How to fix “Deny Everyone” permissions in registry

How to fix “Deny Everyone” permissions in registry

So here's a spicy one for you guys...
I changed permissions on a registry folder (HKEY_CURRENT_USER\Control Panel\Keyboard) to "Deny Everyone". I had a good reason for doing it (long story) but it didn't resolve my issue (somehow the system is still changing it... mind boggling).
How can I fix this/can I fix this? I've tried everything I can think, including safe mode administrator account, but I can neither change the permissions nor reclaim ownership. I also tried the takeown command on the NTUSER.DAT file which is what I think contains that node, but while the command claimed success I'm still unable to access this registry folder or the keys inside.
Any ideas that don't involve reinstalling Windows? I'm on Windows 10.

Solutions/Answers:

Answer 1:

When you set EVERYONE DENY permissions you receive a warning that only the OWNER of the key will be able to change permissions or access it. On my Windows 10 system, the owner is SYSTEM. In most cases, it would be either SYSTEM, TRUSTED INSTALLER, or ADMINISTRATORS.

Therefore, we can fix this issue by running regedit as SYSTEM. In order to do so, we need to download pstools and extract the tools to a folder on your computer. On my system, I extracted them to D:\Downloads.

Now, we want to run Regedit as SYSTEM. To do this, open an administrative command prompt and change directories to where you expanded the PSTOOLS file (CD D:\Downloads). In that folder, is psexec. We will run the command psexec -i -s regedit.exe and Regedit will open.

Related:  Windows 10 language bar hot keys are reseted to (none) after locking

Regedit is now running as the SYSTEM user. Therefore, HKEY_CURRENT_USER is not YOUR registry, it is the SYSTEM registry. Now we have to navigate to your registry key. We will find that under HKEY_USERS. This key holds the registry of all currently mounted (logged in) user registries.

Within HKEY_USERS you will find a series of keys that start with S-1-5-xxx and so on. The longer keys that end in -1001, -1002, etc. are your logged on users. Expand each one to find the one that corresponds with your user registry. You can open the Environment key under each one and you will most likely see an item with the name of what user the key is associated with. By this method you can find the right S-1-5-xxx key. At the very least, you can open each one, and check the permissions of Control Panel\Keyboard. You will definitely find which one has the bad permissions on it.

Now that you know how to find the Control Panel\Keyboard key that corresponds with your user account you can simply right-click it and change permissions. Remove the EVERYONE DENIED permission.

On a side note, the system is able to continue to make changes to the key because SYSTEM owns the key. If you are trying to prevent the system from making changes to this key, then what you want to do is change the ownership of the key to your own user name. Then deny SYSTEM from making changes to the key. However, you cannot deny “Full control” to SYSTEM or the system won’t even be able to read the key and no telling what will happen. Instead, you will need to go to “Advanced permissions” and deny the “Set Value” permission.

Related:  How to read Windows Hibernation file (hiberfil.sys) to extract data?

Answer 2:

I think you need some 3rd party tools (and OS) to edit registry when windows is offline. Try registry edit utility that can edit windows registry while it shutdowned.

Here is one that you can use:

https://pogostick.net/~pnh/ntpasswd/

You can also try to edit broken registry on another computer running Windows by “Load Hive” from File menu and feed it with registries from computer that need to be fixed. (But personally I prefer to do such things from non windows OS)

Standard precaution: In any cases be carefully when messing with registries.

Our Awesome Tools

References