How to Manage Permissions to Registry Keys in Windows (PowerShell)
This sample demonstrates how to bulk get and set the access permission for registry keys using PowerShell.
Scenario
If you want to get or set permission for one registry key, it’s easy for you to right click the registry key and click the Permission… option to view or set the permission. But if you need to check or set permissions for multiple registry keys, you may spend much time finishing it. The sample will help you to check or set permission for one or more registry keys using the PowerShell script.
Script
This script contains the following advanced functions:
- Get-OSCRegistryKeyPermission
- Set-OSCRegistryKeyPermission
You can use this script in the following ways:
Method 1:
- Download the script and copy it to your computer.
- Open the script file by using Notepad or any other script editors.
- Scroll down to the end of the script file, and then add the code to call the functions.
- Save the file and then run the script on the computer.
Method 2:
- Rename scriptname.ps1 to scriptname.psm1 (PowerShell Module file)
- Run the Import-Module cmdlet to import this module file in PowerShell Console.
Import-Module filepath\scriptname.psm1
To obtain the detailed information about how to use the functions, run the following command to retrieve the help information:
Get-Help functionName -detailed
For example:
Get-Help Get-OSCRegistryKeyPermission -detailed
Notes:
To run script:
- Open the PowerShell console and run as administrator.
- Import-Module <Your script file path>\ ManagePermissionToFolderOrFile.psm1
Here are some code snippets for your reference:
Code to get security permission of registry keys:
PowerShellEdit|RemovepowershellIf($registries) { $registries | ForEach-Object{ $regPath = TranslateRegistryKeyPath -Path $_ If($regPath) { If(Test-Path -Path $regPath) { Get-Acl -path $regPath | Format-List } Else { Write-Error ($regPath + " " + $Message.SpInvalidPath) } } } }If($registries) { $registries | ForEach-Object{ $regPath = TranslateRegistryKeyPath -Path $_ If($regPath) { If(Test-Path -Path $regPath) { Get-Acl -path $regPath | Format-List } Else { Write-Error ($regPath + " " + $Message.SpInvalidPath) } } } }
Code to set security permissions to registry keys:
PowerShellEdit|Removepowershell$aclRegistry= Get-Acl -Path $Path $aclRegistry.SetAccessRuleProtection($true, $true) $ruleRegistry = New-Object System.Security.AccessControl.RegistryAccessRule($Account,$RegistryRights,$InheritanceFlags,$PropagationFlags,$AccessControlType) Try { If($Type -eq "Add") { $aclRegistry.AddAccessRule($ruleRegistry) } Else { If($Type -eq "Remove") { $aclRegistry.RemoveAccessRule($ruleRegistry) | Out-Null } } } Catch { Throw $_.Exception.Message } Set-Acl -path $Path -AclObject $aclRegistry$aclRegistry= Get-Acl -Path $Path $aclRegistry.SetAccessRuleProtection($true, $true) $ruleRegistry = New-Object System.Security.AccessControl.RegistryAccessRule($Account,$RegistryRights,$InheritanceFlags,$PropagationFlags,$AccessControlType) Try { If($Type -eq "Add") { $aclRegistry.AddAccessRule($ruleRegistry) } Else { If($Type -eq "Remove") { $aclRegistry.RemoveAccessRule($ruleRegistry) | Out-Null } } } Catch { Throw $_.Exception.Message } Set-Acl -path $Path -AclObject $aclRegistry
Examples
Example 01: Get the security permissions of specific registry keys.
Command: Get-OSCRegistryKeyPermission –Path “RegistryKey01Path,RegistryKey02Path,…”
Screenshot:
Example 02: Set the specific security permissions to registry keys.
Command: Set-OSCRegistryKeyPermission -RegistryKeysPath <RegistryKeysPath > -Type <Type> -Account <AccountName > -RegistryRights <RegistryRightsName> [-InheritanceFlags <InheritanceFlagName>] [-PropagationFlags <PropagationFlagName>] -AccessControlType <AccessControlType>
Screenshot:
Prerequisites
Windows PowerShell 2.0
Additional Resources
Technical Resource:
TechNet Library: Get-Acl