Unable to delete Blackberry registry keys & values


  1. Posts : 19
    Win 7 Pro 64 bit
       #1

    Unable to delete Blackberry registry keys & values


    Hello,
    I'm running Win7Pro SP1 with all updates. I recently tried to delete all Blackberry software (desktop Manager, etc.) from my computer and found the software was not listed in the PROGRAMS section of Control Panel so I could not UNINSTALL it. So I deleted the folders with program data and all the various associated folders and files I could find. Then I tried purging the registry of keys and values containing the strings blackberry, researchinmotion, etc. There are MANY keys and values that I cannot delete, even though I was logged in as Admin. I then enabled the hidden administrator account (allowing access to "System" data) and still could not remove these keys/values. The usual error message has ERROR DELETING KEY in the title bar of the message box, and a message starting with a red circle with an "X" in it:

    "Cannot delete key_name-***************
    Error while deleting key"


    FWIW, most of the keys have to do with the USB port used for the old Blackberry device.

    I read something in the MS KB about this, and tried using their fix (downloading and running regdelnull), but it was no help. I also read a similar thread here about taking possesion of teh key,etc., but none of that works either. I am told i do not have access to the key (even when logged in with the hidden built-in Admin account).

    Any ideas?

    Thanx.
      My Computer


  2. Posts : 896
    Windows 7 Ultimate 64bit.
       #2

    Rather than go hoofing around in the Registry Mikey you may have been better to try this first.

    Revo Uninstaller
      My Computer


  3. Posts : 2,167
    Windows 7 Home Premium 64-bit
       #3

    Clean Uninstall of the BlackBerry Desktop Software
    Clean Uninstall of the BlackBerry Desktop Manager

    It is recommended that you back up the existing registry entries prior to implementing changes:



    Delete the Research In Motion folders from the registry
    1. Click Start > Run.
    2. Enter Regedit, and then click OK.
    3. In Registry Editor, delete the Research In Motion folder located in HKEY_CURRENT_USER\Software\.
    4. Delete the Research In Motion folder located in HKEY_LOCAL_MACHNINE\Software\.
      NOTE: This key will not be present if removing Desktop Manager version 4.0.
    5. Leave the Registry Editor open to complete the next task.
    Delete the Pumatech Shared folders from the registry (if present)


    NOTE: Pumatech Shared folders only exist in the registry prior to BlackBerry Desktop Software 4.0 Service Pack 1.
    1. In Registry Editor, delete the Puma Technology folder located in HKEY_CURRENT_USER\Software\.
    2. Delete the Puma Technology folder located in HKEY_LOCAL_MACHINE\Software\.
    3. Close the Registry Editor.
    Delete the Research In Motion folders from the hard drive
    • Microsoft Windows 2000 or later:
      1. Access the Windows Operating System Search Tool to run a query for the Research In Motion folders.
      2. Enter "Research In Motion" and click Search.
      3. When the search results are complete, delete the following:
        • Delete the Research In Motion folder found in C:\Program Files\
          NOTE: This folder may not be present if removing Desktop Manager version 4.0.
        • Delete the Research In Motion folder found in C:\Program Files\Common Files (if present).
        • Delete the Research In Motion folder found in C:\Documents and Settings\<user name>\Application Data\
          NOTE: If unable to see Application Data folder, select Tools>View hidden folders.
        • If you are using Desktop Manager 4.0 Service Pack 1, delete the BlackBerry Desktop folder found in C:\Documents and Settings\<user names>\Application Data\
    Delete the Pumatech Shared folders from the hard drive (if present)
    • If uninstalling BlackBerry Desktop Manager earlier than 4.0 Service Pack 1
      1. Access the Windows Operating System Search Tool to run a query for the Pumatech Shared folder.
      2. Enter "Pumatech" and click Search.
      3. When the search results are complete, delete the following:
        • Delete the Pumatech Shared folder found in C:\Program Files\Common Files\
    • If uninstalling BlackBerry Desktop Manager 4.0 Service Pack 1 or later
      1. Access the Windows operating System Search Tool to run a query for the Pumatech Shared folder.
      2. Enter "Pumatech" and click Search.
      3. When the search results are complete, delete the following:


        • Delete the Pumatech Desktop Setup folder found in C:\Program Files\Research In Motion\BlackBerry\
      • NOTE: Any synchronization software for other personal digital assistants (PDAs) that use the Pumatech Shared folder must be reinstalled after the BlackBerry Desktop Software is uninstalled.
    • If uninstalling to delete the Pumatech Shared folder, rename it.
      1. Right-click the Pumatech Shared folder and select Rename.
      2. Rename the folder (for example, Pumatech Shared_old).
      3. Press Enter.
    Once the prior tasks have been completed
    • Restart the computer.
    • The BlackBerry Desktop Software should now be cleanly uninstalled.
    Hope this helps,
    John
      My Computer


  4. Posts : 19
    Win 7 Pro 64 bit
    Thread Starter
       #4

    Thank you Wolfeymole & John. I appreciate you taking the time to respond. However, neither of these approaches will work since the only traces of RIM's BB Desktop software is inside the registry. All file folders and files are already removed from my system. The software never installed correctly, which is what probably messed up the registry to begin with. As I mentioned in my original post, most (if not all) of the very many keys that will not go away pertain to the USB port that the phone was connected to. Windows 7 Pro seems to think there is some "higher authority" than the hidden built-in Admin account because even when I am logged in as such, I am informed by Windows that I do not have the authority to view properties, or delete, take possession of a key or do anything at all with these keys. I suppose they are benign and will not cause any issues, but it just bugs me that I cannot do what I want to on MY computer.
      My Computer


  5. Posts : 2,167
    Windows 7 Home Premium 64-bit
       #5

    Sure would be helpful to have the exact error message.

    Here are all the tutorials I could find which deal with your type of issue:

    Built-in Administrator Account - Enable or Disable

    Run as Administrator

    Take Ownership of file

    If it is more involved that this, I will need to request more help from are more experienced members.

    John
      My Computer


  6. Posts : 19
    Win 7 Pro 64 bit
    Thread Starter
       #6

    John,

    the link below

    Cannot Take Ownership or Delete Certain Registry Keys Win7 64

    describes using a program named psexec.exe and it solved the issue. I do not understand why the hidden Admin account couldn't make Windows obey, but psexec did. Thanx for your efforts.
      My Computer


  7. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #7

    Hi Mike,

    John has asked me if I can try to explain PsExec.

    In the hierarchy of user accounts there are four levels:

    • Guest


    • Standard


    • Administrator


    • Built-in Administrator

    When the Built-in Administrator is invoked through an elevated CMD prompt it's privileges are NT AUTHORITY\Administrator. What is less known is there is a higher level within NT AUTHORITY\Administrator called SYSTEM, and when psexec is used it invokes the NT AUTHORITY\SYSTEM privilege level.

    If you are wondering why psexec works locally when there is much discussion of it being a good tool for IT administrators to use remotely:
    The Windows NT and Windows 2000 Resource Kits come with a number of command-line tools that help you administer your Windows NT/2K systems. Over time, I've grown a collection of similar tools, including some not included in the Resource Kits.

    What sets these tools apart is that they all allow you to manage remote systems
    as well as the local one.

    Source: PsTools
    Psexec needs to have complete control of the local system in order to control the remote system, ergo, you had unlimited privilege using regedit to delete those Keys that wouldn't delete using the Built-in Administrator.

    When you used the CMD in Broni's tutorial from:
    Vista\Seven "The Registry Editor could not set security in the key currently selected, or some of its subkeys" error fix - General Security - Smartest Computing

    "%userprofile%\desktop\psexec" -i -d -s c:\windows\regedit.exe

    • Using the profile that was running when you entered the CMD, the %userprofile%\desktop\psexec part of the cmd starts the CMD; looking for psexec that should be on your Desktop.


    • The -i switch tells psexec to run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console or local session.


    • The-d switch tells psexec; Don't wait for process to terminate (non-interactive).


    • The-s switch tells psexec to run the remote or in your case Local process in the System account.


    • And the process to run would be c:\windows\regedit.exe


    As you would think with all this power of privilege, psexec can also be used for the wrong reasons
    PsExec and the Nasty Things It Can Do :: Misc Network Security :: Articles & Tutorials :: WindowSecurity.com, If I can help clarify any of this, please ask.
      My Computer


  8. Posts : 19
    Win 7 Pro 64 bit
    Thread Starter
       #8

    Thanx Anak!


    Thanx for the explanation of the Windows Admin hierarchy. That explains a LOT! Is there any way to have SYSTEM priviliges/permissions without using psexec.exe? I have had previous issues in which either reg keys or files refused to go away even when using tools like Unlocker.exe, etc. I guess I don't get WHY an O/S would not allow an Administrator access to everything.

    SO if I I understand correctly, there are actually 5 levels of admin, right? I.e.:

    Guest
    Standard
    Administrator
    Built-in Administrator
    ... higher level within NT AUTHORITY\Administrator called SYSTEM, and when psexec is used it invokes the NT AUTHORITY\SYSTEM privilege level.

    Thanx again for taking the time to explain this. I am NOT an I.T. professional, but have extensive experience with computers, and found this issue very frustrating. You have calmed my "system"!:)
      My Computer


  9. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #9

    MikeyChris said:
    Thanx for the explanation of the Windows Admin hierarchy. That explains a LOT! Is there any way to have SYSTEM priviliges/permissions without using psexec.exe? I have had previous issues in which either reg keys or files refused to go away even when using tools like Unlocker.exe, etc.
    Have you tried changing the permissions for Registry Keys? See Here's How: Step #3: Permissions - Allow or Deny Users and Groups

    It may also be possible to create a user account and apply permissions to it or a group policy through the Group Policy Editor (GPE): Group Policy - Apply to a Specific User or Group Your 7Pro edition should allow you to use GPE.

    MikeyChris said:
    I guess I don't get WHY an O/S would not allow an Administrator access to everything.
    It is because of the security risk, if you reach the kernel level with privileges it wouldn't be difficult to create a malevolent script to hose not only yours, but other operating systems. Think Rootkit.

       Warning
    If you enable the built-in Administrator account, then it is recommended to create a password for better security.
    For additional security purposes, it is also not recommended to leave the built-in Administrator account always enabled, or to use it for everyday purposes.

    Source: Built-in Administrator Account - Enable or Disable

    Also: Security Watch: Why You Should Disable the Administrator Account

    With the effort involved in setting up an extra account (even if it is possible with the added privileges) and with the security risks I would not believe it to be prudent to have an NT AUTHORITY\SYSTEM account waiting on your beck and call. None of the IT guys I know set their systems up that way for those very reasons, and with the availability of psexec they don't need to.

    • Your in.


    • You do what you have to.


    • Your out.

    Were you sure you invoked the Built-in Admin correctly? See the first link in the warning box on how to.

    MikeyChris said:
    SO if I I understand correctly, there are actually 5 levels of admin, right? I.e.:
    Guest
    Standard
    Administrator
    Built-in Administrator
    ... higher level within NT AUTHORITY\Administrator called SYSTEM, and when psexec is used it invokes the NT AUTHORITY\SYSTEM privilege level.
    You are confusing levels of individual accounts with levels within those accounts. There is at least one more Admin level called TrustedInstaller with SYSTEM admin rights that owns your system files.

    It is too involved to try and explain the hierarchy here, suffice it to say that the built-in, psexec and trustedinstaller accounts access kernel level privileges that invoke routines, context, interrupts, and system or return form system calls either on the software user/kernel modes or hardware user/supervisor modes.

    You would have to have extensive knowledge of how operating systems are designed and interwoven with hand offs in order to understand the multitude of privilege levels between software and hardware that allow the OS to operate; from booting up your system, to running programs, to shutdown, there are thousands of code executions that on a well oiled machine perform these tasks flawlessly and are invisible to the user.

    MikeyChris said:
    Thanx again for taking the time to explain this. I am NOT an I.T. professional, but have extensive experience with computers, and found this issue very frustrating. You have calmed my "system"!:)
    Your welcome.


    More if you're determined:
    Windows 7 - How to Delete Files Protected by TrustedInstaller

    What Is TrustedInstaller & Why Does it Keep Me From Renaming Files?

    switch statement - User mode vs supervisor mode - Stack Overflow

    How does the kernel know if the CPU is in user mode or kenel mode? - Stack Overflow

    computer architecture - How interrupts and privilege levels work? - Super User

    Operating Systems Development Series

    supervisor mode definition of supervisor mode in the Free Online Encyclopedia.

    Privilege escalation - Wikipedia, the free encyclopedia

    Principle of least privilege - Wikipedia, the free encyclopedia

    Ring (computer security) - Wikipedia, the free encyclopedia

    System Center Technical Documentation Library | App Controller | Config Mgr | DPM | Endpoint Protection | Ops Mgr | Orchestrator | Service Manager | VMM

    Local Group Policy Editor - Open

    How to Understand Those Confusing Windows 7 File/Share Permissions

    There is more, much more, but I wouldn't want your eyes to glaze over. Take your time and search for words that include the terms or a combination of:

    • TrustedInstaller Privileges
    • Kernel level
    • User accounts
    • Privileges
    • software user
    • kernel modes
    • hardware user
    • supervisor modes
    Last edited by Anak; 19 Mar 2014 at 13:18. Reason: Typo
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:08.
Find Us