Take ownership of registry key in Bigfix

Snojack 2022-05-17 22:34:31 UTC #1

In Bigfix, does anyone know how to take ownership and grant read/write permissiont to EVERYONE? We are having issue updating Windows 10 machines because this registry entry is hardened. I would need it for both lines below and would be so happy if I can get this to work.

HKLM\SYSTEM\DriverDatabase\DeviceIds\USB\VID_054C&PID_0022

and

HKLM\SYSTEM\DriverDatabase\DeviceIds\USB\VID_054C&PID_0022\usbstor.inf

Thanks,

Sno

Mike 2022-05-18 08:28:27 UTC #2

Here is something to get you started. Note, it does not validate either the key exists nor if the permissions is already present.

delete __createfile
createfile until __EOF
$rule = New-Object System.Security.AccessControl.RegistryAccessRule([System.Security.Principal.NTAccount]"BuiltIn\Users", [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit", [System.Security.AccessControl.PropagationFlags]::None, [System.Security.AccessControl.AccessControlType]::Allow)

$acl = Get-Acl -Path 'HKLM:\SYSTEM\DriverDatabase\DeviceIds\USB\VID_054C&PID_0022'
$acl.AddAccessRule($rule)
$acl |Set-Acl

__EOF

delete create_key.ps1
move __createfile create_key.ps1
waithidden {pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry)} -ExecutionPolicy Bypass -File create_key.ps1

jcook 2022-05-19 16:19:12 UTC #3

You can use this program as well - https://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/

Here is an example where I set permission for System to a key which had no permissions to begin with (for Defender)

SetACL -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature" -ot reg -actn ace -ace "n:System;p:full

this allows BigFix to run actions on this key

jcook 2022-05-19 16:20:23 UTC #4

I should add, I deploy this within the Software Distribution dashboard