Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

Setting Permission to the Registry Key

Created: 15 Oct 2007 • 3 comments
R-Vijay's picture
0 0 Votes
Login to vote

Here's a command you can use to assign permissions to a registry key. You can write this action using VBScript or WiseScript. As this script needs admin privileges to work, run this action in system context in deffered execution.

SetACL.exe -on "hklm\software\microsoft\policies" -ot reg -actn ace
-ace "n:domain1\user1;p:full"

This command sets 'full' permissions on the registry key 'HKEY_LOCAL_MACHINE\Software\Microsoft\Policies' for user 'user1' in domain 'domain1'.

Vijay Raj

Comments 3 CommentsJump to latest comment

erikw's picture

This is a good tip, but you have to be aware that you only run this from a policy, because the password goes over the net unencrypted.
With a policy you can give users rights on registry key's, folders and even a pc just by creating a AD gvroup that you give the permissions, and put the user in there.
Then the password will stay hidden, because ther is none.


Regards Erik Dinamiqs is the home of VirtualStorm (

If your issue has been solved, Please mark it as solved

Login to vote
stephen's picture

This tip is really good

Login to vote
EdT's picture

If you are running this custom action using the System Account in Deferred sequence, then first of all you will not have network access because the localsystem account has no domain privileges, and secondly, the localsystem account already has elevated access so you don't need to login as an elevated user at all.

Perhaps this blog therefore needs a rethink??

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.

Login to vote