Welcome to MSDN Blogs Sign in | Join | Help

Decrypt my World

Cryptography, Security, Debugging and more!
How to change Registry Permissions with RegIni.exe (VBScript)

Hi all, welcome back,

Today I'll show how we can set the following permissions on a registry key with RegIni.exe and a VBScript:

- Creator Owner Full Control
- Users Full Control
- Power Users Full Control
- Administrators Full Control
- System Full Control

I will set the permissions here for testing purposes:

- HKEY_CLASSES_ROOT\AlejaCMaTypelib
- HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp

And for that I will need to create a special regini.exe script which will have the following contents:

 
HKEY_LOCAL_MACHINE\Software\Classes\AlejaCMaTypelib [1 5 7 11 17]
HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp [1 5 7 11 17]


Notes:
- With regini.exe I won't be able to set Users Full Control, but Everyone Full Control.
- HKEY_CLASSES_ROOT = HKEY_LOCAL_MACHINE\Software\Classes

See the following articles for details on the values used in the regini script:
- How to Use Regini.exe to Set Permissions on Registry Keys
- How to: Use a Script to Change Registry Permissions from the Command Line

And here you have the VBScript that will use regini.exe and its script:

 

' Create temp file with the script that regini.exe will use
'
set oFSO = CreateObject("Scripting.FileSystemObject")
strFileName = oFSO.GetTempName
set oFile = oFSO.CreateTextFile(strFileName)
oFile.WriteLine "HKEY_LOCAL_MACHINE\Software\Classes\AlejaCMaTypelib [1 5 7 11 17]"
oFile.WriteLine "HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp [1 5 7 11 17]"
oFile.Close

' Change registry permissions with regini.exe
'
set oShell = CreateObject("WScript.Shell")
oShell.Run "regini " & strFileName, 8, true

' Delete temp file
'
oFSO.DeleteFile strFileName

WScript.Echo "Done!"

 

I hope it helps.

Cheers,

 

Alex (Alejandro Campos Magencio)

Posted: Tuesday, March 11, 2008 8:15 AM by alejacma
Filed under:

Comments

Adam M. said:

How do you change registry keys through a batch file and regini?  For example, we'd like to have Vista auto-logon with a user name and password.  We could do it through XP, but it isn't working quite the same in Vista.  Any suggestions?

# March 24, 2008 10:54 AM

alejacma said:

I've never used Regini.exe for anything but changing registry key permissions, but this link may help you:

Distributing Registry Changes

http://windowsitpro.com/Windows/Articles/ArticleID/20047/pg/4/4.html

In order to change registry key values, etc., I always use VBScript. See this sample for instance:

How Can I Create a New Registry Key?

http://www.microsoft.com/technet/scriptcenter/resources/qanda/nov06/hey1116.mspx

I hope this helps.

# March 24, 2008 11:22 AM

User said:

Thank you very much for your useful help...!

# March 24, 2008 4:04 PM

techiem2 said:

Would you happen to know if there is a way to use regini or something similar to change permissions for a particular user?

The ACL options for regini only shows default system users/groups.

We need to change permissions on a bunch of keys for a special user that will be created and need to automate the permissions process (it would be annoying to have to manually set the permissions on 20+ keys at several machines...)

Thanks!

# April 22, 2008 3:14 PM

alejacma said:

SubInACL (SubInACL.exe) may help you:

http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

# May 2, 2008 7:56 PM

alejacma said:

adssecurity.dll may help you, too:

http://support.microsoft.com/kb/269159

# May 2, 2008 7:59 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker