Deleting Protected REGKEY

These methods will grant you permissions as SYSTEM. Please double check what you have typed before you press Enter!

Sometimes a protected key needs to be deleted. Windows won't let you. Normally this a good thing. There have been only two scenarios where I have needed to delete a key because of a conflict. I wasn't able to delete normally as an Admin. You have two options.

via Recovery

Recovery Tools command to enter the following:

  1. diskpart

  2. list volume - Find your Windows volume letter. You'll need this to replace X.

    • Optional: select volume # - Replace # with the target Windows volume.

    • Optional: assign letter=W - If no letter, assign it a random one.

  3. exit

  4. copy X:\Windows\System32\Utilman.exe X:\Utilman.exe

  5. copy X:\Windows\System32\cmd.exe X:\Windows\System32\Utilman.exe

  6. exit

  7. Once Windows is booted, click the Ease of Access icon in the bottom right. This will open Command.

  8. Now you can type in the command to delete the key.

    • Example: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_0ABC&PID_01A2"

  9. Reboot into recovery and put Utilman back: copy C:\Utilman.exe C:\Windows\System32\Utilman.exe

This method does not work if your file system is encrypted out your control or is RAW due to the use of Intel Rapid Storage. Later versions of Windows appear to have closed this loophole. YMMV.

via Process Hacker

  1. Download the setup and install Process Hacker

  2. Download the Process Hacker TrustedInstaller plugin named TrustedInstallerPlugin_x64.

  3. Extract the TrustedInstallerPlugin.dll file from the zip file to C:\Program Files\Process Hacker 2\plugins

  4. Start Process Hacker as an admin.

  5. Click [Hacker] > [Run as Trusted Installer...]

  6. In the box that appears, type in cmd.exe

  7. Now you can type in the command to delete the key.

    • Example: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_0ABC&PID_01A2"