Reputation: 61
Delete protected registry key with a batch file
Trying to delete the following registry key with a batch file but I can't even delete in the registry editor. Any ideas on how to write a batch file to do it, maybe it need to change permission also.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SWD\PRINTENUM\
There are about 8 sub keys under PRINTENUM such as {1974F44D-A278-......} that I want to be deleted.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM
Same as above.
Upvotes: 2
Views: 8243
Answers (2)
Reputation: 61
I did try psexec -s -i on the server and having the .reg file on the server too, but just couldn't run it on the client with admin command prompt using \server..... tried all sorts of reg import, to running the reg file with -aaceptuela given me error 0 which should be no errors and error 1 which I tried to login using -u to run it or runas etc.,.,
At the end I had to copy the .reg file and psexec to the local hard drive with the script and ran D:\PsExec.exe -i -s -accepteula reg import "D:\hidden_printers.reg" for it to work.
Thanks again.
Upvotes: 3
Reputation: 49096
First, read the Microsoft support article What are Control Sets? What is CurrentControlSet?.
After doing that it should be clear that whatever is modified under HKLM\SYSTEM\CurrentControlSet is in real done (usually) also on HKLM\SYSTEM\ControlSet001 and applied on next boot also to HKLM\SYSTEM\ControlSet002.
Key HKLM\SYSTEM\Select contains the information which control set is the current control set (usually control set 1), which one is the default control set on Windows boot (also usually control set 1) and which one is the last known good (usally control set 2).
Next read the Microsoft developer network article about HKLM\SYSTEM\CurrentControlSet\Enum Registry Tree.
By default only the SYSTEM account has the necessary permissions to change something in enum registry tree. That can be changed with Regedit.exe, but it is not advisable to do that. Enumerator keys are removed automatically on uninstalling a device with it's driver for example with the Windows device manager. It is not advisable to delete them manually from Windows registry.
It is possible to navigate in Regedit.exe to key HKLM\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM, right click on this key, left click on context menu item Permissions, enable full access for group everyone, close the permissions dialog, delete the subkeys, re-open the permissions dialog for the key PRINTENUM again and uncheck full access for everyone to restore the standard permissions. But again, don't do that except you really know what you do.
See super user question Change registry permissions via command line (batch file) containing the answer on your question.
Upvotes: 1
Related Questions
- REG DELETE one value instead of the whole key
- Renaming/Deleting keys in the registry via batch cmd
- Delete a Registry key using C#
- How to delete a registry key only if it has no values or subkeys using a *.bat file?
- Batch script to find and delete registry keys and/or values
- Deleting a registry key
- Batch remove full registry key using for loop
- Deleting Registry Key with Batch Script from Uninstall
- BAT to delete remote file and rewrite remote registry key?
- Removing a registry key and its subkeys using a batch