I’m using a local administrator account to try some ownership changes. If I’m using registry.exe to modify the ownership of the key from “TRUSTEDINSTALLER” TO “BUILTIN\ADMINISTRATORS”, it works without problems!
The problem is, that I need to script it with powershell, but unfortunately I can’t get it to work … I’m getting an “access denied” with ever method I’m trying.
f.ex. via dotnet:
[Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey("$path",System.Security.AccessControl.RegistryRights]::TakeOwnership)
Exception calling "OpenSubKey" with "2" argument(s): "Requested registry access is not allowed."
Or via psprovider + modifying the acl and set-acl … I keep getting an “access denied” …
Does someone have an idea, how I can modify the $path key (see above) registry ownership from “TrustedInstaller” to “BUILTIN\ADMINISTRATORS” via powershell?
Just to eliminate the obvious, are you running PowerShell as admin when you execute your script?
Also there appears to be a typo in this line, but I think it’s just a missing open bracket: [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey(“$path”,System.Security.AccessControl.RegistryRights]::TakeOwnership)
PS C:\WINDOWS\system32> [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey(“$path”,[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
Exception calling “OpenSubKey” with “3” argument(s): “Requested registry access is not allowed.”
At line:1 char:1
This worked for me. The link posted by grokkit is interesting, but it appears the code is incomplete (set’s variable $res after importing ntdll, but is never used) so I’m sure there are more options by calling windows APIs directly.
Now once you’re set as the owner, you can pull the actual ACL and add permissions. (You may also be able to use [System.Security.AccessControl.RegistryRights]::ChangePermissions instead of TakeOwnership, I did not try)