I had to verify the rights on some parts of the registry were the same for a lot of machines. So I used AccessChk by SysInternals.
If there were difference, my plan was to use REGINI to fix them.
It appears that AccessCheck does not show the permissions for objects within the specified path, not for the path itself.
As I observed that
accesschk -k hklm\software\Microsoft\Windows\Shell
does not reveal results.
But
accesschk -k hklm\software\Microsoft\Windows
shows:
HKLM\software\Microsoft\Windows\CurrentVersion R BUILTIN\Users RW BUILTIN\Power Users RW BUILTIN\Administrators RW NT AUTHORITY\SYSTEM HKLM\software\Microsoft\Windows\ITStorage R BUILTIN\Users RW BUILTIN\Power Users RW BUILTIN\Administrators RW NT AUTHORITY\SYSTEM RW NT AUTHORITY\TERMINAL SERVER USER HKLM\software\Microsoft\Windows\Shell R BUILTIN\Users RW BUILTIN\Power Users RW BUILTIN\Administrators RW NT AUTHORITY\SYSTEM RW NT AUTHORITY\TERMINAL SERVER USER HKLM\software\Microsoft\Windows\Windows Error Reporting R BUILTIN\Users RW BUILTIN\Power Users RW BUILTIN\Administrators RW NT AUTHORITY\SYSTEM RW NT AUTHORITY\TERMINAL SERVER USER
In the end the permissions were the same: the differences were in the local group memberships of domain groups. That was already covered in Command Line Kung Fu: Episode #43: Users & Groups.
So setting registry rights needs to wait a while.
–jeroen
via:
- AccessChk.
- REGINI | Windows CMD | SS64.com.
- How to: Use a Script to Change Registry Permissions from the Command Line.
- SetACL/RegINI: windows 7 – Change registry permissions via command line (batch file) – Super User.
- Command Line Kung Fu: Episode #43: Users & Groups « The Wiert Corner – irregular stream of stuff.
Filed under: Batch-Files, Development, Power User, Scripting, Software Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
