I found very little information on this object, so I decided to blog about it. The RegistryAccessRule parameters are as follows:
RegistryAccessRule (“domain\username”,”Permissions”,”ContainerInherit”,”None”,”Allow”)
Where Permissions are as follows:
Full Control: FullControl
Query Value: QueryValues
Set Value: SetValue
Create Subkey: CreateSubKey
Enumerate Subkeys: EnumerateSubKeys
Notify: Notify
Create Link: CreateLink
Delete: Delete
Write DAC: ChangePermissions
Write Owner: TakeOwnership
Read Control: ReadPermissions
Set Value, Create Subkey, Read Control: WriteKey
Query Value, Enumerate Subkeys, Notify, Read Control: ExecuteKey
Query Value, Enumerate Subkeys, Notify, Read Control: ReadKey
# Set permissions on the registry key
Write-Host "Set permissions on the registry key" -foregroundcolor magenta
$acl = Get-Acl $RegKey
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("domain\username","SetValue, CreateSubKey, ReadKey","ContainerInherit","None","Allow")
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $RegKey
