who can find it (or the resource kit).  SEE: http://support.microsoft.com/?kbid=245031

I've already tried http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/ but to no avail.

Basically I'm trying to script a way to set local users group (read) and system (full)  to a reg key (call it HKLM for now).  I've found regini, but they don't document a way to add local users group.  So I figured with regdmp I can get the binary number and just throw them in there.  

LVL 42
Kyle AbrahamsSenior .Net DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Instead of regdmp, install the W2k3 Resource Kit Tools (for the help), then the updated version of subinacl.exe (the original is buggy).
Then use subinacl.exe to change the registry permissions; syntax examples are in the ResKit help for subinacl.

Windows Server 2003 Resource Kit Tools

SubInACL (SubInACL.exe)
i believe you have to buy the resource kit to get this tool.
Kyle AbrahamsSenior .Net DeveloperAuthor Commented:

how do you set inheritance to proprogate?  I'm having a tough time with the tool, but it looks like it's what I need.  

(eg: Permissions -> advanced -> the two checkboxes at the bottom)

Can you give me an example?  

What about to add local users for read only access to a key. (can be hklm or some other key)

thanks very much.
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

I don't think you can change the inheritance flags, but you can use /subkeyreg instead of /keyreg if you want the changes to apply to subkeys as well.
So a command like
subinacl.exe /keyreg "HKEY_LOCAL_MACHINE\Software\Acme" /grant=SomeDomain\SomeGroup:R
would give the domain group SomeGroup Read permissions on the Acme key and the subkeys.
And just on case: don't use built-in groups or single user accounts for that; create dedicated groups and assign the permissions to that group.
Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
it's an explicit thing, it's there for a minute, and then it's gone.

Will checkinto it.

Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
Getting an error:

The security structure is invalid?

Trying to add administrator to a group.  (I'm logged in as local admin, but admin doesn't have permissions yet to the key.  I'm trying to add it to the key.)  


subinacl.exe /keyreg "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /grant=.\Administrators:r

Sorry, syntax error; replace the ":" in front of the permissions with a "="
subinacl.exe /keyreg "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /grant=.\Administrators=r

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
subinacl.exe /keyreg "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /grant=.\Administrator=R

LookupAccountName : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings:.\administrator 1337 The security ID structure is invalid.

Current object SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings will not be processed

Elapsed Time: 00 00:00:00
Done:        0, Modified        0, Failed        0, Syntax errors        1
Last Syntax Error:WARNING : /grant=.\administrator=r : Error when checking arguments - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
nevermind . . . has to be at group level . . . eg: administrators.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.