header image

Set registry key owner

Posted by: | November 11, 2011 | 1 Comment |

In chapter 7 of PowerShell and WMI I stated that I would post a .NET version of a script to set ownership of a registry key. The WMI method needs Vista or above so we need the .NET version for pre-Vista operating systems.

function set-regkeyowner {            
param (            
 [Validateset(“HKCR”, “HKCU”, “HKLM”, "HKUS", "HKCC")]            
PROCESS {             
Write-Verbose "Set Hive"            
switch ($hive){            
 “HKCR” {$reg = [Microsoft.Win32.Registry]::ClassesRoot}            
 “HKCU” {$reg = [Microsoft.Win32.Registry]::CurrentUser}            
 “HKLM” {$reg = [Microsoft.Win32.Registry]::LocalMachine}            
 "HKUS" {$reg = [Microsoft.Win32.Registry]::Users}            
 "HKCC" {$reg = [Microsoft.Win32.Registry]::CurrentConfig}            
$permchk = [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree            
$regrights = [System.Security.AccessControl.RegistryRights]::ChangePermissions            
Write-Verbose "Open Key and get access control"            
$regkey = $reg.OpenSubKey($key, $permchk, $regrights)            
$rs = $regkey.GetAccessControl()            
Write-Verbose "Create security principal"            
$user = New-Object -TypeName Security.Principal.NTaccount -ArgumentList "Administrators"            

Take a hive and key as parameters. Use a switch to set the Registry enumeration and then set the permissions and rights we want. Open the key and get the access controls.

Create a security principal for the Administrators group and set the group and owner in the access control. Use SetAccessControl to change the permissions

under: .NET, Registry

1 Comment

  1. By: Jeremiah on February 24, 2013 at 5:08 pm      

    I am having trouble changing the owner as Local\Administrator when NT Service\TrustedInstaller is the owner and Local\Administrator has only read permissions. Local\Administrator=Read permissions is default for “HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}”; however if I change the owner manually in the GUI, add administrator to have full access, set owner back to NT Service\trustedinstaller. Then I am able to use this script in powershell to change the owner on the regkey I listed above. At that point, I do not need to change the owner anymore. I want to change the owner, add permissions and change the owner back; so that I can change a reg value inside this key.
    This script only seems to be useful for those registry keys for which Local\Administrator already has modify access. Am I missing something?