Certain areas of the Windows registry cannot be accessed due to the Permissions assigned (or lack thereof) for those keys. For instance, some registry keys are owned by the LocalSystem account, and some are owned by TrustedInstaller.
There are legitimate cases where you need to access a registry key to modify or retrieve a setting, and receive Access is Denied or similar errors when doing so. Some of the errors you may encounter are:
Error Creating Key
<key name> cannot be opened. An error is preventing this key from being opened.
Details: Access is denied.
Cannot create key: You do not have the requisite permissions to create a new key under <key name>.
When dealing with a Malware infested PC, you may have to delete several registry entries manually in case the cleanup tool you use does not remove all of them. In most cases, you would get an error (“Error Deleting Key”) stating that you don’t have the permission to delete the specified branch. In that case, additional steps are required to reset the registry ACL permissions before removing the key.
To get access to a protected registry key, you have two options.
- Option 1 is to run the Registry Editor under SYSTEM or under TrustedInstaller rights and change the necessary modifications in the registry.
- Option 2 would be to change or take ownership of that registry key and then assign full control (or the required) permissions for your user account.
In this article, let’s see Option 2 — changing the ownership of the registry keys and assigning full permissions for your user account. Here are the instructions to do that in any version of Windows.
(The screenshots are from a Windows 10 computer, but the steps are exactly the same in Windows 8 and 8.1. In Windows Vista & 7, there is a slight change in the permission dialog boxes, where ownership can be set by clicking the Owner tab in the Advanced Security dialog. Owner tab has been removed in Windows 8 and higher.)
Take Ownership of a Registry Key
- Open the Registry Editor by running
- Navigate to the branch for which you want to modify the permissions.
- Right-click on the branch, and choose Permissions…
- Click the Advanced button.
- In the Advanced Security Settings dialog, note down the owner. If it says Unable to display current owner, or if your account isn’t the current owner, click Change
- Type your user account name and click OK.
- Your user account is showing up as the owner, but the change wouldn’t be applied until you click Apply.
- If you also want to take ownership of the subkeys under the selected branch, click Replace owner on subcontainers and objects, and then click Apply. Don’t close the dialog yet.
(If using Windows Vista or 7, click the Permissions tab in the Advanced Security Settings dialog, and follow the rest of the instructions. The dialog boxes would be different in Windows Vista & 7 after Step 7, but it’s not that difficult to follow.)
Assigning Full Control Permissions for your User Account
You’ve just changed the ownership of the key, but that’s not enough. You’ll need to assign necessary Permissions (usually, Full Control) to the specific branch in order to write to it.
- Click the Add button in the Advanced Security settings dialog.
- Click Select a principal
- Type in your user account name, and click OK.
- Click Full Control checkbox to enable it.
You’ve now granted your user account Full Control permissions.
That’s it. Add as many entries as you need, such as for Administrators, SYSTEM, etc. as required.
RELATED: Take Ownership of Registry Key & Assign Permissions Using Command-line