User inadvertently set the permissions for the entire HKCR hive to deny for the Everyone and Adminis

[David H. Lipman]

I was wondering if somone can shed some light on this tough predicament that one
of my clients ran into. While troubleshooting a virus issue, the user
inadvertently set the permissions for the entire HKEY_CLASSES_ROOT reg hive to
deny for the Everyone and Administrator group.

If you have a test machine you can try this and it will render the machine
useless because you won’t be able to execute anything. I was wondering if there
is had a tool to fix this or any workarounds possible. Tests though Active
Directory GPO’s have proven possible but this is not an option for the client who
is NOT on a Domain.

Is it possible that something can/may be done in the "Safe Mode with Command
Prompt" mode ?

Thanx in advance !

BTW: I should have Cross-Posted this, instead of multi-Posting, this to
microsoft.public.windowsxp.help_and_support -- Sorry !

 

[Mike Fields]

Seems to me I have seen something in the plugins for BartPE
that allows you to get in and load registry stuff. You might
want to check out that avenue http://www.nu2.nu/pebuilder/

mikey

 

[Steven L Umbach]

I have never had to deal with that but maybe he could boot into Bart's PE or
put the drive into another computer, use regedit to load the problem hive
from \Windows\system32\config, change the permissions to what they should be
or at least remove the deny permission, and then unload the hive. Offhand I
am not sure which file that hive relates to but would start with system.
Good luck. --- Steve

 

[David H. Lipman]

From: "Steven L Umbach" <[email protected]>

| I have never had to deal with that but maybe he could boot into Bart's PE or
| put the drive into another computer, use regedit to load the problem hive
| from \Windows\system32\config, change the permissions to what they should be
| or at least remove the deny permission, and then unload the hive. Offhand I
| am not sure which file that hive relates to but would start with system.
| Good luck. --- Steve

What file would be loaded for HKEY_CLASSES_ROOT ?

Can; "reg load .\path\file be used ?

 

[Steven L Umbach]

That seems to be the problem as I was just trying it out on a test computer
that I have dual boot on and was not able to load a registry hive to change
the permissions. The link below explains HKEY_CLASSES_ROOT more and there is
no single file for it. Sorry about the dead end on that one.

http://msdn.microsoft.com/library/d.../en-us/sysinfo/base/hkey_classes_root_key.asp

Another possibility that I have not tried either is to look at using setacl
which can change registry key permissions and do it from a remote computer.
Offhand I don't know if it will work on HKEY_CLASSES_ROOT. An upgrade/repair
install might be something to consider and of course possibly service pack
and definitely security updates would need to be redone. If the secedit
command can be run then it may be worth while trying per KB313222 and the
/areas regkeys switch could be used to reset only registry. --- Steve

http://setacl.sourceforge.net/ -- setacl
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

 

[David H. Lipman]

From: "Steven L Umbach" <[email protected]>

| That seems to be the problem as I was just trying it out on a test computer
| that I have dual boot on and was not able to load a registry hive to change
| the permissions. The link below explains HKEY_CLASSES_ROOT more and there is
| no single file for it. Sorry about the dead end on that one.
|
|
http://msdn.microsoft.com/library/d.../en-us/sysinfo/base/hkey_classes_root_key.asp
|
| Another possibility that I have not tried either is to look at using setacl
| which can change registry key permissions and do it from a remote computer.
| Offhand I don't know if it will work on HKEY_CLASSES_ROOT. An upgrade/repair
| install might be something to consider and of course possibly service pack
| and definitely security updates would need to be redone. If the secedit
| command can be run then it may be worth while trying per KB313222 and the
| /areas regkeys switch could be used to reset only registry. --- Steve
|
| http://setacl.sourceforge.net/ -- setacl
| http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222


Thanks Steve, they look promising.

 

[Shenan Stanley]

Steven L Umbach

http://setacl.sourceforge.net/ -- setacl

Thanks Steve, they look promising.

SETACL is something I use all the time - and for a long time now. Great
application.
(Although your customers problem is pretty special. heh)

 

[David H. Lipman]

From: "Shenan Stanley" <[email protected]>


|
| SETACL is something I use all the time - and for a long time now. Great
| application.
| (Although your customers problem is pretty special. heh)
|
| --
| Shenan Stanley
| MS-MVP

Sometimes a user's home redmedy needs a remedy