Client Management Suite

 View Only
Back to Library

Setting Permission to the Registry Key 

Oct 15, 2007 11:47 AM

Here's a command you can use to assign permissions to a registry key. You can write this action using VBScript or WiseScript. As this script needs admin privileges to work, run this action in system context in deffered execution.

SetACL.exe -on "hklm\software\microsoft\policies" -ot reg -actn ace
-ace "n:domain1\user1;p:full"

This command sets 'full' permissions on the registry key 'HKEY_LOCAL_MACHINE\Software\Microsoft\Policies' for user 'user1' in domain 'domain1'.

Cheers' Vijay Raj

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Edward Tippelt
Aug 21, 2009 08:20 AM

If you are running this custom action using the System Account in Deferred sequence, then first of all you will not have network access because the localsystem account has no domain privileges, and secondly, the localsystem account already has elevated access so you don't need to login as an elevated user at all.

Perhaps this blog therefore needs a rethink??

Migration User
Mar 26, 2008 09:28 AM

This tip is really good

Migration User
Oct 15, 2007 12:07 PM

This is a good tip, but you have to be aware that you only run this from a policy, because the password goes over the net unencrypted.
With a policy you can give users rights on registry key's, folders and even a pc just by creating a AD gvroup that you give the permissions, and put the user in there.
Then the password will stay hidden, because ther is none.
Regards
Erik
www.svs4u.nl

Related Entries and Links

No Related Resource entered.