Solved

Registry Permissions - Ownership Denied

Posted on 2013-12-04
2
349 Views
Last Modified: 2013-12-13
Hello EE,
I'm working on a Windows Server 2008 R2.  I was delayed installing some proprietary business applications. The installers could not access important registry keys.

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components… etc. etc.

Simply clicking the reg keys in question produced access denied messages. I tried to take ownership of the keys and I was met with additional denied messages.  Over time I realized that the denied message was incorrect or partial.  I was finally gaining ownership.  I simply had to quit the propertied dialog box and open it again.

Then I was permitted to add a user. After I added my user multiple users were revealed to have prior security permissions.

Some keys parents/grandparents required multiple attempts to gain ownership of all children. Eventually I got it.

How can reg permissions be hidden/suppressed and then uncovered again?

Does this reveal anything about the server as a whole?  Prior virus activity?  General corruption?

The server is running and the new software is running. I'm viewing with skepticism.
KG
0
Comment
Question by:kengreg
2 Comments
 
LVL 6

Accepted Solution

by:
donnk earned 500 total points
ID: 39697549
trusted installer can tinker with permissions as you have found.

Sometimes we use "psexec -i -d -s c:\windows\regedit.exe" as the big gun method which overrides permission issues.
0
 

Author Closing Comment

by:kengreg
ID: 39716383
I did not use the psexec solution mentioned above, but I'm still awarding points because it's a valid option under difficult circumstances. It's also the only feedback received.

In my case I repeatedly tried to take ownership of the difficult reg tree.  After four or five tries something finally completed and I had ownership.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question