I’m writing something that will go through permissions and remove permissions that are too high and replace them with ‘readkey’ permission…but I’m getting the below error using my code:
$path = "hklm:\software\whatever" $user = "builtin\users" foreach($acl in (get-acl $path).access | ?{$_.identityreference -eq $user} | ? {$_.accesscontroltype -eq "Allow"}) { if($acl.registryrights -notmatch $permissions) { $x = (get-item -force $path).GetAccessControl('Access') $rule = new-object system.security.accesscontrol.registryaccessrule($user, "readkey", "None", "none", "Allow") $x.RemoveAccessRuleSpecific($acl) $x.setaccessrule($rule) #sets the ACL (get-item $path).SetAccessControl($x)
Exception calling "SetAccessControl" with "1" argument(s): "Cannot write to the registry key." At line:1 char:34 + (get-item $path).setaccesscontrol <<<< ($x) + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException
I am a system admin on this PC.