How to delete a reg permission with SETACL?

setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:service;p:full"


I am looking for the syntax to totally remove service from hklm\software i have the command above that adds it and it works fine but how to remove it ?
LVL 1
NAMEWITHELD12Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NAMEWITHELD12Author Commented:


C:\>setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:service;p:full"
INFO: Processing ACL of: <machine\software>

SetACL finished successfully.

C:\>setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:service;p:full"
INFO: Processing ACL of: <machine\software>

SetACL finished successfully.

C:\>setACL.exe -on "hklm\software" -ot reg -actn ace remtrst "n:service"
ERROR in command line: Invalid option specified: remtrst!

Type 'SetACL -help' for help.


C:\>setACL.exe -on "hklm\software" -ot reg -actn ace -ace remtrst "n:service"
ERROR in command line: Invalid number of entries in parameter for option -ace sp
ecified: remtrst!

Type 'SetACL -help' for help.


C:\>setACL.exe -on "hklm\software" -ot reg -actn remtrst "n:service"
ERROR in command line: Invalid action specified: remtrst!

Type 'SetACL -help' for help.


C:\>setACL.exe -on "hklm\software" -ot reg -actn trustee -remtrst "n:service"
ERROR in command line: Invalid option specified: -remtrst!

Type 'SetACL -help' for help.


C:\>setACL.exe -on "hklm\software" -ot reg -actn trustee remtrst "n:service"
ERROR in command line: Invalid option specified: remtrst!

Type 'SetACL -help' for help.


C:\>
0
NAMEWITHELD12Author Commented:
I am getting close but cant get the syntax right !
0
NAMEWITHELD12Author Commented:
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Everyone";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"power users";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"batch";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"ISO_ssh_admin";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Interactive";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Restricted";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Server operators";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Service";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Terminal server user";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Users";s1:n;ta:remtrst;w:dacl
setACL.exe -on "hklm\software" -ot reg -actn trustee -trst n1:"Creator owner";s1:n;ta:remtrst;w:dacl


setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:Administrators;p:full"
setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:Creator owner;p:full"
setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:System;p:full"
setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:Users;p:read"


setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:Creator Owner;p:full"
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

NAMEWITHELD12Author Commented:
this is what i got so far the only issue i have now is that for creator owner i attempt to set the permmsions to full and it sets it to special permmsions not sure why

setACL.exe -on "hklm\software" -ot reg -actn ace -ace "n:Creator Owner;p:full"
0
Jared LukerCommented:
I always use subinacl.exe for those types of tasks.  Check it out and see if you can get it to do what you want a little bit easier...

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Davis McCarnOwnerCommented:
Generally, you would use a .REG file to add or remove entries from the registry which seems to be what you are asking.  For that, you can export the existing tree, edit the file and place a - (minus) in front of the key, and then save it.  Merging that file will then delete the desired key.
Alternatively, you can use the WshShell.RegDelete command in your VBScript.
http://support.microsoft.com/kb/244675
What is causing your problem with the Creator/Owner is that you will need to remove inherited permissions which is why it isn't working, now.
Lastly; though, you do realize you are playing with some serious fire, don't you?  Allowing everyone full permissions on services is akin to Russian Roullette with five bullets in the gun and I hope you plan to restore the defaults, later.
0
NAMEWITHELD12Author Commented:
yeah , what I was trying to do is revoke all the premissons that i have listed above i had it wrong ,, the reason i am usiing setacl and not subinacl is that subinacl is not working in 64 bit, is subinacl support

i will post the script that i used here tommorow as i dont have access to it right now , you are exacly correct in that "What is causing your problem with the Creator/Owner is that you will need to remove inherited permissions which is why it isn't working, now." so i had to use a command to remove the inherdence

C:\tmp\blade\setACL.exe -on "hklm\System\CurrentControlSet\Enum" -ot reg
-actn setprot -op ""dacl:p_nc;sacl:p_nc"

I might need some help tommorow with this command in removing file permmsions
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.