Setting audit permission on the registry

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of ertuu85 ertuu85 1 year, 7 months ago.

  • Author
  • #32846
    Profile photo of ertuu85

    I'm writing something that will go through permissions and remove permissions that are too high and replace them with 'readkey' permission...but I'm getting the below error using my code:

    $path = "hklm:\software\whatever"
    $user = "builtin\users"
    foreach($acl in (get-acl $path).access | ?{$_.identityreference -eq $user} | ? {$_.accesscontroltype -eq "Allow"})
    if($acl.registryrights -notmatch $permissions)
    $x = (get-item -force $path).GetAccessControl('Access')
    $rule = new-object$user, "readkey", "None", "none", "Allow")
    #sets the ACL
    (get-item $path).SetAccessControl($x)
    Exception calling "SetAccessControl" with "1" argument(s): "Cannot write to the registry key."
    At line:1 char:34
    + (get-item $path).setaccesscontrol < <<< ($x)
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : DotNetMethodException

    I am a system admin on this PC.

  • #32862
    Profile photo of Tim Pringle
    Tim Pringle

    Hey ertuu85,

    Still looking through your code, but first things that stand out are that you don't seem to have defined/pasted a value for $permissions, and closed braces in the script?

    Is this the entire script?

  • #32873
    Profile photo of ertuu85
    $permissions = "readkey|ReadPermissions"

    The above checks for read/read permissions for registry values

    Should be noted, when I do this one files/folders I get no errors...just on registry entries.

You must be logged in to reply to this topic.