I'm working on a Windows Server 2008 R2. I was delayed installing some proprietary business applications. The installers could not access important registry keys.
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components… etc. etc.
Simply clicking the reg keys in question produced access denied messages. I tried to take ownership of the keys and I was met with additional denied messages. Over time I realized that the denied message was incorrect or partial. I was finally gaining ownership. I simply had to quit the propertied dialog box and open it again.
Then I was permitted to add a user. After I added my user multiple users were revealed to have prior security permissions.
Some keys parents/grandparents required multiple attempts to gain ownership of all children. Eventually I got it.
How can reg permissions be hidden/suppressed and then uncovered again?
Does this reveal anything about the server as a whole? Prior virus activity? General corruption?
The server is running and the new software is running. I'm viewing with skepticism.