See tip 723 for a better solution.
Supplement Two of the NT 4.0 Server Resource Kit contains SECADD which will allow you to:
- Remove the Everyone group from a key in the HKEY_LOCAL_MACHINE hive.
- Add Read permissions to a key for a user or group in the HKEY_LOCAL_MACHINE hive.
SECADD will operate locally or remotely. Unfortuneatly, it does not do sub-keys.
REG (from the Resource Kit Supplement, not the freeware at tip 170) has a Query option that will allow you to display keys and sub-keys. The SecAddS.bat file will allow you to use SECADD on a key and its' sub-keys.
Usage: (which is identical to SECADD)
SecAddS -l KeyName will remove the Everyone group in the local registry for HKLM\KeyName.
SecAddS -r \\ServerName KeyName will remove the Everyone group in the \\ServerName registry for HKLM\KeyName.
SecAddS -l -a KeyName UserOrGroup will add Read permissions for UserOrGroup to the local registry for HKLM\KeyName.
SecAddS -r -a \\ServerName KeyName UserOrGroup will add Read permissions for UserOrGroup
to the \\ServerName registry for HKLM\KeyName.
SecAddS.bat:
@echo off
cd <Path to Reskit>
if exist %TEMP%\secadds.log del %TEMP%\secadds.log
if /i "%1"
"-r" goto tstp2
if /i "%1"
"-l" goto tstp2
if /i "%1"
"-a" goto syntax
if /i "%1"
"" goto syntax
:tstp2
if /i "%2"
"-a" goto tstp3
if /i "%1"
"-r" goto p2s
goto regl2
:p2s
if not exist %2\admin$\*.* goto syntax
if /i "%3"
"" goto syntax
goto regr3
:tstp3
if /i "%3"
"" goto syntax
if /i "%1"
"-r" goto p3s
if /i "%4"
"" goto syntax
goto regl4
:p3s
if not exist %3\admin$\*.* goto syntax
if /i "%4"
"" goto syntax
if /i "%5"
"" goto syntax
goto regr5
:syntax
@echo Syntax error %1 %2 %3 %4 %5
goto end
:regl2
if /i NOT "%3"
"" goto syntax
secadd %1 %2
reg query HKLM\%2 /s | Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2\%%i
goto end
:regr3
if /i NOT "%4"
"" goto syntax
secadd %1 %2 %3
reg query HKLM\%3 %2 /s | Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2 %3\%%i
goto end
:regl4
if /i NOT "%5"=="" goto syntax
secadd %1 %2 %3 %4
reg query HKLM\%3 /s | Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2 %3\%%i %4
goto end
:regr5
secadd %1 %2 %3 %4 %5
reg query HKLM\%4 %3 /s|Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2 %3 %4\%%i %5
:end
if exist %TEMP%\secadds.log del %TEMP%\secadds.log