A problem using PowerShell to delete a Registry key with Special Permissions.

-

hi there,

this problem, i'm trying delete sub registry key has 1 special permission, trying change special permissions fullcontrol same error message, code:

ps c:\windows\system32> $acl=get-acl hkcu:\software\microsoft\windows\currentversion\explorer\fileexts\.lnk\userchoice
ps c:\windows\system32> $permission="administrator", "fullcontrol", "allow"
ps c:\windows\system32> $accessrule=new-object system.security.accesscontrol.registryaccessrule $permission
ps c:\windows\system32> $acl.setaccessrule($accessrule)
ps c:\windows\system32> $acl | set-acl hkcu:\software\microsoft\windows\currentversion\explorer\fileexts\.lnk\userchoice
set-acl : requested registry access not allowed.
@ line:1 char:15
+ $acl | set-acl <<<< hkcu:\software\microsoft\windows\currentversion\explorer\fileexts\.lnk\userchoice
+ categoryinfo : permissiondenied: (hkey_current_us....lnk\userchoice:string) [set-acl], securityexception
+ fullyqualifiederrorid : system.security.securityexception,microsoft.powershell.commands.setaclcommand

could please me?

thanks!

$hkey = 2147483649   $hsubkey = "software\microsoft\windows\currentversion\explorer\fileexts\.lnk\userchoice"  $reg = [wmiclass]"root\default:stdregprov"  $ace = $reg.getsecuritydescriptor($hkey,$hsubkey).descriptor.dacl    $reg.psbase.scope.options.enableprivileges = $true  $sd = ([wmiclass] "win32_securitydescriptor").createinstance()  $sd.controlflags = 0x0004    for($i=0;$i -lt $ace.length;$i++)  {  	if($ace[$i].acetype -ne 1)  	{  		$sd.dacl += $ace[$i]   	}  }  $reg.setsecuritydescriptor($hkey,$hsubkey,$sd)




Windows Server  >  Windows PowerShell



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more