I have a couple of scripts that I have put together to change the registry value of a specific key in the registry. This primarily is being done on our Windows 7 machines as the XP setup is slightly different and this change is not needed.
The first part of the script calls the below segment after it sets folder permissions.
Write-Host "Executing Registry Changes:" -ForeGroundColor Red invoke-command -computername $strComputer -filepath \\PATH\SetMESPermissionsReg.ps1 Write-Host "Registry Change Script Complete." -ForeGroundColor Red
The contents of SetMESPermissionsReg.ps1 are:
$acl = Get-Acl HKLM:\SOFTWARE\NewMes
Write-Host "Opening Registry key for write" -ForeGroundColor Cyan
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("NT Authority\Authenticated Users","FullControl","Allow")
$acl.SetAccessRule($rule)
$acl |Set-Acl -Path HKLM:\SOFTWARE\NewMes
Write-Host "Permissions have been set!" -ForeGroundColor GreenAfter running this, everything seems to work fine except the program errors out upon running it. When I check the permissions of the registry key, I notice that it sets full control but not at the top-level... it only sets it under special permissions as shown in the screenshot below. If I go into regedit and check the box for full control at the first permissions screen, clearing the special permissions flag, everything works as it should. How do I set the top-level Full Control option through PowerShell so that someone can do the installs without having to (or know how to) change anything?