Change Permissions on Registry Hive Recursively

Below is a small powershell script that will add the “Everyone” Group to Full control for a the registry key HKEY_LOCAL_MACHINE\Software\MyKey. This script will then recursively change the permission on SubKeys and future keys. Save the text to a notepad document and call it something like RegPermissions.ps1

$acl = Get-Acl HKLM:\Software\MyKey
# Everyone has Full contol may do anything:
$person = [System.Security.Principal.NTAccount]"Everyone"
$access = [System.Security.AccessControl.RegistryRights]"FullControl"
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ObjectInherit,ContainerInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]"None"
$type = [System.Security.AccessControl.AccessControlType]"Allow"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)
Set-Acl HKLM:\Software\MyKey $acl

To run the program from a login script you can assign it to the computer and run using the following syntax:

powershell -executionpolicy bypass -File \\Server\Share\RegPermissions.ps1


  • By Julio, April 25, 2012 @ 11:29 pm

    I’ve recently been tasked to modify registry permissions so this really helps. Can you tell me how you would remove the Everyone group?

  • By Julio, April 27, 2012 @ 12:43 am

    nvm….got it.

Other Links to this Post

RSS feed for comments on this post. TrackBack URI

Leave a comment