Question

  • Creator
    Topic
  • #2209218

    Taking ownership of a registry key using command-line

    Locked

    by zapfool ·

    Hi,

    I have to deploy a W7 build on 1000+ workstation but the image contains a permission misconfiguration. As I’m not the “builder”, the only thing I can do is to write a “Post-Staging” script.

    The thing is that the registry key “RunAs” located under HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
    cannot be modified. Nobody has sufficient privilege (Local System Account, Domain admin, even built-in Administrator)

    Renaming “RunAs” key allow local system admin account to start explorer.exe using different credentials (using /separate switch) otherwise, by default, nothing happens (at least in our home made build)

    The only user who have enough privileges to rename this key is “TrustedInstaller”. If I log on a workstation and start a Regedit,
    I browse the key, right-click –> permission –> advanced –> owner and change owner to my L.S.A. account, then I’m able to rename the key and everybody is happy.

    The thing is : “I definitely don’t want to do that interactively on more than 1000 boxes.”

    I tried to use regini, setacl, subinacl … but the only result I got is an “Access denied”.
    Obviously, importing a .reg file lamentably fails too.

    Someone have a brilliant idea?

    Thanks in advance,
    Sacha

All Answers

Viewing 1 reply thread