Using regedit to modify Vista registry

Question

How can I use regedit to modify protected registry keys in Vista Business? Specifically, how can I use regedit to delete keys in HKLM\system\CurrentControlSet\Enum\USB?

Here is what I have done so far:

• Logged in as admin
• Opened regedit with "max" access using [Ctrl][Shift][Enter]
• Attempted to change permissions on a key under Enum\USB to 'full control', but failed (at this point, Vista returns "Access denied"). This is where I am stuck.

What is the procedure for deleting these keys?

Thanks for your help!

 

 

Answer 1

I'm in exactly the same situation, and it's so frustrating.  Under XP I was able to set 'full control' to myself then delete the key.  Now, no matter what permissions are granted, under Vista Enterprise I cannot delete the blooming thing or view any sub-keys.  Pain in the neck, I've spent 2 days looking for a solution but no-one is forthcoming!  Can anyone offer advice, or maybe this is part of MS's wonderfully enhanced Windows Resource Protection that a genuine user cannot seem to circumvent.

Answer 2

The default permissions only allow the SYSTEM account to make changes to that key. You could probably get round it by launching a process as SYSTEM to modify the key, though I wouldn't recommend going down that route without a really good reason.

Is there some specific reason for wanting to delete those keys? What are you trying to achieve?

Answer 3

I have same problem too. Need to delete the VID values for clearing Unknown USB devices. Please help how to set or add permissions. Thanks in advance.

Answer 4

Can you not delete them through Device Manager?

Answer 5

It is a bit of a pain though, for instance I have several redundant registry keys created by programs I no longer have installed.  In XP, I could set myself as the user, give myself full control, then just hit 'delete' and away it went.  There's none of this on Vista though and it's hard starting regedit as a system user - there must be an easy way of deleting protected keys from the registry!  Even if it was something simple like turning off UAC and that would allow it, maybe MS should consider this as a hotfix since it does seem to be a problem.

Answer 6

In my case, I am developing drivers that modify the Vista registry. Often times during testing I need to delete  keys from the registry to test a "clean" installation. I realize that I can achieve this by re-imaging my drive, but there MUST be an quicker way to do this!

Answer 7

How launch a process as SYSTEM?  We have a program that did not uninstall correctly and now we need to clean the registry in order to install the newer version.  Running regedit as Administrator has not worked.

Answer 8

I have found your way around the regedit problem with Vista.

You have to go to run, then type in c:, then go to windows, then scroll down to regedit.

This should solve your problem.

Answer 9

That doesn't really make a lot of sense, I'm guessing all you're suggesting here is a way to open regedit - which we can all do just by typing 'regedit'.

The problem we have is not being able to delete protected registry keys, and searching online I can't see that anyone has come up with a solution.  Maybe Microsoft aren't even aware this is a problem, but it is causing a headache for many developers I know of and there's no forthcoming solution yet.

Answer 10

Stuart Andrews wrote:

Maybe Microsoft aren't even aware this is a problem, but it is causing a headache for many developers I know of and there's no forthcoming solution yet.

I'm pretty sure Microsoft are aware of this problem. I've tried to get help from support center on this specific problem, but yet no answer. By the way, i've managed to set all possible permissions on any administrator account, but problem still persist... Will keep waiting for solution or hotfix.

Answer 11

Yes I've done the same, I've even tried logging in under safe mode as I've clutched at straws.  Microsoft do need to address this quickly with a hotfix - fair enough if there's protected keys, but they should operate the same as under XP, allowing you to change a key's attributes from read/execute to full control which will then allow you to hit delete and be done with it.

Answer 12

WRP registry keys can be updated/deleted by only Trusted Installers.

You can know whether the key is WRP Protected or not,

Right click on the key -> Click Permissions -> Full Control would be only for TrustedInstaller(users/groupname tab) then the key is WRP.  This means only Trusted Installer gets to make changes to the key.

Trusted Installer is a service that hosts code for install, update, and un-install of OS components. The service is trusted by the system to check for all the pre-requisites such as package authenticity, signing authority and dependencies before making system-impactful changes.

Trusted installer is the only process/service that is allowed to make changes to WRP resources

regards

Santhi

Answer 13

Any update on this?  I could really use a solution that allows me to delete protected keys.  Thanks.

Answer 14

To edit or delete a protected key, make sure regedit is opened with administrator rights.  Select permissions on the key and change ownership from trustedinstaller to an account/group with Administrative rights.  Once this change is applied to the key, grant the Administrators - Full Control.  The key can now be deleted or changed.

Answer 15

I have the same problem trying to delete a vid key associated with a camera into a front usb port that gets a "usb device not recognized". Would you mind being a little more specific in terms of the permissions window and what to do as I am not an internalist?

Thank you,

Paul

Answer 16

On the Owner tab, Change Owner to the Administrators group, ticking the box to Replace owner on subcontainers and objects.  This then allowed me to change permissions.

Answer 17

Thanks for the info. However, when I try and do this it comes back and says it won't allow the change. It appears to me that this system that I received from Dell came this way and I won't be able to use the front USB ports until I delete this VID 0000 key.

Thanks much,

Paul

Answer 18

Even we are facing the same problem. But we want to delete the reistry VID/PID using our own application which has administrative privilages on Vista. Still we are not able to achive that.. Please guide us.

Answer 19

Just an update to my last info. Since, I have received a replacement system from Dell that did not have the problem. The front ports on the replacement system worked just fine from the beginning. After all this time, has MS not replied to any inquiries re: this problem??

Paul

Answer 20

usb and usbstorage registry keys are protected and can't be deleted even though you have administrators priviledge. 

 

Answer 21

They can be deleted but you have to take controle of each key then subkey one at a time adding yourself to the permissions tell you have dont it one at a time to them all. 

 

I had a device probelm once on my vista system and it took me 10 min just to take controle of each subkey tell I had them all and then I was able to delete the root key to rescan the drivers to fix the problem. realy sucked.

 

Jonathon Carey

Answer 22

Microsoft should give a way to view and delete the installed but unplugged hardwares. Someone use his PC very opened and let many of his friends copy files with their USB-Disks, that makes the registry larger and larger. The USB-Disks reg keys need to have a way and access right to delete without borrow each again from the friends.

Answer 23

 

If you delete the device from device manager before unplugging it, it should remove the regkeys from the system.

Answer 24

I had a similar problem, but on a different key. I was finally able to delete them by disabling UAC and rebooting. Then I could change the ownership, add permissions for my user, and then delete the keys.

One thing, I did have to do this on each folder and subfolder individually. The checkboxes to apply to all subfolders did not seem to have any effect.

Hope this helps.

Answer 25

 

Hello All

 

a workaround for removing unpluged hardware:

open a cmd window:

 

enter: set devmgr_show_nonpresent_devices=1

 

than start devmgmt.msc   (do not use compmgmt.msc)

go to view than select show hiden devices (or something like that, sorry but im using French version)

you will see the list of all hardware ever pluged in the computer (grey color), than just uninstall

 

it worked for me , hope this will help

 

 

to hide unpluged hardware tape set devmgr_show_nonpresent_devices=0

 

 

Answer 26

Sc_si: Many thanks for your advice!

I have been struggling for months to get rid of a broken printer driver and this solved it.

Answer 27

 

I am having problems with locked keys, and even as admin (and in safe mode) can't change permissions.

 

AccessEnum  program shows  ???  instead of who own the key.  Some say "The handle is invalid"

 

 

 

Answer 28

though i really can't explain it well, this snip below FIXED the problem

what it comes down to is the keys are owned by the SYSTEM which you can't normally sign in as....

(and all these fantastic utilities:  THANK YOU  Mr Russinovitch !)

 

**** 

 

microsoft.public.windows.vista.security

From regedit, you should be able to take ownership of the key, and then
change the key's security settings.

Alternatively, you can download the following tool from microsoft to open an
instance of regedit as system:

http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx

The following command line will open a "system" regedit:

psexec -s -i regedit

(Note: You have to execute this command line from an "administrator" command
prompt [right-click command prompt and click run as administrator])

--
- JB
  Microsoft MVP Windows Shell/User

****

Answer 29

You're a star JRDodd.  I had an issue where a failed install tried to load a non existent driver on every start up.  I had all the issues mentioned with not being able to delete the registry keys.  I tried safe mode, turning off user account protection, adding myself to each key, I even managed to change the owner to myself, but still couldn't delete them.

 

Your hint about psexec from Mr Russinovitch worked a treat.  20 seconds, job done. 

 

Thanks, Steve.

Answer 30

this worked 100% now I can reinstal my ati catalyst

Answer 31

 

I did this and all my devices disappeared in device manager and nothing will auto detect when I plug into usb now.

Answer 32

Hi Engineer2007:

You can use the RegistyKey Class and the Registry Class,
to programmatically delete, modify, add any registry key
or sub-path or main-path.

I hope this helps...

I hope that this thread is SOLVED! So we can close it,
because it's almost 2010 now.

Have a nice day...

Best regards,
Fisnik

---

Coder24.com

Answer 33

Hi,

I had a similar issue on windows 7, couldn't uninstall visual studio 2008. (this is the dedicated visual studio removal tool, the add/rem programs one didn't work), after I solved the problem where the installer couldnt find vs_minred.msi (http://blogs.msdn.com/astebner/archive/2006/09/04/739820.aspx) It would say it couldn't change the key.

after using psexec it was a different key etc.. etc... then i decided that wouldn't it be peachy if all keys were accessible by administrators?

download/install the subinacl tool: http://blogs.msdn.com/astebner/archive/2006/09/04/739820.aspx 

run a command prompt as system (from a command prompt as admin)

psexec -s -i cmd

from the system console 

notepad reset.cmd

paste the following into the oppened notepad file

cd /d "C:\Program Files (x86)\Windows Resource Kits\Tools"

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /setowner=administrators > %temp%\subinacl_output.txt

subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt

subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt

subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt

subinacl /subdirectories %programfiles%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt

subinacl /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt

you may have to change the first line depending on whether subinacl was installed in the (x86) program files, or the normal program files, anyway, save and exit. back in the system command prompt

reset.cmd

this should run through and give ownership of all keys to administrators (this issue shouldn't re occur with any key that is currently in the registry) give full control of all keys to admin, so all keys can be edited by a regedit oppened as admin. 

hoped this might be of help to someone who has multiple keys owned by system

D.R

Answer 34

Hi Engineer2007:

Based on your "title", I can say: As you bypass the UAC elevation and you run
regedit through a UAC elevation, then everything will work fine!

Have a nice day...

Best regards,
Fisnik

---

Coder24.com

Answer 35

Hi Engineer2007:

BTW, Is this thread solved or NOT?

Have a nice day...

Best regards,
Fisnik

---

Coder24.com

Answer 36

I'm on vista 64. Editing Rpc/ClientProtocols. It got error for permission.

Fix:

Right click ClientProtocols choose permissions, find the name of the user you are logging in as. Place check mark under full control. Then choose advance, find the name of the user you are logging in as choose edit. Choose full control.

Trick. Choose 4 times you will get an error, on 4th attempt choose to cancel, you will get back to first screen, find the name of the user you are logging in as choose full control again, and hit ok. Now you can add. Edit ect....

Answer 37

Hi Engineer2007:

How is the situation on your side?
Is this thread solved or NOT?

Please tell me!

Have a nice day...

Best regards,
Fisnik

---

Coder24.com