4. Manually Edit Registry permissions
First of all, you need to make sure that your account has administrative privileges to be able to edit the registry. And secondly, to edit the restricted registry you need to know what the currently logged on user’s name is. You should know this but if you’re not exactly sure of the current user name, a simple way of telling is clicking on Start and looking at the top (XP) or top right (Vista/7) of the Start menu. Alternatively find out from the Windows Task Manager. Simultaneously press Ctrl+Shift+Escape, go to the Processes tab and check the User Name column. You should see SYSTEM, LOCAL SERVICE, NETWORK SERVICE and the logged on User name.
Now simply follow the steps below to take full control of a restricted registry key. There are thousands of protected keys in the registry with varying levels of restrictions, do not that not all keys can be deleted even using this method.
1. Run the Registry Editor by typing regedit in the Run box (Win key+R) or from the Start search box.
2. Navigate to the registry key you want to take full control of, right click on it and select Permissions. Then click the Advanced button.
3. Go to the Owner tab, select the user name that the system is logged on with and tick “Replace owner on subcontainers and objects” and click OK.
4. Now you should be back at the Permissions window again. In Windows XP, click on Everyone and then tick Full Control for Allow. In Windows Vista and Windows 7/8, select the group which the currently logged on user belongs to (Administrators) and tick Full Control for Allow. Click OK.
Now you can modify and delete the protected registry keys. Windows protects those registry keys from being easily modified for a safety reason, so make sure you know what you’re doing before messing with it.
Depending on which keys you’re trying to edit, the above steps still might not be enough and you’ll get “Error while deleting key” again with the Allow tick boxes grayed out. If that’s the case, follow these extra steps:
1. Click on Advanced again and in the window highlight the same user group from step #4 above.
2. Tick the “Replace all child object permissions with inheritable permissions from this object” box and untick “Include inheritable permissions from this object’s parent”. Click Add (or Copy for XP) in the warning popup and then OK. The grayed out Allow tick boxes should now be enabled and already ticked, now try to edit the key.
Unfortunately there are still certain keys in the registry which cannot be edited because they are in use and locked by the system. No amount of permissions tweaking will allow them to be touched. In that scenario the only other option may be to edit the registry while it is offline.
5. Using low-level anti-rootkit tools
Anti-rootkit tools are very powerful low-level utilities that is capable in detecting and removing rootkits. There are 2 of such anti-rootkit tools that comes with a registry editor which looks very similar to the Windows regedit except it bypasses the Windows restrictions to allow full control in deleting and editing restricted registry keys.
All you need to do is run either AntiSpy or PC Hunter, go to the Registry tab, navigate to the key that you cannot delete from the Windows regedit, right click and select Delete. The deleted keys takes effect instantly without requiring a restart.