# What was Microsoft thinking?



## Frank4d (Sep 10, 2006)

I have a computer (actually seven, all clones from one) that my company IT group could not install XP2 SP2 onto. So today I set about figuring out the problem.

When I tried to install SP2, setup complained that it could not backup the following registry keys (access denied):
HKCR\vnd.radio.ms
HKCR\IMsiServer
HKCR\IMsiServer\CLSID
HKCR\.msi
HKCR\.msp

When I tried to access the above keys I received an error that access is denied, I do not have permission to open or view the keys. Also, I do not have permission to view the current permissions. However, I do have permission to change them.

What is that? As the local machine administrator I don't have permission to access or view permissions, but I am allowed to give myself permission to do so?  Why can't the SP2 installation wizard just do that? 

Anyway, after giving myself permission to access registry keys that I didn't have permission to access, problem solved.


----------



## Elvandil (Aug 1, 2003)

It's quite possible that a domain administrator may want to restrict access to those keys so that local administrators can't change them. There are innumerable such keys as well as files and folders. Makes sense to me. Even from a security standpoint, malware would need that extra step to make changes if somehow it succeeded in getting ordinary admin privileges.


----------



## Frank4d (Sep 10, 2006)

In this case the PC is not joined to a domain (but that is neither here or there). The trouble is I studied logic in college Philosophy 101 and am having trouble understanding why I am denied permission to do something, yet I am allowed permission to allow myself permission to do it.


----------



## Elvandil (Aug 1, 2003)

Occasionally, I run as System rather than as an Admin. That way I don't get denied permission 99% of the time and all registry keys are accessible. But even then, there are some places I can't go and superhidden files are still not visible.


----------

