A revisit: Unable to delete/take ownership of registry keys

Topic

New Reply

Really need some help with this.
Running Win7 Enterprise
There are currently 11 reg keys that I know of that I cannot take ownership of or delete. 9 are magicjack keys and 2 are erroneous file types (jv16 power tools).
What really concerns me is that I’m logged in as admin but do not have complete control of my computer. I was a computer analyst for over 15 yrs. and was always able to solve problems like this. Win7 has me stumped.
How can software lock reg keys to the point that an admin cannot delete them?:huh:
TIA

Reply | Quote

Replies

Try this command line tool from Mark Russinovich;

RegDelNull v1.1

Introduction
This command-line utility searches for and allows you to delete Registry keys that contain embedded-null characters and that are otherwise undeleteable using standard Registry-editing tools. Note: deleting Registry keys may cause the applications they are associated with to fail.

or

PCRegedit

What can PCRegedit do?
PCRegedit is a Linux Live CD based, easy-to-use tool to create, delete, edit the windows registry key-values without booting from Windows. You can use it to fix Windows Registry key-values when it is maliciously altered by virus or when you are going to edit key-values pertaining to Windows Kernel settings. Or else, you can also optimize, clean up your Windows registry manually.
In order to access Windows Registry without booting Windows, We have developed a new technology to help people access any Windows Registry from PCRegedit Software. The core technology provides multiple editing modes and people can easily edit any kind of windows registry keys, such as string value, binary value, DWORD value, extended string value and multi-string value.
The most powerful features PCRegedit have are :
1. Direct Windows Registry Key Access Technology — This technology allows you to access any part of Windows registry with full read-write authority.
2. Search the existing registry files(SAM, SYSTEM, SOFTWARE, SECURITY) automatically.
3. Multi-edit mode — Not matter what type the value is, you can easily create, edit or delete it.

How can I edit the registry from the command prompt?
How to add, modify, or delete registry subkeys and values by using a registration entries (.reg) file
Managing the Windows Registry from the Command Prompt with Reg.exe
How To Take Full Permissions Control To Edit Protected Registry Keys
Circumventing Group Policy Settings

If you are still unable to delete the registry keys in question, you can always perform a format and clean install.

Reply | Quote

Hey CLiNT, Thnx for the tips. Tried both. Neither worked. PCregedit would not boot my computer. 5 or 6 errors and didn’t recognize my video card… which I thought was kinda strange cuz it’s about 2.5 yrs. old. That could be a really helpful proggie.

Reply | Quote

You could try the Majicjack uninstaller from thier website here.

Jerry

Reply | Quote

You could try the Majicjack uninstaller from thier website here.

Jerry

Tried it. Doesn’t do jack. Didn’t delete the reg entries or one of the mj dirs. Waste of time.

Reply | Quote

Have you tried running regedit from an administrative command prompt?

Open a command prompt using “Run as administrator” and then type “regedit”, which will bring up the regedit interface.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

How about the instructions on this page . They are for Vista but should work on Win 7.

Jerry

Reply | Quote

How about the instructions on this page . They are for Vista but should work on Win 7.

Jerry

Tried this procedure, but is very complicated. The MS file downloaded and installed, but when run, had thousands of errors. When it completed, I went to the registry keys I want to delete and was still unable to take ownership/delete them. I have one more thing I’m going to try and, if that doesn’t work, it’s gonna be a clean install or switch to Linux.

Reply | Quote

There is a reason it is complicated. Security and ownership has become a tool to use against malware. Starting with Vista even though your user account is a member of the administrators group it does not have the same unfettered access to your PC as the builtin Administrator account. Thus you end up with UAC, Trusted Installer, and “Run as administrator”. If you run regedit as administrator you can take ownership of any registry key. You should be very careful doing this as you can make your system unusable by changing permissions on some keys.

Feel free to change to a Linux OS if you wish. You’ll find the same if not more restrictions on everyday user accounts. Security is the same reason on Linux that you have to login as “root” to do administrative tasks.

Joe

--Joe

Reply | Quote

UPDATE! Alright. I tried taking ownership of 2 keys on another computer running a different ver. of w7:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSBSTOR
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSB

These 2 keys were mentioned on several sites that had procedures listed for removing magic jack. These keys do not need to be deleted. It’s some keys under these that are the culprits. I was not able to take ownership on the 2nd computer either. These keys have nothing to do with mj, so w7 is locking them.
Any input would be greatly appreciated.
TIA

I was logged in to the builtin admin acct.

Reply | Quote

When I start regedit with “run as administrator” I can change the ownership on any key. Are you starting regedit with “run as administrator”?

Since you are running Win7 Enterprise, are there policies in place to disallow use of regedit?

Joe

--Joe

Reply | Quote

Yes, I am “run as administrator”. Running Ent. on my home computer. No restrictions.
Have you tried taking ownership of the keys I listed above?

Reply | Quote

Yes. I took ownership of those keys.

Joe

--Joe

Reply | Quote

I thought maybe it was cuz I was running Enterprise, so I tried it on my laptop that runs Home Premium and had no joy. I don’t understand this.

I just tried it again on my laptop. Logged in as system admin. Ran regedit as admin. Went to the USB key and tried to take ownership. ACCESS DENIED!

Joe, you got any idea what’s goin on here?

Reply | Quote

Yes. I took ownership of those keys.

Joe

Joe,

I can take ownership of these keys as well, running as a standard user and using the same proceedures you listed in your later post (I have to enter the Admin password on the UAC popup). Can you also change permissions?

However, I find that I am unable to change permissions for the Parent key unless I add “Administrators” to the “Group or user names” list in all the subkeys where it is missing. Once I add “Administrators” to all such subkeys, only then am I able to change permissions for the Parent key itself, HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSB.

Without being able to change permissions, one will not able to delete the key (and all its subkeys) – just being the owner of the key is not sufficient.

I run Windows quite a bit differently than most users, and the methods I use require a good deal of registry editing to setup. There are a number of registry keys that are written in such a way that permissions will not propogate through all the child objects. With such keys, one must use extra measures in order to gain control.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Here’s the steps I used.

Click on the Start orb.
Enter “regedit” (without the quotation marks) in the search bar.
In the search results area, right click on regedit.exe and select “run as administrator”.
Navigate to the key and right click on the key.
Select Permissions.
Click on Advanced button.
Click on “owner” tab.
Select the user to be the owner or use “other users and groups” button to select a user.

OK your way out.

Joe

--Joe

Reply | Quote

Yes, I’ve tried that procedure several times on both computers. Don’t understand why you can do it and I can’t.

Reply | Quote

Yes, I’ve tried that procedure several times on both computers. Don’t understand why you can do it and I can’t.

There may be some default policies invoked in the Enterprise edition that are not in place in Ultimate or Professional. Have you look into those?

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I responded to this, but rebooted and it disappeared. Anyway, I had performed Joe’s procedure several with no joy.
I ended up d/ling Registrar Registry Manager for some reason and was able to delete the magicjack keys easily. Did a reg search and all offending keys are gone. Figure that out. I was 2 secs. away from performing a clean install.
Thnx for everyones help and suggestions.

Reply | Quote

Running Windows 7 Enterprise, I had problems updating Hotspot Shield.

Investigation lead me to the following keys in the registry: MS_HSSDRVMP with which I cannot do anything.

I first tried to remove all hotspot shield network devices with device manager. This failed, without error messages. They would just stay there :s

The HKLM (CurrentControletEnumRoot for example) “MS_HSSDRVMP” contains f10 subbranches: 0000 —> 0009. The problem is from their subkey PropertiesSSID The SSID strings CANNOT BE MODIFIED. PERIOD. Taking ownership, adding administrator, adding whatever, it does not work! I have MCSE, but I’m really stumped right about now

Please help, advise, suggest, anyone?

Peace!

Devvie

~~~ notemail@facebook.com ~~~

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-012 by DevNullius)

Reply | Quote

Not sure if devnullius’ problem should be in a new thread – the other posts perhaps refer to a different problem and are quite old. Anyway, here goes….

Stand back from the issue and look at the problem. Is the inability to modify the registry keys (even after taking ownership, run as admin etc…etc..) the problem, or is is it a symptom of the bad update to the vpn software?

Cause or effect?

If cause, then perhaps you have a corrupt registry and you have only a few options with that.

If effect, then consider other options such as removal of the Hotspot Shield and clean up with a power tool.

Reply | Quote

Have you tried enabling the default Windows Administrator, opening an elevated command prompt from within that account, then opening regedit from within that elevated command prompt, and following the steps listed in post #16?

And you should remove your email address from your post.[/FONT]

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I tried everything with normal setup options (remove reinstall etc). That will fail.

In the end, the registry hyves are unwilling to any operation I try on them. It just stays: no permission. Taking ownership, adding users, etc etc it all fails.

I have not yet made the Administrator account ‘enabled’. It’s Windows 7 and one should not do this, nor should it be necessary!?? Ofcourse, I’m using an administrators account. Also, this account is the account that did all the installing.

Cleanup tools will fail in advance, for the simple reason that NOBODY HAS ANY KIND OF ACCESS TO THE HYVES!

SO, what can I DO?

;p

Peace!

devnullius

Reply | Quote

I can change permissions also. But I am running as an admin. Don’t know if that makes any difference.

Joe

--Joe

Reply | Quote

There are a couple of things that can be done by the default Windows Administrator that cannot be done by any created account in the Administrators Group.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Thank you all for the quick reply’s!

I did as you asked, although I did not like it

But even as THE Administrator, THE Administrator was as powerless to these keys as other administrators. I cannot take ownership. Even if it says I can, it can’t

So what alternatives one would have after all this? http://www.resplendence.com/reglite couldn’t do it either :s

Curious and frustrated, thanx in advance & Peace!

devnullius

Reply | Quote

[bbearren]

I did as you asked, although I did not like it

You enabled the default Windows Administrator, logged onto that account, opened an elevated command prompt from within that account, and then opened regedit from within that elevated command prompt?

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

• This reply was modified 4 years, 10 months ago by bbearren.

Reply | Quote

Sorry – other problems introduced themselves (NetBalancer + hardware prob).

Both are fixed, and all is as it should be. Except for the problem mentioned above. Before the Big Problems started, I did manage to get rid of the stubbern registry keys left by Hotspot Shield.

I solved it using this page:
http://www.windowsreference.com/security/reset-the-entire-registry-permissions-to-defaults/

Partial Copy-paste:
“Create a file with the name reset.cmd under C:Program FilesWindows Resource KitsTools folder
Now you need to Edit the reset.cmd file and add the following lines
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f
Save and exit your file
Now you need to open command prompt run the following command
cd “C:Program FilesWindows Resource KitsTools”
after this press enter and enter the following command
reset.cmd”

Found with: https://encrypted.google.com/search?aq=f&q=windows+7+reset+registry+permissions&qscrl=1

I hoped all would be well after removing the registry keys and a simple setup (luckily, at that time while writing my above post, a newer version was released).

This was not the case. Hotspot Shield still would not start.

BUT I was also left with a list of non-working (problematic) network devices in device manager. I did not found a way to remove those (and then my other problems started ;)).

I will make a new post here: http://windowssecrets.com/forums/showthread//145302-cannot-remove-left-over-unknown-network-devices-tap0901-(Hotspot-Shield), asking on how to remove left-over network devices.

For now, my ‘original’ registry problem is solved.

Thank you for thinking along – I really miss my Hulu

Peace!

devnullius

Reply | Quote

Below, how I ‘solved’ my registry problem described above. Still I have no solution for removing the remaining network hardware devices in device manager (Windows 7). Sigh. Peace?

re-creating my problems, I notice the following registry keys that I cannot remove, even after subinacl:
HKLMSYSTEMControlSet001servicesHssWd
HKLMSYSTEMControlSet002servicesHssWd
HKLMSYSTEMCurrentControlSetServicesHssWd

Other keys found (for: anchorfree || hssdrv || hotspot || MS_HSSDRVMP) were easily removed.

Adapters remaining (many were removed):
– TAP-Win32 Adapter V9 #2
– TAP-Win32 Adapter V9 #2
(yes, same name)
– TAP-Win32 Adapter V9 #3

Searching and removing everything for “Tap-Win32 Adapter V9” in the registry leaves me with three unknown network devices :s Device-ID’s are: tap0901.

NOW, I can remove all keys with HssWd…

All registry searches (and removals) done with the excellent Registrar Registry Manager…

Reply | Quote