Setting Permission to the Registry Key
Updated: 15 Oct 2007 | 3 comments
Here's a command you can use to assign permissions to a registry key. You can write this action using VBScript or WiseScript. As this script needs admin privileges to work, run this action in system context in deffered execution.
SetACL.exe -on "hklm\software\microsoft\policies" -ot reg -actn ace -ace "n:domain1\user1;p:full"
This command sets 'full' permissions on the registry key 'HKEY_LOCAL_MACHINE\Software\Microsoft\Policies' for user 'user1' in domain 'domain1'.
Cheers'
Vijay Raj
About Endpoint Management Community Blog
The Endpoint Management Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Endpoint Management community. Any authenticated Connect member can contribute to this blog. Filter by:
Blog Tags
Configuring Altiris Client Management Suite Altiris Deployment Solution Symantec Management Platform (Notification Server) Wise Packaging Basics Altiris Server Management Suite Best Practice Compatibility Tip/How to Helpdesk Solution Altiris IT Asset Management Installing Workflow Solution Ghost Solution Suite Windows Reporting Performance Upgrade Features ServiceDesk 7.x Database Agents Dell Management Products
Comments
Good tip
This is a good tip, but you have to be aware that you only run this from a policy, because the password goes over the net unencrypted.
With a policy you can give users rights on registry key's, folders and even a pc just by creating a AD gvroup that you give the permissions, and put the user in there.
Then the password will stay hidden, because ther is none.
Regards
Erik
www.svs4u.nl
Regards Erik www.DinamiQs.com Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)
*************************************************************
If your issue has been solved, Please mark it as solved
***********
Good
This tip is really good
Does not make sense
If you are running this custom action using the System Account in Deferred sequence, then first of all you will not have network access because the localsystem account has no domain privileges, and secondly, the localsystem account already has elevated access so you don't need to login as an elevated user at all.
Perhaps this blog therefore needs a rethink??
If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.
Would you like to reply?
Login or Register to post your comment.