Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Change Registry Ownership Permissions for KnownDLLs key


  • Please log in to reply
6 replies to this topic

#1 IsoQuantic

IsoQuantic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chandler, AZ
  • Local time:09:42 PM

Posted 04 September 2016 - 11:59 AM

I am missing two entries in

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs

 

The two subkey entries are:

DLLDirectory with a needed value of: system32
DLLDirectory32 with a needed value of: syswow6

 

When running the following two commands in an elevated command prompt:

 

SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" -ot reg -actn setowner -ownr "n:Administrators"

 

SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" -ot reg -actn ace -ace "n:Administrators;p:full"

 

I receive the following errors:

 

C:\WINDOWS\system32>SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" -ot reg -actn setowner -ownr "n:Administrators"
Processing ACL of: <machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs>
 
SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed

 

Operating system error message: Access is denied.
 
 
C:\WINDOWS\system32>SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" -ot reg -actn ace -ace "n:Administrators;p:full"
Processing ACL of: <machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs>
 
SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.
 
 

I get a similar error when using the following at an elevated command prompt:

 

SUBINACL /keyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" /setowner=administrators /grant=administrators=f

 

Is there another method of taking ownership of this registry key such that I can enter the two missing keys? I have tried the usual taking ownership method of accessing the Permissions of the registry key and trying to change the Trusted Installer ownership with the same "access denied" results.
 

Essentially I would like to import the following registry key:

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
"_Wow64"="Wow64.dll"
"_Wow64cpu"="Wow64cpu.dll"
"_Wow64win"="Wow64win.dll"
"advapi32"="advapi32.dll"
"clbcatq"="clbcatq.dll"
"combase"="combase.dll"
"COMDLG32"="COMDLG32.dll"
"coml2"="coml2.dll"
"DifxApi"="difxapi.dll"
"DllDirectory"="\\system32"
"DllDirectory32"="\\syswow64"
"gdi32"="gdi32.dll"
"gdiplus"="gdiplus.dll"
"IMAGEHLP"="IMAGEHLP.dll"
"IMM32"="IMM32.dll"
"kernel32"="kernel32.dll"
"LPK"="LPK.dll"
"MSCTF"="MSCTF.dll"
"MSVCRT"="MSVCRT.dll"
"NORMALIZ"="NORMALIZ.dll"
"NSI"="NSI.dll"
"ole32"="ole32.dll"
"OLEAUT32"="OLEAUT32.dll"
"PSAPI"="PSAPI.DLL"
"rpcrt4"="rpcrt4.dll"
"sechost"="sechost.dll"
"Setupapi"="Setupapi.dll"
"SHELL32"="SHELL32.dll"
"SHLWAPI"="SHLWAPI.dll"
"user32"="user32.dll"
"WLDAP32"="WLDAP32.dll"
"WS2_32"="WS2_32.dll"

Edited by IsoQuantic, 04 September 2016 - 12:01 PM.


BC AdBot (Login to Remove)

 


#2 IsoQuantic

IsoQuantic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chandler, AZ
  • Local time:09:42 PM

Posted 06 September 2016 - 02:48 PM

Anyone have an idea for my problem above?



#3 JohnC_21

JohnC_21

  • Members
  • 23,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 06 September 2016 - 03:02 PM

I don't have much experience with 10 but this method should work.

 

http://www.howtogeek.com/77878/take-ownership-of-or-assign-full-permission-for-a-registry-key-in-windows-7/



#4 IsoQuantic

IsoQuantic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chandler, AZ
  • Local time:09:42 PM

Posted 09 September 2016 - 02:11 PM

JohnC,

 

Tried that method and have the same permission issues.



#5 JohnC_21

JohnC_21

  • Members
  • 23,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 10 September 2016 - 07:23 AM

you should be able to change the registry keys offline. Boot Kaspersky Rescue disk and use the Registry Editor. You would need to disable SecureBoot if you have it.

 

You can also use a Windows 7,8, or 10 install disk to edit the registry offline using this method. Method 1.



#6 IsoQuantic

IsoQuantic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chandler, AZ
  • Local time:09:42 PM

Posted 10 September 2016 - 03:00 PM

Problem solved using Sysinternals tool psexec to run regedit as SYSTEM.

 

Copy psexec to System32 folder

Enter psexec –i –s in an elevated command prompt

In the new command window that opens enter regedit.exe

Change ownership of Registry key to Administrators and click the box to include all subkeys

Give Administrators full editing rights for any future needs just in case

Enter the new String value subkeys described in my opening post above

Change ownership back to TrustedInstaller, by entering NT SERVICE\TrustedInstaller in the appropriate owner dialog

Exit and reboot to take effect.


Edited by IsoQuantic, 10 September 2016 - 03:02 PM.


#7 JohnC_21

JohnC_21

  • Members
  • 23,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 10 September 2016 - 04:21 PM

Glad you solved the problem and thanks for taking the time to post  a detailed solution.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users