Command line tool to take ownership of a registry key

[allen2]

Hi,

I'm looking for a tool to take ownership a registry key. I tried setacl, subinacl and regacl and none of them can do it (at least i didn't found how).

The targeted reg key was set by a virus and it set only the full control for the system. I would like to remove this reg key with a script but the administrator don't have the rights on it.

Also i can do it without taking ownership with regedit but it would take a long time to do it this way.

[Colonel O'Neill]

I'd just take ownership of the whole hive and propagate permissions through the entire hive (probably not really a smart idea).

Maybe this will help?

http://support.microsoft.com/kb/245031

[CoffeeFiend]

I would like to remove this reg key with a script but the administrator don't have the rights on it.

Chances are that those tools would actually work, but that the key contains embedded nulls, causing them to fail (usually with a permission-related error message). Regedit can't touch those either. That's one of the tricks malware makers tend to use (you can't remove them using Windows API calls either! A malware maker's dream!) I'd give RegDelNull a try (yet another sysinternals gem)

Then again, maybe it's just a plain old permission issue.