Failed to change owner to "Administrator" for a registry key from "System"

Question

The keys that I am interested are under

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles

These keys give full access to system user, and only read access to administrator. I am logged in administrator account. I am using 2012 R2.

I can change the owner through regedit by

    right click -> Advanced -> Change onwer -> type "Administrator" -> OK -> Apply

Here are the API in c# that I have tried. Both failed as access denied

    key = Registry.LocalMachine.OpenSubKey(test, RegistryKeyPermissionCheck.ReadSubTree, RegistryRights.TakeOwnership);

    RegistrySecurity rs = new RegistrySecurity();
    rs.SetOwner(new NTAccount("Administrator"));// Set the securitys owner to be Administrator

    key.SetAccessControl(rs);

Also tried win32 APIs:

    SetSecurityInfo(getRegistryKeyHandle(key), SE_OBJECT_TYPE.SE_REGISTRY_KEY, SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION, ownerSid, groupSid, dacl, sacl);

If you have UAC enabled, you need to explicitly run the application as an administrator. See this question and answer for how to require the application to run with elevated permissions: http://stackoverflow.com/questions/14800089/forcing-an-application-to-admin-from-config-file — itsme86, Sep 19 '14 at 01:32
You have to enable SeTakeOwnershipPrivilege in order to assign yourself ownership of an object. Note that this only allows you to set ownership to your own account or to a group you belong to. Alternatively, if you enable SeBackupPrivilege and SeRestorePrivilege, you can assign ownership to anybody. (You can also assign yourself ownership of an object without privileges if you have the WRITE_OWNER access right to the object.) — Harry Johnston, Sep 19 '14 at 03:39
In this case, since you are attempting to assign ownership to the Administrator account, you will need to either be running as the Administrator account (not just any old administrative account, but that particular account) or enable backup and restore privilege. Note that it is more usual to assign ownership to Administrators than to Administrator. — Harry Johnston, Sep 19 '14 at 03:43

score 0 · Accepted Answer · answered Sep 21 '14 at 23:23

0

Thanks to @HarryJohnston. Your method works.

I first enable SeTakeOwnershipPrivilege, then I'm able to take owner with my code.

answered Sep 21 '14 at 23:23

Linyes

63
8

Failed to change owner to "Administrator" for a registry key from "System"

1 Answers1