Setting audit permission on the registry

This topic contains 2 replies, has 2 voices, and was last updated by  ertuu85 1 year, 9 months ago.

  • Author
    Posts
  • #32846

    ertuu85
    Participant

    I'm writing something that will go through permissions and remove permissions that are too high and replace them with 'readkey' permission...but I'm getting the below error using my code:

    $path = "hklm:\software\whatever"
    $user = "builtin\users"
    
    foreach($acl in (get-acl $path).access | ?{$_.identityreference -eq $user} | ? {$_.accesscontroltype -eq "Allow"})
    {
    
    if($acl.registryrights -notmatch $permissions)
    {
    
    $x = (get-item -force $path).GetAccessControl('Access')
    													
    $rule = new-object system.security.accesscontrol.registryaccessrule($user, "readkey", "None", "none", "Allow")
    											$x.RemoveAccessRuleSpecific($acl)
    													$x.setaccessrule($rule)
    													
    #sets the ACL
    (get-item $path).SetAccessControl($x)
    
    Exception calling "SetAccessControl" with "1" argument(s): "Cannot write to the registry key."
    At line:1 char:34
    + (get-item $path).setaccesscontrol < <<< ($x)
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : DotNetMethodException
    

    I am a system admin on this PC.

  • #32862

    Tim Pringle
    Participant

    Hey ertuu85,

    Still looking through your code, but first things that stand out are that you don't seem to have defined/pasted a value for $permissions, and closed braces in the script?

    Is this the entire script?

  • #32873

    ertuu85
    Participant
    $permissions = "readkey|ReadPermissions"
    

    The above checks for read/read permissions for registry values

    Should be noted, when I do this one files/folders I get no errors...just on registry entries.

You must be logged in to reply to this topic.