delete grayed out registry keys

  • Thread starter Thread starter Markus Spiller
  • Start date Start date
M

Markus Spiller

Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without success.
Every time I get the message that I have not the right to access these
keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus
 
Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without success.
Every time I get the message that I have not the right to access these
keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus
Click to expand...

1. If the key is HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
create a del.reg file that contains:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB]

2. Open a CMD.EXE window.
3. AT HH:MM regedit.exe c:\folder\del.reg
where HH:MM is 2 minutes in the future.


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
 
No, the key is from a Shareware which I want to deltete completely (I
want my system clean)

I know I can restore my last backup, but know I want to know how to
delete these keys by hand. It is interesting that you are not the god of
your system if you are the administrator?!

Markus

Jerold said:
Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without success.
Every time I get the message that I have not the right to access these
keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus
Click to expand...


1. If the key is HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
create a del.reg file that contains:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB]

2. Open a CMD.EXE window.
3. AT HH:MM regedit.exe c:\folder\del.reg
where HH:MM is 2 minutes in the future.


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...
 
I showed you. Just replace HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
with your key.

No, the key is from a Shareware which I want to deltete completely (I
want my system clean)

I know I can restore my last backup, but know I want to know how to
delete these keys by hand. It is interesting that you are not the god of
your system if you are the administrator?!

Markus

Jerold said:
Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without success.
Every time I get the message that I have not the right to access these
keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus
Click to expand...


1. If the key is HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
create a del.reg file that contains:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB]

2. Open a CMD.EXE window.
3. AT HH:MM regedit.exe c:\folder\del.reg
where HH:MM is 2 minutes in the future.


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...
Click to expand...


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
 
In said:
No, the key is from a Shareware which I want to deltete completely
(I want my system clean)

I know I can restore my last backup, but know I want to know how
to delete these keys by hand. It is interesting that you are not
the god of your system if you are the administrator?!
Click to expand...

SYSTEM is king. Which (underneath) is just what Jerold is doing with
his provided solution.
Markus

Jerold said:
Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without
success. Every time I get the message that I have not the right
to access these keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus
Click to expand...


1. If the key is HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
create a del.reg file that contains:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB]

2. Open a CMD.EXE window.
3. AT HH:MM regedit.exe c:\folder\del.reg
where HH:MM is 2 minutes in the future.


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...
Click to expand...
 
This is not working.
I replace the key to my one and the command is running but nothing happend.
If I add the switch /interactive I get the message that the key can not
be deleted.
Could it be that the key is located in HKEY_CURRENT_USER\Software\ and
HKEY_USERS\S-1-5-21-..long number..-500\Software\

As I know is the second key the user key which is copied to
HKEY_CURRENT_USER\Software\ during the login and all changes which are
made in it are copied back to HKEY_USERS\S-1-5-21-..long
number..-500\Software\.
Ok. I tried it with both pathes all the same problem.

markus

Jerold said:
I showed you. Just replace HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
with your key.

No, the key is from a Shareware which I want to deltete completely (I
want my system clean)

I know I can restore my last backup, but know I want to know how to
delete these keys by hand. It is interesting that you are not the god of
your system if you are the administrator?!

Markus

Jerold Schulman schrieb:

Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without success.
Every time I get the message that I have not the right to access these
keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus


1. If the key is HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
create a del.reg file that contains:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB]

2. Open a CMD.EXE window.
3. AT HH:MM regedit.exe c:\folder\del.reg
where HH:MM is 2 minutes in the future.


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...
Click to expand...



Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...
 
In said:
This is not working.
I replace the key to my one and the command is running but nothing
happend. If I add the switch /interactive I get the message that
the key can not be deleted.
Could it be that the key is located in HKEY_CURRENT_USER\Software\
and HKEY_USERS\S-1-5-21-..long number..-500\Software\
Click to expand...

*Is* the key a part of and seen in HKCU? If so, then that is a
problem (for regedit running under SYSTEM).
As I know is the second key the user key which is copied to
Click to expand...

Not so much "copied" as mirrored or linked with the SID listed in HKU
while logged on. Like an "alias".
HKEY_CURRENT_USER\Software\ during the login and all changes which
are made in it are copied back to HKEY_USERS\S-1-5-21-..long
number..-500\Software\.
Ok. I tried it with both pathes all the same problem.
Click to expand...

Okay, but S-...-500 is the builtin Administrator account... Not
(presumably) your user account.

First determine your account's SID. One way, look in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\ProfileList
Then *while you are logged on with that account* use the
HKU\S-... key (your account) path to the key in the REG file
(running under SYSTEM (Task Scheduler)).

If that does not work and you are also unable to take ownership of
the key (or its parent) and propagate downward using regedt32, then
it is possible that either corruption exists or that the key that was
created using a invalid (for Win32 API) name.

Post more about how the key came into being in the first place.
Confirm the "take ownership" sequence.
Post the exact error text from regedt32.

Consider dumping the user Profile and rebuilding it. (or restoring
from backup)


markus

Jerold said:
I showed you. Just replace HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
with your key.

No, the key is from a Shareware which I want to deltete
completely (I want my system clean)

I know I can restore my last backup, but know I want to know how
to delete these keys by hand. It is interesting that you are not
the god of your system if you are the administrator?!

Markus

Jerold Schulman schrieb:


On Wed, 05 Jan 2005 15:48:56 +0100, Markus Spiller



Hallo,

I have some key in my registry which are grayed out.
I tried with regedt32.exe to access this keys but without
success. Every time I get the message that I have not the right
to access these keys even though I am the adminstrator!

How can I access (for delete) these keys?

Markus


1. If the key is HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB
create a del.reg file that contains:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\AAA\BBB]

2. Open a CMD.EXE window.
3. AT HH:MM regedit.exe c:\folder\del.reg
where HH:MM is 2 minutes in the future.


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...



Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...
Click to expand...
 
Sorry of my confusing english, it is not my first language :-)

Mark said:
In microsoft.public.win2000.registry Markus Spiller wrote:




*Is* the key a part of and seen in HKCU? If so, then that is a
problem (for regedit running under SYSTEM).
Click to expand...

Yes it *is* a part of HKCU.
Okay, but S-...-500 is the builtin Administrator account... Not
(presumably) your user account.
Click to expand...

I tried it with the built in Administrator account, installation and
testing.
First determine your account's SID. One way, look in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\ProfileList
Then *while you are logged on with that account* use the
HKU\S-... key (your account) path to the key in the REG file
(running under SYSTEM (Task Scheduler)).
Click to expand...
Result: Access denied
If that does not work and you are also unable to take ownership of
the key (or its parent) and propagate downward using regedt32, then
it is possible that either corruption exists or that the key that was
created using a invalid (for Win32 API) name.
Click to expand...

mmhhh that could be, but how is it possible to delete these kind of
corrupt keys?
Post more about how the key came into being in the first place.
Confirm the "take ownership" sequence.
Post the exact error text from regedt32.
Click to expand...

If I try to take the ownership of this key (or of some of his parents) I
get this message:
'Besitzer konnte auf dem gewählten Schlüssel oder auf einige
Unterschlüsseln nicht gesetzt werden.'
I don't know if you can read German, but it means that it is not
possible to to set the owner to the key or to one of the subkeys.

I figured out that this key has something to to with the expiration time
of the software (you have 14days for testing).
Consider dumping the user Profile and rebuilding it. (or restoring
from backup)
Click to expand...

Thats the last option, right now I'm interesting in to find out how is
that possible - or how is it possible to create invallid keys in the
registry and how to delete them

Markus
 
Back
Top