Setting audit permission on the registry

Welcome Forums General PowerShell Q&A Setting audit permission on the registry

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
2 years, 10 months ago.

  • Author
    Posts
  • #32846

    Participant
    Points: 0
    Rank: Member

    I'm writing something that will go through permissions and remove permissions that are too high and replace them with 'readkey' permission...but I'm getting the below error using my code:

    $path = "hklm:\software\whatever"
    $user = "builtin\users"
    
    foreach($acl in (get-acl $path).access | ?{$_.identityreference -eq $user} | ? {$_.accesscontroltype -eq "Allow"})
    {
    
    if($acl.registryrights -notmatch $permissions)
    {
    
    $x = (get-item -force $path).GetAccessControl('Access')
    													
    $rule = new-object system.security.accesscontrol.registryaccessrule($user, "readkey", "None", "none", "Allow")
    											$x.RemoveAccessRuleSpecific($acl)
    													$x.setaccessrule($rule)
    													
    #sets the ACL
    (get-item $path).SetAccessControl($x)
    
    Exception calling "SetAccessControl" with "1" argument(s): "Cannot write to the registry key."
    At line:1 char:34
    + (get-item $path).setaccesscontrol < <<< ($x)
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : DotNetMethodException
    

    I am a system admin on this PC.

  • #32862

    Participant
    Points: 45
    Rank: Member

    Hey ertuu85,

    Still looking through your code, but first things that stand out are that you don't seem to have defined/pasted a value for $permissions, and closed braces in the script?

    Is this the entire script?

  • #32873

    Participant
    Points: 0
    Rank: Member
    $permissions = "readkey|ReadPermissions"
    

    The above checks for read/read permissions for registry values

    Should be noted, when I do this one files/folders I get no errors...just on registry entries.

The topic ‘Setting audit permission on the registry’ is closed to new replies.