Sacl of security descriptor of key "HKEY_CLASSES_ROOT" of registry

(imported topic written by Nem0)

Hello, need some help on this one. Am trying to recover the SACL from HKCR but it just wont work. Breaking it down to the most basic components, I try each one and it does not like the exists sacl on hkcr. Can anyone help? When I try any other key, it works.

q: exists key “HKEY_CLASSES_ROOT” of registry

A: True

T: 0.032 ms

q: sacl of security descriptor of key “HKEY_CLASSES_ROOT” of registry

E: Singular expression refers to nonexistent object.

Q: if (exists sacl of security descriptor of key “HKEY_CLASSES_ROOT” of registry) then FALSE ELSE TRUE

E: Singular expression refers to nonexistent object.

Q: if (exists sacl of security descriptor of key “HKEY_LOCAL_MACHINE” of registry) then FALSE ELSE TRUE

A: True

T: 0.686 ms

(imported comment written by SystemAdmin)

A couple of things:

You didn’t check that your original query actually worked. The same error was occuring with the relevance for the HKLM key, but the ‘exists’ function masked the error.

Also, common thing I’ve noticed is that people believe they need to wrap an “IF (test) THEN TRUE ELSE FALSE” statement around a boolean result. Just let the query return true or false (negating the result, if desired). Only add the IF test if you’d like to return something other than a True/False result.

I decided to try a simple query, which works (eventually):

Q: number of keys of keys “HKCR” of registry

A: 5692

T: 415448.072 ms

I was also able to return details for a single subkey:

Q: security descriptor of keys of key “HKCR.386” of registry

A: O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;CCDCLCSWRPSDRC;;;PU)(A;CIIOID;SDGWGR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)

I expect the relevance engine must have internal controls to manage certain results (or lack, thereof). If the function to query a set of keys (such as mine, counting the sub keys of a key) can continually return incremental results, perhaps that is treated as valid. But alternately, if a function is ‘busy’ but hasn’t returned data or flagged that it’s working, then that may cause an upstream function to trigger an error result. Something like this seems to be what’s occurring with your query - timing out because the root query is taking too long to respond with a result/partial result.

-Jim