locked
Icacls.exe RRS feed

  • Question

  • Hi,

     

    I was using subinacls.exe /subkeyreg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /revoke="USERS" in Windows XP.

     

    Please tell me, How can I use the same registry with Icacls.exe for Windows Vista.

     

    Thanks in Advance,

    Regards,

    Asha

    Thursday, October 9, 2008 3:46 PM

Answers

  •  

    Hi Asha, I'd like to inform you that icacls cannot be used on registry entry. If you want to set permission on registry keys, we can use regini. For detailed information, please check the following KB article:

     

    How to Use Regini.exe to Set Permissions on Registry Keys

    http://support.microsoft.com/kb/237607

    Tuesday, October 14, 2008 6:17 AM
    Moderator

All replies

  •  

    Hi Asha, is the post related to another one - restrict user from using regedit32.exe? If you want to prevent user from using regedit32.exe, you can install Windows SteadyState on the computer, select the user, then add regedit32.exe to block program list. You can download latest version of Windows SteadyState via the link:

     

    http://www.microsoft.com/downloads/details.aspx?familyid=D077A52D-93E9-4B02-BD95-9D770CCDB431&displaylang=en

     

    Hope this helps!

    Monday, October 13, 2008 9:34 AM
    Moderator
  • Hi Sean Zhu,

     

    Thank you for your reply.

     

    I want to do it through command line. Customer requested like that. Through script customer wants the registry to be restricted.

     

    Please tell me any command line tool to do the restriction in registry.

     

    Thanks in Advance,

    Regards,

    Asha.

     

    Monday, October 13, 2008 9:45 AM
  •  

    Hi Asha, I'd like to inform you that icacls cannot be used on registry entry. If you want to set permission on registry keys, we can use regini. For detailed information, please check the following KB article:

     

    How to Use Regini.exe to Set Permissions on Registry Keys

    http://support.microsoft.com/kb/237607

    Tuesday, October 14, 2008 6:17 AM
    Moderator
  • Thank you for your reply.

     

    As I said, I want to restrict a particular registry hive. I want to deny permission for users to that specific registry hive.

     

    With regini.exe, how can we restrict a registry key. We can add permission or modify permission to a registry using Dword value, by giving specific permission to the administrator, system...

     

    But I want to deny users from accessing it. How can I perform that with regini.exe?

     

    Please let me know the solution if you have.

     

    Inputs will be valuable.

     

    Thanks in Advance,

    Regards,

    Asha

     

     

     

    Tuesday, October 14, 2008 8:59 AM
  • In windows vista, you can restrict winlogon registry key through regini.exe command.

     

    Hope this info would help u to address you requirement

     

    Thanks

    Dhana

     

    Tuesday, October 14, 2008 11:13 PM
  •  

    Hi Asha, we can use the command with suffix to give certain user group read permission instead of write permission.

     

    Wednesday, October 15, 2008 8:06 AM
    Moderator
  • Hi Sean Zhu,

     

    I dont want to give read or write permission.

    I want to deny permission.

     

    Regards,

    Asha

    Friday, October 17, 2008 1:47 PM
  •  

    Hi Asha, have you checked the following thread:

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3986153&SiteID=17

     

    Does this work for you?

    Monday, October 20, 2008 2:37 AM
    Moderator
  • Hi Sean Zhu,

     

    I only raised that post. For the exe, yes what the answer given was applicable.

     

    But for the registry, it is not applicable.

     

    For registry key how we need to do. I am trying in all ways, please suggest any other tool if available.

     

    Or shall we use Subinacl.exe? but i read in some forum it is not supported in vista. Thats why I am very much worried. Otherwise I will be using the same subinacl.exe for registry editing in vista.

     

     

     

    Thanks in Advance,

    Regards,

    Asha

     

    Monday, October 20, 2008 1:20 PM
  • hi

    If you have a domain... why not create a exclusion OU in your AD and create a registry preference GPO for your key how you want to deny permission and grant here 'Deny R/W Permission" for your OU  you created before how contain all the Account of deny poeple... 

    Nicolas

    Wednesday, September 9, 2015 6:04 PM