Reset Registry and File Permissions on Windows 7, Vista, or XP

Resetting permissions on system files and registry keys after they are altered by a virus, malware, or corruption, is nearly impossible to accomplish manually. I common sign of such a problem is registry keys and files that appear to have no owner because you don’t have permission to view the owner. If you’ve tried working around this – fixing a few so one thing would load, and then going back for the next, and the next, this short procedure will provide you relief. This script will reset the permissions correctly.

 

Download the SubInACL.msi from Microsoft and install it.

 

Copy the following text and paste it into notepad:

 

cd “%ProgramFiles%Windows Resource KitsTools”

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

subinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=f

secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose

 

Save the file with an extension of .cmd. For example, “reset.cmd”. You will need to run this from the command line, so save it to a place where you can easily access it.

 

Now go to a command prompt and run the file. In Windows 7 you will have to start the command prompt with elevated privileges. To do this, click start>accessories, then right click on Command Prompt and select “Run as Administrator”

 

When the command line opens, go to the folder where you saved the reset.cmd file. To do this type cd foldername, or just cd if you saved the file to the root of C:. Then type reset.cmd and press enter.

 

It may take a few minutes for the script to complete. When it is done, exit the command prompt and restart your computer.

 

  • not working pls update to work well wiht windows 7…

    • Administrator

      Thank you very much. The first line did have the incorrect syntax for the path. Thank you very much!

  • lightinlp

    the path on the first line has bad syntax

    • Administrator

      Excellent catch. I’ve made the update. Thank you very much!

  • Reset Registry and File Permissions reset.cmd procedure works for XP but not for Windows 7. On wondow7
    I get for windows7:
    cd /d “%ProgramFiles%Windows Resource KitsTools”
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    The system cannot find path specified.
    ‘subinacl’ is not reconized as an internal or external command, operable program or batch file.

    • Administrator

      This will work in Windows 7, as well. ‘ve had to use it myself. But if you have a 64 bit version of Windows, the path of the executable may be fifteen. If it doesn’t show up where you are expecting it after installing, check in the “Program Files(x86)” folder instead of “Program Files”.

      Remember that you have to be in the same folder as the subinacl.exe at the command prompt to run the command.

      Mike

    • You probably haven’t downloaded the software required for the script to work. Download from:
      http://brainchamber.com/yourls/SubInACL

  • Eric67ct

    Hi. I ran this on my W7 64-bit machine and when the script is processing the HKEY_CLASSES_ROOTWow6432NodeInterface… hive, I am receiving a lot of access denied messages. I piped some of it to a log file:

    Wow6432NodeInterface{65589CDD-97E1-4799-8DA1-9547BBE656E6} : delete Perm. ACE 5 builtinadministrators
    Wow6432NodeInterface{65589CDD-97E1-4799-8DA1-9547BBE656E6} : delete Perm. ACE 4 builtinadministrators
    Wow6432NodeInterface{65589CDD-97E1-4799-8DA1-9547BBE656E6} : new ace for builtinadministrators
    Wow6432NodeInterface{65589CDD-97E1-4799-8DA1-9547BBE656E6} : builtinadministrators is the new owner
    HKEY_CLASSES_ROOTWow6432NodeInterface{65589CDD-97E1-4799-8DA1-9547BBE656E6} – RegSetKeySecurity Error : 5 Access is denied.

    Is there any way to get around this?

    Thanks,
    Eric

    • Administrator

      Actually, Eric, you will get a LOT of access denied errors, but it is expected. The script resets large chunks of the registry permissions and rather than trying to get too granular, it does include many registry entries on which you would not want to change the permissions, and those are the ones you are seeing the messages on. It’s not uncommon to get several thousand “access denied” messages while running these scripts, but then can be safely ignored.

      Mike

  • Kenny Parker

    cd “%ProgramFiles(x86)%Windows Resource KitsTools”

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

    subinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=f

    secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose

    pause

    There is the code I used for Windows 8 x64.

    • mhannigan

      Did this work for you? It would be great to have a known working script for Windows 8.

  • For Windows 7 Pro x64, on the following command, I received the error ‘Invalid path – C:Windowsrepair’

    secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose

    A search of C: for secsetup.inf yielded no results.

    Any indication of where secsetup.inf might come from?

    • Remove the Extra space in first line before cd
      Then remove the quotation marks and again put it there. Somehow the quotation marks copied from this website and those recognized by the command prompt have different ASCII codes – or more simply they are not the same thing. This should solve the issue. 🙂

  • DaCaSe

    In Kenny’s Windows 8 code the ” “-s in the first line should be deleted. After that it works just fine.

    • Administrator

      You’re a genius! Thank you for pointing that out.

  • Thank you very much sir. It actually does work and has saved me a lot of trouble. There was syntax error in the script. The correct script is:

    cd “%ProgramFiles%Windows Resource KitsTools”
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
    subinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=f
    secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose

    Thanks a lot. Its people like you that give us hope that there is still kindness on earth.

    • (For users having issues) Note: When you copy this script to notepad, remove the quotes and again put it there. Like Delete the quotation marks and type it again. There should be no problem.

  • Here is a screenshot of the process in progress. Note the faults but they are safe to ignore as the admin stated before.

    • Michael Hannigan

      I really appreciate all your input on this. Thank you for all the good info and corrections. In fact, I’d love to have you contribute as often as you’re able!

  • I have to figure out what the most current working version of the script is from you guys so no can update the article. And Naeemullah, I think that is what you have offered at this point. That should work on all versions of Windows. Would you agree?

  • I have to figure out what the most current working version of the script is from you guys so no can update the article. And Naeemullah, I think that is what you have offered at this point. That should work on all versions of Windows. Would you agree?

  • Adham Dahab

    Use
    Permissions Time Machine
    An intuitive and user-friendly application that was designed with the purpose of allowing users to reset or restore system permissions in one click

  • Adham Dahab

    Use
    Permissions Time Machine
    An intuitive and user-friendly application that was designed with the purpose of allowing users to reset or restore system permissions in one click