regdmp to export Registry key permissions?

So I'm trying to make a batch script that will modify some values in HKEY_CLASSES_ROOT\CLSID\
Problem is I need to script the modification of permissions on said keys before changing the value.

I'm told this can be done by dumping the permissions with regdmp with desired permissions, then importing via regini.
The problem is, regdmp is not giving me any thing regarding permissions on a key.

When I run the command:
regdmp \registry\machine\software\classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder
It just lists the sub types and their values. it doesn't list any kind of permission representation.
Am I missing a parameter here or is there a better way?
garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
Use setacl.exe, http://helgeklein.com/setacl/
To give the user or group "Name" full permissions on this key, try this (but maybe create a key "HKLM\Software\Acme" for testing):
SetACL.exe -on "HKLM\Software\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder" -ot reg -actn ace -ace "n:DOMAIN\Name;p:full"

Open in new window

Note that if you're on a 64bit system, you should use the 64bit version of SetACL, especially if the key you want to change is the 'real' (64bit) "HKLM\Software"; a 32bit software (like regini!) on a 64bit system will only see the 32bit part, which is actually "HKLM\Software\Wow6432Node".
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Thanks, I came across that but wasn't sure if it was legit.  
I am seeing some PowerShell options here with Get-ACL and Set-ACL I'm fiddling with too. It might work since I'm dealing with Windows 7 and SCCM Task Sequence supports powershell commands.
0
oBdACommented:
Yes, SetACL is legit.
And I love Powershell, but Set-ACL leaves something to be desired as far as intuitive usability (espacially in environments without access to MSDN) is concerned. In your case, it should be comparatively simple, assuming you want to give full control:
$Account = "SomeDomain\SomeName"
$Key = "HKLM:\Software\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder"
$ACL = Get-ACL -Path $Key
$RegistryAccessRule = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule -ArgumentList $Account, "FullControl", "Allow"
$ACL.SetAccessRule($RegistryAccessRule)
Set-Acl -Path $Key -AclObject $ACL

Open in new window

0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

garryshapeAuthor Commented:
Ok great, ty, works great!
0
garryshapeAuthor Commented:
So for name would it be "NT AUTHORITY\SYSTEM" if I wanted to give the System account the access? SCCM 2012 OSD Task Sequence runs commands as System so that's why I ask.
0
oBdACommented:
Yes, either that, or just "SYSTEM".
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.