Question

Locked

Taking ownership of a registry key using command-line

By zapfool ·
Hi,

I have to deploy a W7 build on 1000+ workstation but the image contains a permission misconfiguration. As I'm not the "builder", the only thing I can do is to write a "Post-Staging" script.

The thing is that the registry key "RunAs" located under HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
cannot be modified. Nobody has sufficient privilege (Local System Account, Domain admin, even built-in Administrator)

Renaming "RunAs" key allow local system admin account to start explorer.exe using different credentials (using /separate switch) otherwise, by default, nothing happens (at least in our home made build)

The only user who have enough privileges to rename this key is "TrustedInstaller". If I log on a workstation and start a Regedit,
I browse the key, right-click --> permission --> advanced --> owner and change owner to my L.S.A. account, then I'm able to rename the key and everybody is happy.

The thing is : "I definitely don't want to do that interactively on more than 1000 boxes."

I tried to use regini, setacl, subinacl ... but the only result I got is an "Access denied".
Obviously, importing a .reg file lamentably fails too.

Someone have a brilliant idea?

Thanks in advance,
Sacha

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

Clarifications

Collapse -
by Badhri_ravi

@zapfool - Did you find the solution for your problem ?? I am facing the same issue. If you find the solution, please care to share it here. Thanks

All Answers

Back to Windows Forum
3 total posts (Page 1 of 1)  

Operating Systems Forums