Question
-
Topic
-
Taking ownership of a registry key using command-line
LockedHi,
I have to deploy a W7 build on 1000+ workstation but the image contains a permission misconfiguration. As I’m not the “builder”, the only thing I can do is to write a “Post-Staging” script.
The thing is that the registry key “RunAs” located under HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
cannot be modified. Nobody has sufficient privilege (Local System Account, Domain admin, even built-in Administrator)Renaming “RunAs” key allow local system admin account to start explorer.exe using different credentials (using /separate switch) otherwise, by default, nothing happens (at least in our home made build)
The only user who have enough privileges to rename this key is “TrustedInstaller”. If I log on a workstation and start a Regedit,
I browse the key, right-click –> permission –> advanced –> owner and change owner to my L.S.A. account, then I’m able to rename the key and everybody is happy.The thing is : “I definitely don’t want to do that interactively on more than 1000 boxes.”
I tried to use regini, setacl, subinacl … but the only result I got is an “Access denied”.
Obviously, importing a .reg file lamentably fails too.Someone have a brilliant idea?
Thanks in advance,
Sacha