Registry problem

[ltwally]

I had recently installed an old program that included C-Dilla - a DRM solution from SafeCast. It created a few registry keys, one of them inside HKLM\SYSTEM\CurrentControlSet\Enum\Root\.

The problem is that in Vista, HKLM\SYSTEM\CurrentControlSet\Enum\ is locked down tight. Not even an admin user can modify the permissions for that key or its subkeys, or directly delete or modify anything within.

That.... annoys me. I suppose it doesn't hurt to leave that key sitting there. But I want it gone. Now.

Any ideas?

 

[johngalt]

uninstalling C-Dilla doesn't make it go away? and how is this affecting your performance?

 

[ltwally]

Like most such "antipiracy" software bundled with video games, there was no uninstaller, and it was not removed when I uninstalled the game.

There has been zero impact on performance. It just ticks me off that I cannot remove this key.

 

[johngalt]

System Restore?

 

[ltwally]

System Restore?

System Restore is the first thing I disable on my own computers.

 

[Bare Foot Kid]

System Restore is the first thing I disable on my own computers.

Why?







Later Ted

 

[ltwally]

I have never been a fan of System Restore on my own computers. At work, and for my less computer savvy friends, I recommend leaving it on.

For me, I find the system restore service grinding away when I don't want it to be, or using large amounts of disk space. And, frankly, I almost never need it.

I don't want to sound arrogant, but I can usually fix just about everything that System Restore would do for me. So it brings very little to the table.

Of course, Vista may be proving me wrong. I had no idea that it completely locked ALL users (even admins) from accessing parts of the registry. I can see this being a good thing for most users... but how I wish it were possible for me to take ownership and modify ENUM, like we could in every version of Windows for the past 10+ years.

 

[Bare Foot Kid]

Hello ltwally.

I was just wondering, because a good many people have disabled "System Restore".
The only thing is, in the six months that I have been 'hanging out' at Vista forums
countless people have come here looking to resolve an issue with "SR" disabled;
only to find out that if in fact it were enabled it would 'fix' the problem in about five minutes.
And I might add, with no loss of personal data!

Here are just a couple of the tutorials that have made my life with "SR" easier.

http://www.vistax64.com/tutorials/76227-system-restore-disk-space.html

http://www.vistax64.com/tutorials/72805-system-restore-point-shortcut.html

But to each his own, I do see your side of the issue.
Thanks for the reply!


Later Ted

 

[ltwally]

Thanks,

But I still prefer to keep System Restore turned off on my machines. And, we're getting off-topic...

My goal is to find a way to have access to ENUM and some of these other newly protected areas in the registry, again. I have, in the past, found it useful to be able to hack these. I'm certain I will again. Anyone know how to gain access to these registry keys now forbidden under Vista ?

 

[johngalt]

Actually, you *can* take ownership of the keys. I just hesitant of suggesting them to most posters in here because in the wrong hands it tends to screw things up more often than not - just as disabling UAC does as well.

You seem fairly knowledgeable, though, so I'll go ahead and do it.

First off, have you tried Take ownership of a registry key: Core Services ?

 

[ltwally]

Yeah. That was the first thing I tried when it gave me permission errors.

A couple hours ago, I had another look at it. Aaaand....

Interesting. There are still a few things I'm discovering about Vista. One thing is this: my user account, which is an admin account, does not have the same powers as the "secret" Administrator account.

I had been unable to take ownership as my normal (administrator) account. I assumed it would be the same with regedit running under "run as Administrator." However, when I do a "run as Administrator," I can take ownership. How very queer.

I think this must be the first time that I've ever actually found a use for "run as Administrator."

I wonder what else that account can do that other admin accounts cannot.

 

[johngalt]

A lot of things - but don't make the mistake of *logging into* that account - it is an end-all be-all for fixing things when all else fails. If you start logging into it you're basically running as root in Linux - and that is bad. Very bad.

Don't believe me? Go run XP for a month.

 

[ltwally]

I've done a little reading up...

The "secret" Vista Administrator account is basically the same as the admin accounts in all previous versions of Windows, correct?

'Cause I feel perfectly safe running in that mode - it's what I have done since NT 3.51. I stopped cutting my teeth and nuking systems somewhere around Windows 95, and never hesitate to run under an admin account.

Or, is the Vista Administrator account something more powerful than it used to be in previous editions?

As a follow-up thought: I wonder if there is a way to have other admin accounts be as powerful as the Administrator account...

 

[johngalt]

Think of it as the admin account on a AD enabled Server / PDC.

That should get your juices flowing

 

[ltwally]

Think of it as the admin account on a AD enabled Server / PDC.

That should get your juices flowing

I just find it really odd that Vista still calls it the "administrator" group - seems it's much more akin to the old Power Users group. The only true admin is the Administrator account.

 

[RichGK]

Thanks,

But I still prefer to keep System Restore turned off on my machines. And, we're getting off-topic...

My goal is to find a way to have access to ENUM and some of these other newly protected areas in the registry, again. I have, in the past, found it useful to be able to hack these. I'm certain I will again. Anyone know how to gain access to these registry keys now forbidden under Vista ?

A restore point is automatically generated when you install something, when you tell it to and when you install drivers but apart from that it doesn't do anything in the background.

 

[ltwally]

Yes yes. And, still, I begrudge its use of resources.

And, having found a way to edit those registry keys, I'm back where I was before: more than capable of fixing anything that System Restore handles.

 

[tracerbullet]

Hey JohnGalt, I remember there being some third-party tool that could directly open the Registry as the 'System' account. I had used it a while ago to fix some previously undeletable keys. I've forgotten the name of that nifty application or its link. Care to PM me if you're aware about this program?

 

[johngalt]

Not aware of this utility, but in any case, since the forums are about public knowledge and helping others, I would not PM you any way- I'd be posting it here.

 

[tracerbullet]

Found it! It's called PsTools - essentially a collection of nifty utilities. Here's the link: PsTools

Using the PsExec application, you can enter a remote process as the system account. I did this with the registry and freely deleted some invalid entries in my currentcontrol/hardware/enum or somesuch.