Thursday, December 13, 2012

Permissions to registry using setacl

Recently I was trying giving permission to one of the registry hives with Subinacl, but it was not working despite all efforts and checking all the syntax and a lot of troubeshooting.

Then I came across another permission granting utility known as SetACL. It worked like a charm. So you can try using this utility is Subinacl fails.

You can download SetACL from http://helgeklein.com/download/

Here is an example to run SetACL to give registry permissions.

"SetACL.exe" -on "hkcr\Interface" -ot reg -actn setowner -ownr "n:Administrators"
"SetACL.exe" -on "hkcr\Interface" -ot reg -actn ace -ace "n:Users;p:full"


  • Object name (-on): This is the path to the object SetACL should operate on (file/directory/registry key/network share/service/printer).
  • Object type (-ot): What kind of object does the object name refer to: file or directory (file), registry key (reg), service (srv), printer (prn), network share (shr)?
  • Action (-actn): What should SetACL do with the object specified?

A lot more details and description can be found at this awesome site: http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/


3 comments:

Osye Pritchett said...

Did the registry key contain an asterisk (*) anywhere in it? I have run into this issue before with subinacl but SetAcl has no problem with asterisks.

http://bohemiantribe.blogspot.com/2007/11/subinacl-is-great-but.html

Piyush Nasa said...

Yes, no problem with * in SetACL. worked fine.

David Allison said...
This comment has been removed by a blog administrator.