Taking ownership of a registry key using command-line

By zapfool ·

I have to deploy a W7 build on 1000+ workstation but the image contains a permission misconfiguration. As I'm not the "builder", the only thing I can do is to write a "Post-Staging" script.

The thing is that the registry key "RunAs" located under HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
cannot be modified. Nobody has sufficient privilege (Local System Account, Domain admin, even built-in Administrator)

Renaming "RunAs" key allow local system admin account to start explorer.exe using different credentials (using /separate switch) otherwise, by default, nothing happens (at least in our home made build)

The only user who have enough privileges to rename this key is "TrustedInstaller". If I log on a workstation and start a Regedit,
I browse the key, right-click --> permission --> advanced --> owner and change owner to my L.S.A. account, then I'm able to rename the key and everybody is happy.

The thing is : "I definitely don't want to do that interactively on more than 1000 boxes."

I tried to use regini, setacl, subinacl ... but the only result I got is an "Access denied".
Obviously, importing a .reg file lamentably fails too.

Someone have a brilliant idea?

Thanks in advance,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Related Discussions

Related Forums