@tonyd Hello, I’m trying to change permissions to read only for Administrators the main key and each subkey. How do I add this to the latest script you wrote ? Thankyou very much.
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Administrators","ReadKey","ContainerInherit,ObjectInherit","None","Allow")
$regACL.SetAccessRule($rule)
Just out of curiousity: Why? What’s the purpose of that change? 
Hi, I want to be able to change the registry key and its subkeys to either FullControl or ReadKey for Administrators. The script that @tonyd created can do this recursively or loop through each. Otherwise I will have to do this 1 by 1 for a lot of keys & subkeys. However I do not know, in any way, know how to add the command above to his script. Thankyou
I actually meant why you want to remove the permission to write for administrators. What’s the purpose of that? At the end of the day an admin always has the ability to revert this change. 
So I can apply it as FullControl or Read for Users, in the future.
hmmm … either I didn’t get it or it does not make any sense at all. 
This is what I mean. Can you please help ?
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Users","ReadKey","ContainerInherit,ObjectInherit","None","Allow")
$regACL.SetAccessRule($rule)
OR
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Users","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$regACL.SetAccessRule($rule)
I’m having a very difficult time following this thread. Unless I’m wrong the ask seems to have shifted a few times.
I might suggest for each individual question, a new thread created so it can be solely focused on the question at hand.
Earlier you stated you wanted to change permissions to read only for administrators on the main key and each subkey. then you stated that you want to change to fullcontrol or readkey for administrators. then you stated you want to apply it as full control or read for users, in the future. It’s extremely difficult to follow what you’re actually asking for.
My suggestion is to take a moment to really put into words what you want to accomplish, and also take a moment to even consider if it’s necessary. What actual problem are you solving here (don’t just state so I can apply some permission, that doesn’t elaborate on the problem you are actually solving). In my experience, the stuff you are doing is rarely, if ever needed.
Thank you appreciate it. Would it be ok if I closed this thread out? I also would welcome you to mark Tony’s response/script as the official answer, very happy that has helped you get further towards a full solution.