I’m trying to set the permissions for a certain registry key and also set the same permissions to all of the child keys. Setting the initial key’s permissions is not problem but getting the rest to work is giving me a problem.
I created the following for test purposes: HKLM\Software\1 with sub folders 2\3.
$REG = Get-Acl HKLM:\SOFTWARE\1
$Rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Everyone","FullControl","Allow")
$REG.SetAccessRule($Rule)
$REG |Set-Acl -Path HKLM:\SOFTWARE\1
$Dir = Get-Childitem "HKLM:\SOFTWARE\1" -Recurse
foreach ($Folder in $Dir)
{
Write-Host $Folder
Set-Acl $Folder $Reg
}
When I do the Write-Host $Folder I get the proper subkey, but when it pushes it to Set-ACL I get the following error:
Set-Acl : Cannot find path 'C:\Documents and Settings\USER\Desktop\HKEY_LOCAL_MACHINE\SOFTWARE\1\2\3' because it does not exist.
Working Solution:
$REG = Get-Acl HKLM:\SOFTWARE\1
$Rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Everyone","FullControl","Allow")
$REG.SetAccessRule($Rule)
$REG |Set-Acl -Path HKLM:\SOFTWARE\1
$Dir = Get-Childitem "HKLM:\SOFTWARE\1" -Recurse
foreach ($Folder in $Dir)
{
$REG.SetAccessRule($Rule)
$Reg | Set-Acl $Folder.PSPath
}
You should use the PSPath property [Tested on Windows 7 64-bit with Powershell ISE x86]-
You can always figure out the supported members on an object like this –
I don’t know if you are doing any other pre-processing with Get-ACL apart from what you have pasted.