Setting permissions on Registry Key

I’m converting a bat file to PowerShell and can’t figure out how to set permissions on a Registry Key. I’m trying to use subinacl.exe to do this.

Here is the command that I was using in the bat file.

“%~dp0subinacl.exe” /subkeyreg “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test Key” /grant=“Everyone”=F

Here is what I am trying in PowerShell

$filespath = (Split-Path $MyInvocation.Mycommand.Path)

$testargsacl = @(“/subkeyreg 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test Key”, “/grant=“Everyone”=F”)

Start-Process -filepath ($filespath + ‘\subinacl.exe’) -ArgumentList $testargsacl -wait

At C:\Temp\Test\Install.ps1:21 char:109

  • … OFTWARE\Wow6432Node\Test Com’", “/grant=“Everyon”=F”)

Unexpected token ‘Everyon"=F"’ in expression or statement.

  • CategoryInfo : ParserError: (:slight_smile: , ParentContainsErrorRecordException
  • FullyQualifiedErrorId : UnexpectedToken

You can use ACL cmdlets in PowerShell like below to achieve this.

$Acl = Get-Acl -Path $RegistryPath
$ACLItem = New-Object -TypeName System.Security.AccessControl.RegistryAccessRule($UserName, [System.Security.AccessControl.RegistryRights]::ReadKey, "ContainerInherit,ObjectInherit", "None", "Allow")
Set-Acl -Path $RegistryPath -ACLObject $Acl

PowerShell returned and pointed to the error in the code.
Breaking down the code, please notice the error in the opening single quote (end of second ine) without a matching closing single quote, as follow:
$testargsacl = @(“
/subkeyreg '
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test Key”, “/grant=“Everyone”=F

Thanks, I tried closing the quote and it still fails. I cleaned up the quotes on the end of the variable so now i’m not getting an error in powershell when running this and it is now running the subinacl.exe but is failing because there is a space in the Registry Key path.

To be honest I’m having a hard time understanding how to deal with spaces in powershell. I created a Registry Key simply called Test and the code below does work but unfortunately the software I am working with has spaces in the Key name. Any idea what I can do to get it to work on a Key named “Test Key”?

$testargsacl = @(“/subkeyreg HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test”, “/grant=Everyone=F”)
Start-Process -filepath ($filespath + ‘\subinacl.exe’) -ArgumentList $testargsacl

I don’t understand why you aren’t trying the powershell way that kvprasoon provided. That said, I recommend you use splatting for your command arguments. This works for me.

$cmdargs = @("/subkeyreg","HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test Key",'/grant="Everyone"=F')
.\subinacl.exe @cmdargs


SOFTWARE\Wow6432Node\Test Key : new ace for \everyone
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test Key : 1 change(s)

Elapsed Time: 00 00:00:00
Done:        1, Modified        1, Failed        0, Syntax errors        0
Last Done  : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Test Key