Even if I run a command shell as an administrator, I cannot use regedit to delete or modify items under the ENUM key.
Is there a way to turn off such security checks? In fact is there a way to turn off all security checks on a test machine? and go back to xp like behavior.
thanks,
m navab
xxxxx@yahoo.com wrote:
Even if I run a command shell as an administrator, I cannot use regedit to delete or modify items under the ENUM key.
Right. That’s by design. It CAN be done, but it is tedious. You just
have to take ownership of the key(s) you want, then add yourself to the
permissions with read and write privilege.
I have a Python script that generates a set of calls to the very handy
“subinacl” tool for this, so I don’t have to make a billion individual
permission changes in regedit. It works great for doing a “memory wipe”
operation.
Why do you need this?
Is there a way to turn off such security checks? In fact is there a way to turn off all security checks on a test machine? and go back to xp like behavior.
You are mistaken in thinking that XP had the security checks turned
off. The only difference is that in XP, the Enum key is owned by the
“Administrators” group, so you already had the ability to give yourself
permissions.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
As to your last question (turn it all off), my plan of attack for most targets that I setup is to
run ‘GPEDIT.MSC,’ and disable everything that sounds security related, followed by taking ownership
of everything on the system volume, and finally granting myself all permissions to the same.
I can’t tell you anything more specific than that, other than to make sure to set the UAC settings,
as every time I do this, I this is how I go about it. Obviously, you can get yourself in to trouble
doing this kind of stuff, so don’t do it on a machine that you can’t afford to reimage, at least
until you know what you’re doing.
Good luck,
mm
Tim Roberts wrote:
xxxxx@yahoo.com wrote:
> Even if I run a command shell as an administrator, I cannot use regedit to delete or modify items under the ENUM key.
>Right. That’s by design. It CAN be done, but it is tedious. You just
have to take ownership of the key(s) you want, then add yourself to the
permissions with read and write privilege.I have a Python script that generates a set of calls to the very handy
“subinacl” tool for this, so I don’t have to make a billion individual
permission changes in regedit. It works great for doing a “memory wipe”
operation.Why do you need this?
> Is there a way to turn off such security checks? In fact is there a way to turn off all security checks on a test machine? and go back to xp like behavior.
>You are mistaken in thinking that XP had the security checks turned
off. The only difference is that in XP, the Enum key is owned by the
“Administrators” group, so you already had the ability to give yourself
permissions.
First these are owned by the system not the administrator account, dso you
must modify the secutity which requires regedt32 not regedit. Second why do
you want to do this, the reasons to do this are few and the likely hood of
messing up the system is high.
–
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntdev…
> Even if I run a command shell as an administrator, I cannot use regedit to
> delete or modify items under the ENUM key.
>
> Is there a way to turn off such security checks? In fact is there a way to
> turn off all security checks on a test machine? and go back to xp like
> behavior.
>
> thanks,
> m navab
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3921 (20090309)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 3921 (20090309)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Don Burn wrote:
First these are owned by the system not the administrator account, dso you
must modify the secutity which requires regedt32 not regedit. Second why do
you want to do this, the reasons to do this are few and the likely hood of
messing up the system is high.
Don is correct here. One of the big issues is that it gives you an
environment that is different from the one your customers work in.
That’s caused me problems in one or two cases.
I’m being a bit hypocritical in saying that, because I do indeed have
“memory wipe” tool that eliminates all traces of our driver throughout
the file system and the registry, and it uses these kinds of ugly
tricks. However, I have tried to keep the damage as localized as possible.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
>> the reasons to do this are few and the likely hood of
>messing up the system is high.
I do this mostly in two cases:
To modify the values under the parameters key - rather safe from a system stand point.
To completely remove a device instance and reinstall it. I write bus enumerators, and therefore test and debug child device installation often.
Is there a better tool for doing these tasks than registry editor, short of rolling out your own app?
m navab
Showing your age there, Don :-).
Regedit *is* regedt32 on Vista. Vista’s “regedt32.exe” just runs regedit.
Don Burn wrote:
First these are owned by the system not the administrator account, dso you
must modify the secutity which requires regedt32 not regedit. Second why do
you want to do this, the reasons to do this are few and the likely hood of
messing up the system is high.
–
Ray
(If you want to reply to me off list, please remove “spamblock.” from my
email address)
xxxxx@yahoo.com wrote:
Is there a better tool for doing these tasks than registry editor, short of rolling out your own app?
Ray
(If you want to reply to me off list, please remove “spamblock.” from my
email address)
Ray Trent wrote:
Showing your age there, Don :-).
Regedit *is* regedt32 on Vista. Vista’s “regedt32.exe” just runs regedit.
This is true on XP as well. You have to go back to Windows 2000 to find
a separate regedt32
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Tim,
This may be true on some XP’s but not all, I just fired up the regedit
and it sure was not regedt32 on my XP system.
–
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“Tim Roberts” wrote in message news:xxxxx@ntdev…
> Ray Trent wrote:
>> Showing your age there, Don :-).
>>
>> Regedit is regedt32 on Vista. Vista’s “regedt32.exe” just runs regedit.
>
> This is true on XP as well. You have to go back to Windows 2000 to find
> a separate regedt32
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3921 (20090309)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 3921 (20090309)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Don Burn wrote:
This may be true on some XP’s but not all, I just fired up the regedit
and it sure was not regedt32 on my XP system.
Then you must have grabbed your own copy of regedt32 from somewhere
else. In a stock XP installation, c:\windows\system32\regedt32.exe is
less than 4K bytes long, and does absolutely nothing other than call
CreateProcess on regedit.exe.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
It’s the other way round. Since WinXP, regedt32.exe is just a stub which
executes regedit.exe. Since XP, regedit.exe also has a “permissions” submenu
which allows you to take ownership of keys which more or less removed the
need for the old regedt32.
//Daniel
“Don Burn” wrote in message news:xxxxx@ntdev…
> Tim,
>
> This may be true on some XP’s but not all, I just fired up the regedit
> and it sure was not regedt32 on my XP system.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
> “Tim Roberts” wrote in message news:xxxxx@ntdev…
>> Ray Trent wrote:
>>> Showing your age there, Don :-).
>>>
>>> Regedit is regedt32 on Vista. Vista’s “regedt32.exe” just runs
>>> regedit.
>>
>> This is true on XP as well. You have to go back to Windows 2000 to find
>> a separate regedt32
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>>
>> Information from ESET NOD32 Antivirus, version of virus
>> signature database 3921 (20090309)
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3921 (20090309)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
>
regedt32 has other superior features; like being able to do real backup/restore of keys via RegSaveKey that preserves security descriptors. I wouldn’t call it completely replaced at this point, at least not by regedit.exe.
-----Original Message-----
From: xxxxx@resplendence.com
Sent: Monday, March 09, 2009 13:43
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] not able to modify any key/value under HKLM\SYSTEM\CCS\ENUM under Vista or Win7
It’s the other way round. Since WinXP, regedt32.exe is just a stub which
executes regedit.exe. Since XP, regedit.exe also has a “permissions” submenu
which allows you to take ownership of keys which more or less removed the
need for the old regedt32.
//Daniel
“Don Burn” wrote in message news:xxxxx@ntdev…
> Tim,
>
> This may be true on some XP’s but not all, I just fired up the regedit
> and it sure was not regedt32 on my XP system.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
> “Tim Roberts” wrote in message news:xxxxx@ntdev…
>> Ray Trent wrote:
>>> Showing your age there, Don :-).
>>>
>>> Regedit is regedt32 on Vista. Vista’s “regedt32.exe” just runs
>>> regedit.
>>
>> This is true on XP as well. You have to go back to Windows 2000 to find
>> a separate regedt32
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>>
>> Information from ESET NOD32 Antivirus, version of virus
>> signature database 3921 (20090309)
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3921 (20090309)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I actually keep a copy of the win2k-era regedt32 around for times like this; it’s far and away superior and more powerful than the win95-evolved regedit.exe. Even has a nice real binary display for editing values too.
-----Original Message-----
From: Ray Trent
Sent: Monday, March 09, 2009 13:13
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] not able to modify any key/value under HKLM\SYSTEM\CCS\ENUM under Vista or Win7
Showing your age there, Don :-).
Regedit is regedt32 on Vista. Vista’s “regedt32.exe” just runs regedit.
Don Burn wrote:
> First these are owned by the system not the administrator account, dso you
> must modify the secutity which requires regedt32 not regedit. Second why do
> you want to do this, the reasons to do this are few and the likely hood of
> messing up the system is high.
>
–
Ray
(If you want to reply to me off list, please remove “spamblock.” from my
email address)
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
In regedit, import and export map to RegReplaceKey/RegSaveKey APIs. Select
“registry hive file” from the “save as type” format selection, those will
preserve SD (as well as class information).
//Daniel
“Skywing” wrote in message
news:xxxxx@ntdev…
regedt32 has other superior features; like being able to do real
backup/restore of keys via RegSaveKey that preserves security descriptors.
I wouldn’t call it completely replaced at this point, at least not by
regedit.exe.
- S
-----Original Message-----
From: xxxxx@resplendence.com
Sent: Monday, March 09, 2009 13:43
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] not able to modify any key/value under
HKLM\SYSTEM\CCS\ENUM under Vista or Win7
It’s the other way round. Since WinXP, regedt32.exe is just a stub which
executes regedit.exe. Since XP, regedit.exe also has a “permissions” submenu
which allows you to take ownership of keys which more or less removed the
need for the old regedt32.
//Daniel
“Don Burn” wrote in message news:xxxxx@ntdev…
> Tim,
>
> This may be true on some XP’s but not all, I just fired up the regedit
> and it sure was not regedt32 on my XP system.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
> “Tim Roberts” wrote in message news:xxxxx@ntdev…
>> Ray Trent wrote:
>>> Showing your age there, Don :-).
>>>
>>> Regedit is regedt32 on Vista. Vista’s “regedt32.exe” just runs
>>> regedit.
>>
>> This is true on XP as well. You have to go back to Windows 2000 to find
>> a separate regedt32
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>>
>> Information from ESET NOD32 Antivirus, version of virus
>> signature database 3921 (20090309)
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3921 (20090309)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I just use the Resplendence Registry Manager.
“Skywing” wrote in message
news:xxxxx@ntdev…
regedt32 has other superior features; like being able to do real
backup/restore of keys via RegSaveKey that preserves security descriptors.
I wouldn’t call it completely replaced at this point, at least not by
regedit.exe.
- S
-----Original Message-----
From: xxxxx@resplendence.com
Sent: Monday, March 09, 2009 13:43
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] not able to modify any key/value under
HKLM\SYSTEM\CCS\ENUM under Vista or Win7
It’s the other way round. Since WinXP, regedt32.exe is just a stub which
executes regedit.exe. Since XP, regedit.exe also has a “permissions” submenu
which allows you to take ownership of keys which more or less removed the
need for the old regedt32.
//Daniel
“Don Burn” wrote in message news:xxxxx@ntdev…
> Tim,
>
> This may be true on some XP’s but not all, I just fired up the regedit
> and it sure was not regedt32 on my XP system.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
> “Tim Roberts” wrote in message news:xxxxx@ntdev…
>> Ray Trent wrote:
>>> Showing your age there, Don :-).
>>>
>>> Regedit is regedt32 on Vista. Vista’s “regedt32.exe” just runs
>>> regedit.
>>
>> This is true on XP as well. You have to go back to Windows 2000 to find
>> a separate regedt32
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>>
>> Information from ESET NOD32 Antivirus, version of virus
>> signature database 3921 (20090309)
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3921 (20090309)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer