Unable to set ACL on Remote Registry -Kindly HELP

Welcome Forums General PowerShell Q&A Unable to set ACL on Remote Registry -Kindly HELP

This topic contains 4 replies, has 2 voices, and was last updated by

2 years, 6 months ago.

  • Author
  • #52053

    Points: 0
    Rank: Member

    Hi All,
    Tried to set ACL on remote registry but it doesn't work. Tested the same code on local computer which works fine. Please help
    objective : Need to assign full permission to "Domain Users" on registry (HKLM\Software\Microsoft) of several remote computers.

    Code :
    Set-ExecutionPolicy unrestricted -Force
    Import-Module -Name psrr -Force

    $servers= Get-Content -Path 'D:\ServerList.txt'

    foreach($pc in $servers)
    write-host "Setting ACL Permission for $PC"
    $RegSec = new-object system.Security.AccessControl.RegistrySecurity
    $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Domain users", "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")

    $RemoteKey = [microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine", $pc)
    $RemoteAccess = $RemoteKey.OpenSubKey("Software\Microsoft", $true)


  • #52085

    Points: 5
    Rank: Member

    Can you confirm if the RemoteRegistry service is running? If it's not, you won't be able to do anything with the registry remotely.

  • #52112

    Points: 5
    Rank: Member

    Allow me to clarify that the RemoteRegistry service needs to be running on a remote computer before you can do anything with that registry.

  • #52311

    Points: 0
    Rank: Member

    Hi Aaron, Thanks for responding.

    Yes, remote registry service is up and running on PC where I am trying to set ACL.
    Also I am domain Admin and I already added my account (from which I am running script ) to administrators group of that PC. when running script for my local PC its works well but for remote PC following exception error I am getting :
    BUILTIN\Administrators 01 Allow FullControl...
    Exception calling "SetAccessControl" with "1" argument(s): "The supplied handle is invalid. This can happen when trying to set an ACL on an anonymous kernel object."
    At D:\.............MS Licensing Issue.ps1:18 char:5
    + $RemoteAccess.SetAccesscontrol($RegSec)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : NotSupportedException


    Please help

  • #52665

    Points: 0
    Rank: Member

    **************************** 🙂 🙂 🙂 **************************************

    GUYS found the solution after 4-5 days of permutations and combinations and guess what !!! it was very simple though tricky
    Here it is : —
    Invoke-Command -ComputerName "" -ScriptBlock{
    $acl= get-acl -path "hklm:\SOFTWARE\Microsoft"
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $rule= New-Object System.Security.AccessControl.RegistryAccessRule("Domain users", "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")

The topic ‘Unable to set ACL on Remote Registry -Kindly HELP’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort