Reset Registry and File Permissions on Windows 7, Vista, or XP

Resetting permissions on system files and registry keys after they are altered by a virus, malware, or corruption, is nearly impossible to accomplish manually. I common sign of such a problem is registry keys and files that appear to have no owner because you don’t have permission to view the owner. If you’ve tried working around this – fixing a few so one thing would load, and then going back for the next, and the next, this short procedure will provide you relief. This script will reset the permissions correctly.

 

Download the SubInACL.msi from Microsoft and install it.

 

Copy the following text and paste it into notepad:

 

cd “\%ProgramFiles%\Windows Resource Kits\Tools”

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

 

Save the file with an extension of .cmd. For example, “reset.cmd”. You will need to run this from the command line, so save it to a place where you can easily access it.

 

Now go to a command prompt and run the file. In Windows 7 you will have to start the command prompt with elevated privileges. To do this, click start>accessories, then right click on Command Prompt and select “Run as Administrator”

 

When the command line opens, go to the folder where you saved the reset.cmd file. To do this type cd \foldername, or just cd \ if you saved the file to the root of C:. Then type reset.cmd and press enter.

 

It may take a few minutes for the script to complete. When it is done, exit the command prompt and restart your computer.

 

  • http://sabro.hopto.org/board tulino

    not working pls update to work well wiht windows 7…

    • Administrator

      Thank you very much. The first line did have the incorrect syntax for the path. Thank you very much!

  • lightinlp

    the path on the first line has bad syntax

    • Administrator

      Excellent catch. I’ve made the update. Thank you very much!

  • http://none sappington437

    Reset Registry and File Permissions reset.cmd procedure works for XP but not for Windows 7. On wondow7
    I get for windows7:
    cd /d “%ProgramFiles%\Windows Resource Kits\Tools”
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    The system cannot find path specified.
    ‘subinacl’ is not reconized as an internal or external command, operable program or batch file.

    • Administrator

      This will work in Windows 7, as well. ‘ve had to use it myself. But if you have a 64 bit version of Windows, the path of the executable may be fifteen. If it doesn’t show up where you are expecting it after installing, check in the “Program Files(x86)” folder instead of “Program Files”.

      Remember that you have to be in the same folder as the subinacl.exe at the command prompt to run the command.

      Mike

    • http://www.facebook.com/Naeem236 Naeemullah

      You probably haven’t downloaded the software required for the script to work. Download from:
      http://brainchamber.com/yourls/SubInACL

  • Eric67ct

    Hi. I ran this on my W7 64-bit machine and when the script is processing the HKEY_CLASSES_ROOT\Wow6432Node\Interface\… hive, I am receiving a lot of access denied messages. I piped some of it to a log file:

    Wow6432Node\Interface\{65589CDD-97E1-4799-8DA1-9547BBE656E6} : delete Perm. ACE 5 builtin\administrators
    Wow6432Node\Interface\{65589CDD-97E1-4799-8DA1-9547BBE656E6} : delete Perm. ACE 4 builtin\administrators
    Wow6432Node\Interface\{65589CDD-97E1-4799-8DA1-9547BBE656E6} : new ace for builtin\administrators
    Wow6432Node\Interface\{65589CDD-97E1-4799-8DA1-9547BBE656E6} : builtin\administrators is the new owner
    HKEY_CLASSES_ROOT\Wow6432Node\Interface\{65589CDD-97E1-4799-8DA1-9547BBE656E6} – RegSetKeySecurity Error : 5 Access is denied.

    Is there any way to get around this?

    Thanks,
    Eric

    • Administrator

      Actually, Eric, you will get a LOT of access denied errors, but it is expected. The script resets large chunks of the registry permissions and rather than trying to get too granular, it does include many registry entries on which you would not want to change the permissions, and those are the ones you are seeing the messages on. It’s not uncommon to get several thousand “access denied” messages while running these scripts, but then can be safely ignored.

      Mike

  • Kenny Parker

    cd “%ProgramFiles(x86)%\Windows Resource Kits\Tools”

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    pause

    There is the code I used for Windows 8 x64.

    • mhannigan

      Did this work for you? It would be great to have a known working script for Windows 8.

  • http://damonbreeden.wordpress.com Damon

    For Windows 7 Pro x64, on the following command, I received the error ‘Invalid path – C:\Windows\repair’

    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    A search of C: for secsetup.inf yielded no results.

    Any indication of where secsetup.inf might come from?

    • http://www.facebook.com/Naeem236 Naeemullah

      Remove the Extra space in first line before cd
      Then remove the quotation marks and again put it there. Somehow the quotation marks copied from this website and those recognized by the command prompt have different ASCII codes – or more simply they are not the same thing. This should solve the issue. :)

  • DaCaSe

    In Kenny’s Windows 8 code the ” “-s in the first line should be deleted. After that it works just fine.

    • Administrator

      You’re a genius! Thank you for pointing that out.

  • http://www.facebook.com/Naeem236 Naeemullah

    Thank you very much sir. It actually does work and has saved me a lot of trouble. There was syntax error in the script. The correct script is:

    cd “%ProgramFiles%\Windows Resource Kits\Tools”
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    Thanks a lot. Its people like you that give us hope that there is still kindness on earth.

    • http://www.facebook.com/Naeem236 Naeemullah

      (For users having issues) Note: When you copy this script to notepad, remove the quotes and again put it there. Like Delete the quotation marks and type it again. There should be no problem.

  • http://www.facebook.com/Naeem236 Naeemullah

    Here is a screenshot of the process in progress. Note the faults but they are safe to ignore as the admin stated before.

    • Michael Hannigan

      I really appreciate all your input on this. Thank you for all the good info and corrections. In fact, I’d love to have you contribute as often as you’re able!

  • http://brainchamber.com/ Michael Hannigan

    I have to figure out what the most current working version of the script is from you guys so no can update the article. And Naeemullah, I think that is what you have offered at this point. That should work on all versions of Windows. Would you agree?

  • Adham Dahab

    Use
    Permissions Time Machine
    An intuitive and user-friendly application that was designed with the purpose of allowing users to reset or restore system permissions in one click