I'm trying to delete some registry keys (startup items) via the commandline and while I can delete from HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run just fine I cannot delete anything from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
I even created some temporary keys there through regedit.exe, but even those are undeletable via the commandline.
So I searched through similar threads here and obviously googled it. Usually this happens because:
- Command prompt is not run as administrator. That's not the case here as I definitely have administrator rights within the launched cmd window.
- Registry permissions are blocking deletion. Again, this is not the case here. I manually changed permission through regedit.exe and I'm now the owner of HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run along with full control for my account.
The specific error message given by commandline is:
ERROR: The system was unable to find the specified registry key or value.
Yet the key definitely exists in the location where I'm trying to delete it from and even regedit shows its there. I can also delete it with regedit without a problem.
Anyone have any clues as what to check?
OK, so while writing this post I stumbled upon something really bizarre. It would appear that there are two versions of HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
I have no idea hows this even possible, but when I copy the key name in regedit they are both identical and yet they display different items. The first one is OK and it seems reg.exe is trying to find and delete the key in this location and that's why it errors out. The second one is the problematic one where the key exists that I need to delete via the commandline.
However when I add an identical key to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run it gets written to the "correct" location, and I can also delete it via commandline.
OK, I think I know what the problem is now. The "correct" location is displayed when I run a native 64-bit version of regedit, and the problematic one is only displayed when I run a 32-bit version of regedit.
SOLUTION:
Use %windir%\SysWOW64\reg.exe
to manipulate 32-bit registry entries and %windir%\System32\reg.exe
to manipulate 64-bit registry entries. I'm going to have a stern talk with the program authors though about why they shove their startup key into the 32-bit reqistry on a 64-bit system.
Answer
SOLUTION: Use %windir%\SysWOW64\reg.exe
to manipulate 32-bit registry entries and %windir%\System32\reg.exe
to manipulate 64-bit registry entries.
I'm going to have a stern talk with the program authors though about why they shove their startup key into the 32-bit reqistry on a 64-bit system.
No comments:
Post a Comment