creative555
asked on
how to add permissions to HKEY_users. It says the path doesn't exist
Hello,
I want to add target user permissions to these HIVEs with the powershell, but it tells me that HKEY_Users doesn't exist.
I tried HKU, HKEY_USERS with get-childitem -path and can't access it....what is going on here?
get-ChildItem : Missing an argument for parameter 'Path'. Specify a parameter of type 'System.String[]' and try again.
I can do this: get-childitem -path HKLM:\software
Please help.
How do I add permissions to these keys with powershell?
HKEY_USERS\S-1-5-21-310321 8465-41627 56139-3321 745085-114 4
HKEY_USERS\S-1-5-21-310321 8465-41627 56139-3321 745085-114 4_Classes\
HKEY_USERS\S-1-5-21-310321 8465-41627 56139-3321 745085-114 4_Classes\ Local Settings
I was trying to make this script work but it is failing...I think it is because It can't access HKU.....(:
I want to add target user permissions to these HIVEs with the powershell, but it tells me that HKEY_Users doesn't exist.
I tried HKU, HKEY_USERS with get-childitem -path and can't access it....what is going on here?
get-ChildItem : Missing an argument for parameter 'Path'. Specify a parameter of type 'System.String[]' and try again.
I can do this: get-childitem -path HKLM:\software
Please help.
How do I add permissions to these keys with powershell?
HKEY_USERS\S-1-5-21-310321
HKEY_USERS\S-1-5-21-310321
HKEY_USERS\S-1-5-21-310321
I was trying to make this script work but it is failing...I think it is because It can't access HKU.....(:
<#
.SYNOPSIS
Grants full control access to a user for the specified registry key.
.EXAMPLE
PS >$registryPath = "HKU:"
PS >Grant-RegistryAccessFullControl "testtarget\tim.litton" $registryPath
#>
param(
## The user to grant full control
[Parameter(Mandatory = $true)]
$User,
## The registry path that should have its permissions modified
[Parameter(Mandatory = $true)]
$RegistryPath
)
Set-StrictMode -Version Latest
Push-Location
Set-Location -LiteralPath $registryPath
## Retrieve the ACL from the registry key
$acl = Get-Acl .
## Prepare the access rule, and set the access rule
$arguments = $user,"FullControl","Allow"
$accessRule = New-Object Security.AccessControl.RegistryAccessRule $arguments
$acl.SetAccessRule($accessRule)
## Apply the modified ACL to the regsitry key
$acl | Set-Acl .
Pop-Location
As Shaun has alluded to, there is no "HKU" PSDrive by default. You can create it as shown.
Another option is to use syntax like this.
Another option is to use syntax like this.
$registryPath = "registry::HKEY_USERS\S-1-5-21-3103218465-4162756139-3321745085-1144"
Set-Location -LiteralPath $registryPath
ASKER
PS C:\temp> C:\temp\Grant-RegistryAcce ssFullCont rol.ps1
cmdlet Grant-RegistryAccessFullCo ntrol.ps1 at command pipeline position 1
Supply values for the following parameters:
User: testtarget\tim.litton
RegistryPath: "registry::HKEY_USERS\S-1- 5-21-31032 18465-4162 756139-332 1745085-11 44"
Set-Location : Cannot find a provider with the name '"registry'.
At C:\temp\Grant-RegistryAcce ssFullCont rol.ps1:38 char:1
+ Set-Location -LiteralPath $registryPath
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~
cmdlet Grant-RegistryAccessFullCo
Supply values for the following parameters:
User: testtarget\tim.litton
RegistryPath: "registry::HKEY_USERS\S-1-
Set-Location : Cannot find a provider with the name '"registry'.
At C:\temp\Grant-RegistryAcce
+ Set-Location -LiteralPath $registryPath
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
ASKER
I still get error
Set-Location : Cannot find path 'HKU\S-1-5-21-3103218465-4 162756139- 3321745085 -1144' because it does not exist.
At C:\temp\Grant-RegistryAcce ssFullCont rol.ps1:38 char:1
Could you please repost the modified script. I also would like to run it for mutliple hives...
thank you so much
Set-Location : Cannot find path 'HKU\S-1-5-21-3103218465-4
At C:\temp\Grant-RegistryAcce
Could you please repost the modified script. I also would like to run it for mutliple hives...
thank you so much
ASKER
Can you please explain what does this mean "Set-Acl .
So if I ran command manually it works. But then how do I manually specify testtarget user to grant permissions? What is the command itself?
$registryPath = "registry::HKEY_USERS\S-1- 5-21-31032 18465-4162 756139-332 1745085-11 44"
Set-Location -LiteralPath $registryPath
After I ran the above command, then I tried to execute this, and nothing happened. If you can explain it what does this do, would be great.
Set-StrictMode -Version Latest
Push-Location
Set-Location -LiteralPath $registryPath
## Retrieve the ACL from the registry key
$acl = Get-Acl .
## Prepare the access rule, and set the access rule
$arguments = $user,"FullControl","Allow "
$accessRule = New-Object Security.AccessControl.Reg istryAcces sRule $arguments
$acl.SetAccessRule($access Rule)
## Apply the modified ACL to the regsitry key
$acl | Set-Acl .
Pop-Location
So if I ran command manually it works. But then how do I manually specify testtarget user to grant permissions? What is the command itself?
$registryPath = "registry::HKEY_USERS\S-1-
Set-Location -LiteralPath $registryPath
After I ran the above command, then I tried to execute this, and nothing happened. If you can explain it what does this do, would be great.
Set-StrictMode -Version Latest
Push-Location
Set-Location -LiteralPath $registryPath
## Retrieve the ACL from the registry key
$acl = Get-Acl .
## Prepare the access rule, and set the access rule
$arguments = $user,"FullControl","Allow
$accessRule = New-Object Security.AccessControl.Reg
$acl.SetAccessRule($access
## Apply the modified ACL to the regsitry key
$acl | Set-Acl .
Pop-Location
ASKER
yes. I tried this. It worked!! Where do I plug this in in the script?? I ran it manually. Could you pls re-post the revised script with these two commands?
thank you so much!
New-PSDrive HKU Registry HKEY_USERS
Get-Item "HKU:\S-1-5-21-3103218465- 4162756139 -332174508 5-1144"
thank you so much!
New-PSDrive HKU Registry HKEY_USERS
Get-Item "HKU:\S-1-5-21-3103218465-
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oh thank you! I made it work for HKU: finally but it doesn't hit the folders that have inheritance disabled.....
I need to be able to add target permissions to all the subfolders including the ones that have inheritance disabled.
please let me know how to accomplish this. what would be the full command for these folders?
HKEY_USERS\S-1-5-21-310321 8465-41627 56139-3321 745085-114 4
Grant permission to target user
HKEY_USERS\S-1-5-21-310321 8465-41627 56139-3321 745085-114 4_Classes\
Grant permission to target user
HKEY_USERS\S-1-5-21-310321 8465-41627 56139-3321 745085-114 4_Classes\ Local Settings
Grant permission to target user
I need to be able to add target permissions to all the subfolders including the ones that have inheritance disabled.
please let me know how to accomplish this. what would be the full command for these folders?
HKEY_USERS\S-1-5-21-310321
Grant permission to target user
HKEY_USERS\S-1-5-21-310321
Grant permission to target user
HKEY_USERS\S-1-5-21-310321
Grant permission to target user
I believe that's beyond the scope of this question. You have another one open for that at https://www.experts-exchange.com/questions/28990722/help-with-PowerShell-script-for-registry-permissions.html
But for any keys that have inheritance disabled you will need to set the permissions on those specifically. You'd have to decide whether that's better than enabling inheritance (there could be problems with doing that, but it depends on existing permissions).
But for any keys that have inheritance disabled you will need to set the permissions on those specifically. You'd have to decide whether that's better than enabling inheritance (there could be problems with doing that, but it depends on existing permissions).
ASKER
thank you so much!
Open in new window