none
Regedit Permissions -"Access Denied" or "Error while deleting key" EVEN AS ADMIN! RRS feed

  • Obecná diskuse

  • Anyone tried deleting a registry key in Windows 7?  Got "access denied" or "Error while deleting key"?
    The usual response is, "You need to run regedit as an administrator".  but I *AM* logged in as Administrator, and running regedit as administrator, trying to assign administrator full permissions on that registry key in order to delete it!!  
    Am I mistaken, or isn't Administrator supposed to be able to administer and control all the settings on the computer, in order to set it up for the "Average Joe" user?
    So, under the permissions menu of that key, go to advanced, change the owner from System to Administrator, and try again.  It's no longer saying "access denied", but "Cannot delete xxxxxx. Error while deleting key".

    The scenario: Basically, the wireless has stopped working on a laptop. The device does not show up in Device Manager, but is in the registry, so the normal procedure is to delete the registry entry for the device in HKLM/System/CurrentControlSet (and /ControlSet001) /Enum/PCI    ,then attach the device or restart the computer, it finds the "new" hardware and reinstalls it. Easy!...

    Not with permission restrictions on the administrator account it's not!  So I need to give myself permission, to give myself permission, to do a simple task like delete a single registry key!  Why, Microsoft, why???!!!  Please just make the Administrator account a hidden "God mode" account that can do anything, and make the lives of us techies much easier in the process!  

    /RANT

    Now, where did I put that XP disc?!....


    sobota 30. ledna 2010 16:29

Všechny reakce

  • Some keys are protected by trusted installer. You have to set you as owner of the key first and give you full writing permissions.

    André
    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    sobota 30. ledna 2010 17:19
  • Regedit, select you key, right-click-->Permissions-->Advanced-->Owner, select Administrators, Apply. Then grand FC to "System", and, if you like, to "Administrators" also.

    I doubt deleting the keys helps you at all, since after deleting and restarting, the OS regenerates the keys by default permissions and you end up in the same situation as before, makes you mad, doesn't it?
    sobota 30. ledna 2010 20:36
  • I had the same problem trying to edit CurrentControlSet/Enum/USB. I tried all sorts of permission and ownership changes without success. I finally got it to work by using the following command

    psexec -i -d -s c:\windows\regedit.exe

    psexec is available from Microsoft here

    http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

    This gave me full access to the registry. You should definitely be careful with this sort of access.

     

    For me, my USB to serial device wasn't working any more. I wanted to remove the registry entries for it in Enum/USB. After deleting them with the above method, I plugged in the USB to serial adapter and it started working again. I'm running Win7 PRO.

    středa 21. září 2011 10:02
  • @AAWahoo, worked like a champ, thanks
    pátek 6. ledna 2012 4:02
  • I had one of my users (Win7 x86) get hit by

    Windows Advanced Security Center

    It should be pretty easy to get rid of. Stop the task, delete the .exe

    But no matter what I can NOT edit

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe

    No matter if I run as local admin, or a System with use of psexec, I can NOT make any changes to this key, no owner change, no permissions change, absolutely NOTHING

     You have to set you as owner of the key first and give you full writing permissions = ACCESS DENIED

    Surely if the program can make the changes, I should be able to undo them?

    Seb



    • Upravený scerazy pátek 15. června 2012 12:48
    pátek 15. června 2012 12:47
  • You are a star mate! Thank You
    neděle 15. července 2012 18:58
  • My problem is exactly the same but when when I try your solution I get this message.

    psexec -i -d -s c:\windows\regedit.exe
    Access is denied.

    I have tried running CMD as administrator also with the same results.

    Any ideas?

    pátek 17. srpna 2012 19:44
  • Hey thank you AAwahoo. that was helpful. I got my issue fixed after going through alot of other stuffs. THank you once again.
    středa 29. srpna 2012 3:36
  • I got the same problem, have you since managed to fix this?
    pátek 14. září 2012 23:30
  • Try psexec -1 -d -s C:\windows\system32\regedt32.exe. This finally allowed me to remove the registry keys.
    středa 24. října 2012 18:34
  • OMG - 2 days of searching and screwing with solutions. @AAWahoo - Worked perfectly. Thanks!!!!!

    [edit] at first glance I could delete subkeys, but overall the stupid Enum\IPEnumRoot entry couldn't be altered/deleted nor could I replace ownership.

    I'll keep looking. :(

    • Upravený JawsOnt sobota 27. října 2012 14:12
    sobota 27. října 2012 14:00
  • I was flailing too, trying to efface ENUM keys for my HID device on Win7.  Finally succeeded by opening cmd "as administrator" and running psexec -i -s c:\windows\regedit.exe (note no -d option)
    středa 31. října 2012 1:39
  • My problem is exactly the same but when when I try your solution I get this message.

    psexec -i -d -s c:\windows\regedit.exe
    Access is denied.

    I have tried running CMD as administrator also with the same results.

    Any ideas?

    I've got a simple fix for those who have this problem:

    1. Move PsExec.exe (and the other executables) into a folder called PSTools. Locate it under C:\, so it should be C:\PSTools.

    2. Create a new text file called "PsExec.bat" (note that the name before the .bat can be up to you). The location of this batch file is up to you.

    3. Open the file in Notepad, and enter the following information, and save it:

    C:\PSTools\psexec.exe -i -d -s c:\windows\regedit.exe
    pause

    (The pause is so you can read any error messages that may appear).

    4. Close Notepad, then right click on the new Batch file, and click "Run as Administrator".

    It worked perfectly for me, and makes it much simpler to run in the future, with a simple right click! Hope this works for you. :)

    Also note that the folder you put PsExec in doesn't matter, as long as the path in the batch file matches the true path of the file, and that there are no spaces in any of the folders to the file. This is because Administrator Command Prompt seems to read folder names in traditional DOS-like fashion (ie. PS Tools turns into PSTools~1 or something like that).

    sobota 10. listopadu 2012 8:27
  • Just posted a reply, but seemed to attach it to the post rather than the bottom of the thread. The batch file method should work nicely for everyone, so look up for details. :)
    sobota 10. listopadu 2012 8:28
  • Thanks TheEDFLegacy. At last a solution that works! I had Symantec Endpoint Client go bad, wouldn't uninstall, and had to use regedit for a tedious manual uninstall. After that the Teeter2 stuff from it remained. Couldn't remove in Device Manager & couldn't remove in Registry Editor because its permissions were set so only SYSTEM user could delete. PSExec gave me hope but even that was no good until it was run through the batch file as you susggested. At last I've removed what I could see of Teeter2 and my wireless adapter is working again! Thanks once again.
    sobota 17. listopadu 2012 14:57
  • AAWahoo, your solution worked for me on an old Windows 2003 server (32 bit). Thanks!
    sobota 5. ledna 2013 0:43
  • Hey Genius, thanks a lot man !!
    úterý 12. února 2013 18:04
  • Thank you, that solved my problem.

    If answer is helpful, please hit the green arrow on the left, or mark as answer. V-I-S-A

    pátek 20. září 2013 2:57
  • None of these solutions worked for me.

    On my last attempt to solve it, I tried using the software Registrar Registry Manager to delete the key and it worked!!

    úterý 1. října 2013 17:40
  • Registrar Registry Editor solves the problem easily. Never mind PSTools. Just be careful, because registrar is effectively unrestricted.
    neděle 6. října 2013 9:12
  • Even this didn't work for me, plus all the permutations otherwise. I've made myself owner of the key, inherited/de-inherited permissions, removed other users. Nothing will let me delete the keys. This is a laptop on a Domain, but my user has local admin. Also rebooted, tried in safe mode, etc.

    The key is a VMWare Workstation 9 Service, of which there are several - some I could delete, but many not, and it is this that prevented uninstallation of the app... which I wanted to do because I couldn't edit the Virtual Network Properties (possible also due to permissions).

    Really bizarre.

    středa 13. listopadu 2013 9:51
  • Man,

    I was having an issue with many of our laptops that we ran the symantec clean wipe on to fix a SEP 12 issue. After running the application we got the 8007000D error and it was saying windows was not genuine. I spent hours looking for fixes, running slmgr every way imaginable. Uninstalling symantec and trying, nothing I did would allow the workstation to get its key from the KMS. I found a MS article about the Enum key related to the 8007000D error and started searching for registry access issues.

    After finding this article I found that maybe I had a permissions problem on the enum key. I applied to child objects (permissions were right to start) access denied. Took ownership, access denied as admin, then as LOCAL admin, then as LOCAL admin in safe mode!! no dice.

    Then I found this thread. PSEXEC which I just recently started using to push some applications to computers remotely and BINGO! Started up Regedit remotely and was able to apply the permissions to the key. I am assuming that the switch that has the magic is the -s switch which ran the application as a system account.

    psexec -i -d -s c:\windows\regedit.exe worked for me.

    Finding this article basically saved the day. Thanks!


    • Upravený IcezX2K středa 5. února 2014 19:14
    středa 5. února 2014 19:13
  • OMG!

    I had a un-deletable key from an old installation of DropBox... I was trying to reinstall, but it would not reinstall because of this stupid prior key: HKEY_CURRENT_USER\Software\Dropbox\ks

    I tried many things! I tried:

    • every combination of run-as admin
    • loggin in as domain admin, etc
    • the psexec workaround

    I was about to give up and reinstall windows to fix this...

    But, the one that finally worked was the 3rd party: Registrar Registry Manager.

    I was a little skeptical, because I don't really like to install apps that I have never heard of... But it worked like magic!


    Thanks...

    úterý 18. března 2014 18:51
  • Hi,

    I explain you:

    Administrator does not mean "you get all rights to do anything." Administrator happens to be an account (or in your case, most likely the Local Administrators group) which by default is given some sensitive privileges like SeDebugPrivilege and similar. However, as far as the security subsystem is concerned, it is just an account. (Very much unlike root in Unix-like operating systems) If you aren't the owner of the key in question, and your account does not have WRITE_DAC access to the registry key in question, then you won't be able to change the access control list on the key in question.

    Try taking ownership first. By default, the local administrators group has SeTakeOwnershipPrivilege, which allows taking ownership of any object even without the WRITE_OWNER permission being granted by the object's discretionary access control list. Once you are the owner, you should be implicitly granted READ_CONTROL (which allows you to read the security descriptor on the object in question), and WRITE_DAC (which allows you to write to the DACL on the key in question). (Assuming the OWNER_RIGHTS SID isn't in use; that's extremely unlikely)

    úterý 29. dubna 2014 10:12
  • Registrar Registry Manager worked for me too, thanks for the suggestion.
    pondělí 23. června 2014 19:47
  • I was flailing too, trying to efface ENUM keys for my HID device on Win7.  Finally succeeded by opening cmd "as administrator" and running psexec -i -s c:\windows\regedit.exe (note no -d option)

    Robbie's solution was the only one that worked for me.Cheers, robbie!


    G H

    sobota 28. června 2014 8:34
  • /RANT;

      Yeah, Hello: I just spent 2 days trying to rid my PC of Malware that came in on "SearchSnacks" downloaded by some free-ware, or something. I noticed the "SearchSnacks" in my Windows "Uninstall" screen while Uninstalling another Program that I didn't need anymore. The "SearchSnacks" was UnInstalled and I assumed it was truly removed, yet I was wrong. What was left in my Windows Registry was HKEY_LOCAL_MACHINE\System\CurrentControlSet\ ENUM\Root\legacy_ssnfd. The same entry was left in 2 other places, with a total of 6 entries total. In ControlSet002\ and ControlSet001, each with another\0000 in both locations. The "SSNFD.Sys" file was named by several Malware Removal Programs that I downloaded off the Internet to remove the Registry Entries, the only one that even found it was SpyHunter 4.0, but it wouldnt remove it w/out Registering/Purchasing the App. Since I knew where the entry was located, I used Regedit to try and remove it, like your entry above, It Denied me Access...! Finally, in Google search, I entered "Regedit -Denies Access" to removal of SSNFD.sys

     I got a few results all saying to download more Malware Programs, which I skipped, and then Technet@Microsoft appeared. After reading about their APP I did download their PSTools, and used PSEXEC to allow me to delete the entry in Windows Registry in all 6 places..... What a relief....! PSEXEC give's one all the power of over-riding Trust Installed Apps in the Registry.... so, if you ever have another APP that you cant Remove (ACCESS DENIED) Google Search for Microsoft's PSTools..... or "PSEXEC.exe"

    James...

    pondělí 8. září 2014 4:11
  • Hello,

    As long as it does not appear in device manager, you should be able to attach the device again as if it were new, and the system should see it. When you restart, it should try to install it and if necessary, prompt for a driver.

    The entries in the registry would not have any bearing on being able to re-install the device. Further those registry entries should be overwritten during the install.

    Ludwig1120

    pondělí 26. ledna 2015 14:57
  • These commands were a big help fixing some registry issues on a machine.

    psexec.exe -i -d -s "C:\windows\regedit.exe"

    psexec.exe -i -d -s "C:\windows\system32\regedt32.exe"

    But I think I may have a few machines with these issues. Since permissions are the problem, you can't just import "working/good" registry keys.

    Does anyone know of a way of fixing registry permission issues remotely, for a few machines?

    středa 22. července 2015 15:50
  • IT WORKED! I did the steps ,,{FOLLOW THEM EXACTLY},, PutPSTools in  a folder on C: ,,  outlined except for the fact that Win  8  wouldnt convert the file named PSTools.bat  into a usable batch file it just remained a txt file named pstools.bat .

    SO I opened an admin comand prompt and typed  "cd.. enter"   {yes type the 2 dots}   twice to bring me to C:

    then type "cd PSTools " enter, 

    and from C:\PSTools,       I typed out the bat file except for the "pause"    ...  

     Type     "Psexec.exe -i -d -s C:\windows\regedit.exe"   enter.   Regedit started and I navigated to the HKLM\SYS\CURR.CONT.SET\ENUM\USBSTOR\  AND DELETED BOTH :  Disk&Ven_TigerJet .....  AND a CDROM instance with tigerjet in the key.     MAJICJACK GONE!

          WARNING  this tool DOES NOT WARN YOU OR ASK YOU IF YOU WANT TO DELETE  THIS KEY !!!

              IF YOU CLICK DELETE ... ITS GONE !  FASTER THAN YOU CAN PERCEIVE !

    pondělí 3. srpna 2015 22:21
  • Yayy had error 1402 with office uninstall because access denied to "image file execution options" registry entry.

    With your solution i fix the access and now its done.

    Thanks!


    Enrique

    pondělí 14. září 2015 16:19
  • Registrar Registry Manager worked great, in a flash.  I tried all the methods listed here but I could not delete a register key from the nasty virus rogue:JS/FakeCall.ID "IContentDirectoryFakePeerCallback".
    sobota 28. listopadu 2015 8:48
  • I have the exact same problem and tried everything here but none of them worked. I still got error with psexec and access denied with registrar. Also tried bunch of other registry programs as well... This is annoying beyond belief...

    středa 19. října 2016 16:47
  • Disabling AV then adding the key worked for me.
    pátek 10. února 2017 21:15
  • Disabling both AV and HIPS (McAfee Host Intrusion Prevention System) did it for me.  Just disabling AV was not enough.
    čtvrtek 2. března 2017 20:47
  • Thank's a lot André. Youtip help me to change the permissions without any trouble ;)
    pátek 24. března 2017 12:46
  • hey..hi..
    actually am facing 1 problem..
    am not able to delete chrome completely
    i removed each and everything but from regedit>hkey_local_machine, in the folder of google there's one manifest.json key...which am unable to delete
    i tried through psexec n all..
    also gave full control...still not able to delete..
    i tried reinstalling chrome, creates folder in programfile but it does not show in apps and feature(control panel)

    please help me with this.

    pondělí 5. června 2017 19:11
  • psexec -i -d -s C:\windows\system32\regedt32.exe

    (not -1)

    Thank you so much!

    pondělí 12. června 2017 13:47
  • You are star. Worked like a champ. THankyou
    sobota 12. srpna 2017 18:29
  • In this case, it's because of your antivirus.
    Disable your security software and try again..
    sobota 7. října 2017 8:41
  • worked like a charm. Thanks a lot.
    úterý 6. března 2018 11:22
  • Great. Worked for me as well. Good tip.
    středa 14. března 2018 17:31
  • OMG!

    I had a un-deletable key from an old installation of DropBox... I was trying to reinstall, but it would not reinstall because of this stupid prior key: HKEY_CURRENT_USER\Software\Dropbox\ks

    I tried many things! I tried:

    • every combination of run-as admin
    • loggin in as domain admin, etc
    • the psexec workaround

    I was about to give up and reinstall windows to fix this...

    But, the one that finally worked was the 3rd party: Registrar Registry Manager.

    I was a little skeptical, because I don't really like to install apps that I have never heard of... But it worked like magic!


    Thanks...

    Excellent program. Tried for hours to sort the undeletable key problem.  Couldn't uninstall skype, and skype insists on a complete manual uninstall before an update.  Like going back 15 years.


    čtvrtek 20. září 2018 9:29
  • André,

    I created an account on purpose just to give you an upvote and say thank you, obrigado!

    You saved my life

    --

    Diogo Mateus

    čtvrtek 20. září 2018 15:29
  • Hello from 2018... Your solution ran like a champ!!!!! Thanks!
    čtvrtek 8. listopadu 2018 0:01
  • I got the same Problem, so i also installed the Programm Registar Registry Manager, i tried to remove these Keys and 2 Keys got removed, but 2 the other two keys, i tried to remove i got the massage ACCESS DENIED. So now i dont know what to do, its a Key from Google: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts i tried delete NativeMessagingHosts with Registar Registry Manager but i my ACCESS DENIED so how can i remove this possibly adware from my computer when i cant delete those keys?
    pátek 19. dubna 2019 15:25
  • Just use nsudo
    pondělí 22. dubna 2019 6:40