I’m trying to clean up a massive mistake for someone and part of the clean-up involves resetting registry permissions on about 50 servers. I looked into using regini for this, and it will get me about 70% there, but several of the changes are more fine-grained than regini allows.
subinacl seems like it would do the trick, but the documentation suggests (through it’s lack of saying anything about it) that it cannot be run against remote registries. Is this the case?
If so, does anyone know of a built-in or Microsoft-provided (easiest to get approved for use) tool that will allow me to set registry permissions?
As an example, trying to set permissions for ‘Users’ is not covered by regini, nor is setting ‘Power Users’ to ‘Read access’ only.
If the computers are members of an Active Directory domain consider using the Registry portion of the Security Settings functionality in Group Policy to do what you want. There’s a nice GUI interface, too.
Failing that, I’d write a script to use “SubInACL” to modify the local registry and test it on one computer to be sure that it functions as-desired. Once it is working, deploy the script to the other comptuers using PsExec such that it modifies the local registry on each computer.
Leave a comment
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?