Windows operating system protects and restricts some important and critical registry keys and values in system registry from accidental modification or deletion by end-user, including in Windows 10. Windows locks these registry keys by not granting full control (which includes the write and modify permissions) access right to both standard and administrator user accounts as part of security measure. Instead, these protected registry keys are owned by System or TrustedInstaller, and has read-only permissions for end-user.
In Windows 10, when a user doesn’t have permissions to modify, edit, create, add, change, delete or remove a registry key (and/or the registry values it contains) with Registry Editor (RegEdit.exe), one of the following error messages which indicated permissions denied is displayed:
Error Creating Key
Cannot create key: You do not have the requisite permissions to create a new key under key.
Error Creating Value
Cannot create value: Error writing to the registry.
Error Renaming Key
The Registry Editor cannot rename key. Error while renaming key.
Error Renaming Value
The Registry Editor cannot rename value. Error while renaming value.
Error Editing Value
Cannot edit value. Error writing the value’s new contents.
Error Deleting Key
Cannot delete key: Error while deleting key.
Error Deleting Values
Unable to delete all specified values.
When a registry key is blocked from change or removal, user also cannot run a .REG registry registration entries to merge the registry keys, values or value data to the system registry with the following permission denied error message:
Cannot import RegistrationEntries.reg. Not all data was successfully written to the registry. Some keys are open by the system or other process, or you may have insufficient privileges to perform this operation.
To make changes to restricted registry keys, you need to take ownership and grant full control (read and write) access right permissions to registry keys for your user account or the group that your user account belongs to in order to fix permissions denied issue. This tutorial provides step-by-step guide on how to take ownership and grant full control permissions on the secured registry keys that give permissions denied error.
- Run Registry Editor (regedit).
- Navigate to the registry key which user wants to modify its security settings.Registry values do not have their own permissions. You need to modify the permissions of the registry key that contains registry values you intend to work with.
- Right click on the registry key, and select Permissions.
- In the Permissions dialog box, click or tap on Advanced button.
- In Advanced Security Settings dialog box, click or tap on Change link after the Owner field (which normally states the Owner is TrustedInstaller).
- When prompted to select user or group, enter the user name of your user account (including the email address if you’re logging in with Microsoft Account) in the text field of the object name to select.It’s possible to set the “Administrators” group (or the user group that your accoung belongs to) as the owner and grant full control permissions to the group. In this case, the permissions are granted to all users within the group, i.e. all user with administrators’ privileges for Administrators user group.
Press OK when done.
- Select (tick) the check box for Replace owner on subcontainers and objects. option
- Hit OK when done to go back to Permissions dialog box.
- In the Permissions dialog box, select Administrators group (or user name or group name that you set as the owner in previous step) in the top section, then check the checkbox for Full Control under Allow column at the bottom section.
Note: Read permission is automatically selected when Full Control is granted.NoteIf your user name or group name is not found, click or tap on Add… button and enter the user name or group name as object name to add user for permissions granting.
- Hit OK when done.
You can now perform any “operation” such as add, create, edit, change, modify, delete, erase or remove on the registry key after been granted full control permissions on the registry key.