Need Help Setting Registry Permissions

[pcuser_tom]

I'm trying to figure out how to set registry permissions using the win32 api via vb6 but I'm not getting anywhere very fast.

The problem is that some Dell oem xp cd's have a controlset001\services\iastor key that has 2 unknown/bogus DACL's set to:

OWNER = S-1-5-21-846617511-297957836-1346600456-1005

GROUP = S-1-5-21-846617511-297957836-1346600456-513

If you mount the i386\setupreg.hiv in regedit and navigate to the iastor key, you get "Access Denied" and it causes trouble when building with BartPE.

I would like to clear those SID's from the ACL and add the administrators group (S-1-5-32-544) and my own owner (currently logged in user).

SubInAcl does this just fine using this from the commandline (uses the security attribs from it's parent key):

subinacl /subkeyreg hkey_local_machine\dell\controlset001\services\iastor\ /objectcopysecurity=hkey_local_machine\dell\controlset001\services

so I know it can be done (.NET is not an option).

Any help would be greatly appreciated.

Tom

[pcuser_tom]

This one really has me stumped! SubinACL seems to be the only way I've seen to be able to take ownership of this key.

The SetPerm example is the closest I've found but it seems to use the same method as regedit which results in "access denied".

Does anyone know of a good api spy program that will show me the functions that subinacl uses to accomplish this?

Edited February 18, 2007 by pcuser_tom