4
I have a registry key that I need to take ownership of and then set a permission set on. I'm able to take ownership, but when setting the permission, it only applies to the very top level of the registry key, it doesn't inherit down. What do I need to modify to make the permission inherit to the entire key?
$AddACL = New-Object System.Security.AccessControl.RegistryAccessRule ("Domain Admins","FullControl","Allow")
$owner = [System.Security.Principal.NTAccount]"Administrators"
$keyCR = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey("CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
# Get a blank ACL since you don't have access and need ownership
$aclCR = $keyCR.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)
$aclCR.SetOwner($owner)
$keyCR.SetAccessControl($aclCR)
# Get the acl and modify it
$aclCR = $keyCR.GetAccessControl()
$aclCR.SetAccessRule($AddACL)
$keyCR.SetAccessControl($aclCR)
$keyCR.Close()
+1 ; I haven't verified that the answer is correct, but does seem to directly address the question, so it appears to be a useful answer that, unfortunately, never seemed to get any recognition/feedback from the question poster. – TOOGAM – 2017-02-26T17:14:34.820