In Bigfix, does anyone know how to take ownership and grant read/write permissiont to EVERYONE? We are having issue updating Windows 10 machines because this registry entry is hardened. I would need it for both lines below and would be so happy if I can get this to work.
HKLM\SYSTEM\DriverDatabase\DeviceIds\USB\VID_054C&PID_0022
and
HKLM\SYSTEM\DriverDatabase\DeviceIds\USB\VID_054C&PID_0022\usbstor.inf
Thanks,
Sno
Here is something to get you started. Note, it does not validate either the key exists nor if the permissions is already present.
delete __createfile
createfile until __EOF
$rule = New-Object System.Security.AccessControl.RegistryAccessRule([System.Security.Principal.NTAccount]"BuiltIn\Users", [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit", [System.Security.AccessControl.PropagationFlags]::None, [System.Security.AccessControl.AccessControlType]::Allow)
$acl = Get-Acl -Path 'HKLM:\SYSTEM\DriverDatabase\DeviceIds\USB\VID_054C&PID_0022'
$acl.AddAccessRule($rule)
$acl |Set-Acl
__EOF
delete create_key.ps1
move __createfile create_key.ps1
waithidden {pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry)} -ExecutionPolicy Bypass -File create_key.ps1
You can use this program as well - https://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/
Here is an example where I set permission for System to a key which had no permissions to begin with (for Defender)
SetACL -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature" -ot reg -actn ace -ace "n:System;p:full
this allows BigFix to run actions on this key
I should add, I deploy this within the Software Distribution dashboard