Batch file or command to add user "Domain Users" to registry permissions

Discussion in 'Scripting' started by cmit123, Sep 19, 2014.

  1. cmit123

    cmit123 MDL Novice

    Sep 19, 2014
    1
    0
    0
    Hello all,

    I have a client in which every time I install their software I have to change folder and registry permissions in order for it to work correctly. I would really like to save time and have a batch file to add the group "Domain Users" to the permissions. I would also like to do this for registry keys but am unsure how to go about it. I need to:

    Add full control for "Domain Users" to the registry key's:
    HKLM\SOFTWARE\Borland Share
    HKLM\SOFTWARE\ishare

    Any help would be greatly appreciated!!

    Thanks!
     
  2. coleoptere2007

    coleoptere2007 MDL Guru

    Apr 8, 2008
    2,288
    1,176
    90
    Try with GPOs :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,085
    60
    #3 Mr Jinje, Sep 20, 2014
    Last edited by a moderator: Apr 20, 2017
    This snip gives full control to "Network Service" on a specific registry key. I'm sure the op can edit to suit his needs. Hint, you'll need to do it twice, once for each key.

    Code:
    $acl = Get-Acl -Path "registry::HKEY_USERS\S-1-5-20";
    $permission = "Network Service","FullControl","ContainerInherit, ObjectInherit", "None","Allow";
    $accessRule = New-Object System.Security.Accesscontrol.RegistryAccessRule $permission;
    $acl.SetAccessRule($accessRule);
    $acl | Set-Acl -Path "registry::HKEY_USERS\S-1-5-20"