<-- back to home page

24-August-2017

How to delete locked registry keys (change ownership or WinPE) (applies to Windows 7 and probably others)

Sometimes when you try to delete a key from your registry, you get an error saying that
the permission for that is denied.

Most commonly, registry keys under HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\
(and similar) are "locked", for example in my case these were:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\AcroVBus\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\AcroVBus\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\AcroVBus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ACRONISDEVICES\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ACRONISDEVICES\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\ACRONISDEVICES\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\ACRONISDEVICES\0002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SNAPMAN2250
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SNAPMAN2463
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TIB1132
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VIRTUAL_FILE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SNAPMAN2250
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SNAPMAN2463
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TIB1132
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VIRTUAL_FILE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SNAPMAN2250
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SNAPMAN2463
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TIB1132
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VIRTUAL_FILE

There are two options to successfully delete them. This guide assumes that your current
username also has administrator rights so if it doesn't, log-in with a username that
does or make yourself administrator by going to "User Accounts" in Control Panel.

1. In the case of less stubborn registry keys you can simply change the ownership
of the key which will then allow you to delete it. Watch the videoclip change_regkey_ownership.avi
for a video demonstration of the procedure.

- right-click on the key and select Permissions

- on the "Permissions for [name_of_key]" window click "Advanced"

- on the "Advanced Security Settings for [name_of_key]" window click the on "Owner" tab

- change the current owner (which is currently probably "Administrators") by selecting
your current username below in the "Change owner to" list, and also tick the
"Replace owner on subcontainers and objects" option below, then click "Apply"

- now, in the same window, click on the "Permissions" tab

- click "Add...", then "Advanced", then "Find Now" and then select your username from
the populated list below. Double-click on it and then click "OK".

- in the "Permission Entry for [name_of_key]" window that opens tick the "Allow" checkbox for the
"Full Control" permission. All other permissions will then automatically get ticked as well. Click OK.

- click "OK" to close the "Advanced Security Settings for [name_of_key]" window and
again "OK" to close the "Permissions for [name_of_key]" window.

- right-click on the registry key and delete it

2. Some stubborn keys will give you problems even if you try changing their ownership.
These keys can be deleted "offline". This means you have to shut down your Windows
and boot your computer from a CD-ROM with "Windows 7 PE" (PE = Preinstallation Environment).
WinPE is basically a very basic and stripped down version of Windows that allows other
programs to run on it. Many different bootable CD-ROM utilities (such as backup & restore tools)
are based on WinPE so you can use them if you have any. If you don't, you can create
a bootable CD-ROM image file (ISO) yourself (you can find guides on the Internet) or
you can download ready-made ISO images from other people. Just use Google to search or
find them via Torrents.

All you need to do is boot from the WinPE CD-ROM and get to the command prompt. Once
there, type "regedit" to open the Registry Editor window and then load in the part of
the registry (registry hive) that you want to modify. Registry hives are stored in
C:\Windows\System32\config\

If you want to delete something from HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\
you will probably have to load the "SYSTEM" hive. Note that "CurrentControlSet" will
not be found in the loaded hive because that hive is generated/populated when you
boot Windows. It is enough to delete the keys from "ControlSet001" and "ControlSet002"
and the key will automatically also disappear from "CurrentControlSet" next time
you boot into Windows.

Read "How to Edit Offline Windows Registry from WinPE.mhtml" (right-click, "Save As")
for detailed instructions on how to accomplish the loading, deleting and saving.
This guide was taken from https://www.top-password.com (opens in a new tab).

You can also read How to modify a computer's offline registry from WinPE.mhtml (right-click, "Save As")
which was taken from https://superuser.com (opens in a new tab).