See tip 723 for a better solution.

Supplement Two of the NT 4.0 Server Resource Kit contains SECADD which will allow you to:

- Remove the Everyone group from a key in the HKEY_LOCAL_MACHINE hive.
- Add Read permissions to a key for a user or group in the HKEY_LOCAL_MACHINE hive.

SECADD will operate locally or remotely. Unfortuneatly, it does not do sub-keys.

REG (from the Resource Kit Supplement, not the freeware at tip 170) has a Query option that will allow you to display keys and sub-keys. The SecAddS.bat file will allow you to use SECADD on a key and its' sub-keys.

Usage: (which is identical to SECADD)

SecAddS -l KeyName will remove the Everyone group in the local registry for HKLM\KeyName.
SecAddS -r \\ServerName KeyName will remove the Everyone group in the \\ServerName registry for HKLM\KeyName.
SecAddS -l -a KeyName UserOrGroup will add Read permissions for UserOrGroup to the local registry for HKLM\KeyName.
SecAddS -r -a \\ServerName KeyName UserOrGroup will add Read permissions for UserOrGroup
to the \\ServerName registry for HKLM\KeyName.

SecAddS.bat:

@echo off
cd <Path to Reskit>
if exist %TEMP%\secadds.log del %TEMP%\secadds.log
if /i "%1"

"-r" goto tstp2
if /i "%1"

"-l" goto tstp2
if /i "%1"

"-a" goto syntax
if /i "%1"

"" goto syntax
:tstp2
if /i "%2"

"-a" goto tstp3
if /i "%1"

"-r" goto p2s
goto regl2
:p2s
if not exist %2\admin$\*.* goto syntax
if /i "%3"

"" goto syntax
goto regr3
:tstp3
if /i "%3"

"" goto syntax
if /i "%1"

"-r" goto p3s
if /i "%4"

"" goto syntax
goto regl4
:p3s
if not exist %3\admin$\*.* goto syntax
if /i "%4"

"" goto syntax
if /i "%5"

"" goto syntax
goto regr5
:syntax
@echo Syntax error %1 %2 %3 %4 %5
goto end
:regl2
if /i NOT "%3"

"" goto syntax
secadd %1 %2
reg query HKLM\%2 /s | Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2\%%i
goto end
:regr3
if /i NOT "%4"

"" goto syntax
secadd %1 %2 %3
reg query HKLM\%3 %2 /s | Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2 %3\%%i
goto end
:regl4
if /i NOT "%5"=="" goto syntax
secadd %1 %2 %3 %4
reg query HKLM\%3 /s | Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2 %3\%%i %4
goto end
:regr5
secadd %1 %2 %3 %4 %5
reg query HKLM\%4 %3 /s|Findstr /b "\[" >> %TEMP%\secadds.log
for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2 %3 %4\%%i %5
:end
if exist %TEMP%\secadds.log del %TEMP%\secadds.log

Comments

Plain text

JSI Tip 0710. How do I set registry permissions on a key and its' sub-keys from the command line?

"-r" goto tstp2 if /i "%1"

"-a" goto syntax if /i "%1"

"-a" goto tstp3 if /i "%1"

"" goto syntax goto regr3 :tstp3 if /i "%3"

"-r" goto p3s if /i "%4"

"" goto syntax if /i "%5"

"" goto syntax secadd %1 %2 reg query HKLM\%2 /s | Findstr /b "\[" >> %TEMP%\secadds.log for /f "Tokens=1* Delims=\[\]" %%i in (%TEMP%\secadds.log) do secadd %1 %2\%%i goto end :regr3 if /i NOT "%4"