Change registry permissions

18 Mar

So lets say you need to change registry permissions and give all domain users full rights to a specific key HKEY_LOCAL_MACHINE\SOFTWARE\My_App.
You can use Group Policy but also you can use a batch file. Batch file can be setup to run on system startup or you could push it with SCCM if you have it installed.

To change registry permissions you can use regini.exe and it should be on every Windows host but I think there is a better and easier tool(well at least to me) and it is called SetACL. This tool can be used to manage not only registry permission but also File Permissions, Auditing etc.
First download SetACL and from the download package extract command line version as this is what will be used in the script to c:\temp. There are 2 versions 32bit and 64bit, choose the one you need.
Now you can type the command directly or place it in batch file(replace the ‘HKEY_LOCAL_MACHINE\SOFTWARE\My_App’ and ‘DOMAIN\Domain Users’ with your own values):
c:\temp\SetACL.exe -on “HKEY_LOCAL_MACHINE\SOFTWARE\My_App” -ot reg -actn ace -ace “n:DOMAIN\Domain Users;p:full”

Run it and see if the permissions are changed.
In SCCM you could create advertising to run  this line directly from SCCM without batch file.

That’s it.

Tags: , , ,

Leave a Reply

IT Blog

Just another blog on Network