Access to the Registry Key Denied: How to Fix Permissions of a Registry Key
Sometimes, when you are trying to delete or rename a registry key, you get access denied error. It is usually caused either by poorly written software which created another user account on your PC and failed to clean up properly on deinstallation, or by transferring registry hive from another PC. Anyway, this is due to registry key permissions stored in ACLs (access control lists).
Emergency Boot Kit contains offline Registry Editor, which operates at low level and can directly manupulate ACLs in the registry keys. This article explains step by step, how to fix access denied error in registry, take ownership of a registry key, and fix permissions of a registry key.
1. Symptoms of the problem
There's a key in registry which can't be renamed or deleted. Sometimes such a key even can't be read:
Failed attempt to rename registry key:
Failed attempt to delete registry key:
2. How to fix Access to the Registry Key Denied error
In order to make registry key readable and writeable in Windows, we must copy security descriptor from some other key (for example, root key of registry hive) to target key. This way ACL (access control list) of users who have key access permissions will be made equal for both keys.
Emergency Boot Kit is a powerful toolset to fix unbootable computers and recover data from them. One of tools in Emergency Boot Kit is an offline Registry Editor, which can make changes to the Windows Registry from the outside of Windows.
Security descriptors of registry keys can be read and written by Emergency Boot Kit Offline Registry Editor in raw mode. Security descriptors are not parsed by Emergency Boot Kit (they are just opaque sequences of bytes), but nevertheless they can be freely copied between keys and hives.
Using Emergency Boot Kit Registry Editor in raw mode, you'll be able to copy ACLs from "known good" registry key to "known bad" registry key.
3. Step by step guide of using Emergency Boot Kit to fix permissions of a registry key
1) Download Emergency Boot Kit and deploy it to USB thumbdrive according to the instructions, then set up your BIOS to boot from USB thumbdrive. You need full version of Emergency Boot Kit to actually write changes to the disk, but it's recommended to try demo version to make sure there are no hardware incompatibilities.
2) Boot from Emergency Boot Kit, wait until the main menu appears.
3) Wait while Emergency Boot Kit scans all local disks for Windows installations
4) Choose your Windows installation from the list
5) Choose Registry Hive you want to edit.
6) Emergency Boot Kit Registry Editor appears, as shown below:
7) Navigate to the source registry key which is readable in Windows (a donor of security descriptor). Root key of the hive will be used in this example. If you need to use another registry key as SD donor, then use UP, DOWN and ENTER keys on the keyboard.
8) Press F9 to enter Raw mode. Security descriptor will appear on the right panel. Press TAB to switch input focus to the right panel:
9) Using UP and DOWN arrow keys navigate to "Key Security", hold SHIFT key and select security descriptor with UP and DOWN arrow keys:
10) Press Ctrl+C to copy security descriptor into the clipboard and then TAB to switch input focus back to the left panel:
11) Navigate to the target registry key which is unreadable/unwriteable in Windows (an acceptor of security descriptor). Use your mouse or UP, DOWN and ENTER keys on the keyboard to make a choice. Then press TAB key to switch input focus to the right panel and navigate to "Key Security" using UP and DOWN keys:
12) Press Ctrl+V to paste (overwrite) security descriptor of the target registry key:
13) Press F2 to save changes to the registry hive on disk:
14) Finally, in the main menu of Emergency Boot Kit, choose "Reboot" or press F10: