Private/Test-RegistryKeyPermission.ps1
|
# Function to check permissions on a registry key function Test-RegistryKeyPermission { param ( [switch]$Fix ) # Define the registry keys to check $registryKeys = @( "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer", "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" ) # Check the permissions on each registry key foreach ($registryKey in $registryKeys) { # Get the security descriptor of the registry key $acl = Get-Acl -Path $RegistryKeyPath # Check for the specific permissions for "All Application Packages" $accessRule = $acl.Access | Where-Object { $_.IdentityReference -eq "ALL APPLICATION PACKAGES" -and $_.RegistryRights -match "ReadKey" -and $_.AccessControlType -eq "Allow" } # Output the result if ($null -ne $accessRule) { Write-Output "All Application Packages has Read permissions on $RegistryKeyPath" } else { Write-Warning "All Application Packages does NOT have Read permissions on $RegistryKeyPath" # Fix the permissions if the switch is specified if ($Fix) { Write-Output "Fixing permissions on $RegistryKeyPath" $acl.SetAccessRuleProtection($true, $false) $accessRule = New-Object System.Security.AccessControl.RegistryAccessRule("ALL APPLICATION PACKAGES", "ReadKey", "Allow") $acl.AddAccessRule($accessRule) Set-Acl -Path $RegistryKeyPath -AclObject $acl } else { Write-Output "Run the script with the -Fix switch to fix the permissions" } } } } |