Windows operating system protects and restricts some important and critical registry keys and values in system registry from accidental modification or deletion by end-user, including in Windows 10. Windows locks these registry keys by not granting full control (which includes the write and modify permissions) access right to both standard and administrator user accounts as part of security measure. Instead, these protected registry keys are owned by System or TrustedInstaller, and has read-only permissions for end-user.

In Windows 10, when a user doesn’t have permissions to modify, edit, create, add, change, delete or remove a registry key (and/or the registry values it contains) with Registry Editor (RegEdit.exe), one of the following error messages which indicated permissions denied is displayed:

Error Creating Key

Cannot create key: You do not have the requisite permissions to create a new key under key.

Error Creating Key

Error Creating Value

Cannot create value: Error writing to the registry.

Error Creating Value

Error Renaming Key

The Registry Editor cannot rename key. Error while renaming key.

Error Renaming Key

Error Renaming Value

The Registry Editor cannot rename value. Error while renaming value.

Error Renaming Value

Error Editing Value

Cannot edit value. Error writing the value’s new contents.

Error Editing Value

Error Deleting Key

Cannot delete key: Error while deleting key.

Error Deleting Key

Error Deleting Values

Unable to delete all specified values.

Error Deleting Value

When a registry key is blocked from change or removal, user also cannot run a .REG registry registration entries to merge the registry keys, values or value data to the system registry with the following permission denied error message:

Cannot import RegistrationEntries.reg. Not all data was successfully written to the registry. Some keys are open by the system or other process, or you may have insufficient privileges to perform this operation.

Cannot Import Registry Registration Entries

To make changes to restricted registry keys, you need to take ownership and grant full control (read and write) access right permissions to registry keys for your user account or the group that your user account belongs to in order to fix permissions denied issue. This tutorial provides step-by-step guide on how to take ownership and grant full control permissions on the secured registry keys that give permissions denied error.

  1. Run Registry Editor (regedit).
  2. Navigate to the registry key which user wants to modify its security settings.
    Registry values do not have their own permissions. You need to modify the permissions of the registry key that contains registry values you intend to work with.
  3. Right click on the registry key, and select Permissions.

    Edit Permissions of Registry Key

  4. In the Permissions dialog box, click or tap on Advanced button.
  5. In Advanced Security Settings dialog box, click or tap on Change link after the Owner field (which normally states the Owner is TrustedInstaller).

    Change Onwer of Registry Key

  6. When prompted to select user or group, enter the user name of your user account (including the email address if you’re logging in with Microsoft Account) in the text field of the object name to select.

    Select New Owner for Registry Key

    It’s possible to set the “Administrators” group (or the user group that your accoung belongs to) as the owner and grant full control permissions to the group. In this case, the permissions are granted to all users within the group, i.e. all user with administrators’ privileges for Administrators user group.

    Press OK when done.

  7. Select (tick) the check box for Replace owner on subcontainers and objects. option

    Replace owner on subcontainers and objects

  8. Hit OK when done to go back to Permissions dialog box.
  9. In the Permissions dialog box, select Administrators group (or user name or group name that you set as the owner in previous step) in the top section, then check the checkbox for Full Control under Allow column at the bottom section.

    Note: Read permission is automatically selected when Full Control is granted.

    Full Control Permissions on Registry Key

    If your user name or group name is not found, click or tap on Add… button and enter the user name or group name as object name to add user for permissions granting.
  10. Hit OK when done.
When entering user name or group name in the “Enter the object names to select” text box, you can press or tap on Check Names button to ensure that the user account or group you entered is correct before proceeding.

You can now perform any “operation” such as add, create, edit, change, modify, delete, erase or remove on the registry key after been granted full control permissions on the registry key.