Solved

Registry Permissions - Ownership Denied

Posted on 2013-12-04
2
353 Views
Last Modified: 2013-12-13
Hello EE,
I'm working on a Windows Server 2008 R2.  I was delayed installing some proprietary business applications. The installers could not access important registry keys.

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components… etc. etc.

Simply clicking the reg keys in question produced access denied messages. I tried to take ownership of the keys and I was met with additional denied messages.  Over time I realized that the denied message was incorrect or partial.  I was finally gaining ownership.  I simply had to quit the propertied dialog box and open it again.

Then I was permitted to add a user. After I added my user multiple users were revealed to have prior security permissions.

Some keys parents/grandparents required multiple attempts to gain ownership of all children. Eventually I got it.

How can reg permissions be hidden/suppressed and then uncovered again?

Does this reveal anything about the server as a whole?  Prior virus activity?  General corruption?

The server is running and the new software is running. I'm viewing with skepticism.
KG
0
Comment
Question by:kengreg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
donnk earned 500 total points
ID: 39697549
trusted installer can tinker with permissions as you have found.

Sometimes we use "psexec -i -d -s c:\windows\regedit.exe" as the big gun method which overrides permission issues.
0
 

Author Closing Comment

by:kengreg
ID: 39716383
I did not use the psexec solution mentioned above, but I'm still awarding points because it's a valid option under difficult circumstances. It's also the only feedback received.

In my case I repeatedly tried to take ownership of the difficult reg tree.  After four or five tries something finally completed and I had ownership.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question