Answers:
有关如何在PowerShell中执行此操作的详细介绍。
本质上,您可以像在任何其他路径中一样在PowerShell中使用Get-Acl
和Set-Acl
。
$acl = Get-Acl HKLM:\SOFTWARE\stuff
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Domain\user","FullControl","Allow")
$acl.SetAccessRule($rule)
$acl |Set-Acl -Path HKLM:\SOFTWARE\stuff
write
权限。世界上没有什么可以让某人只read
进行修改。这违反了read
ACE 的目的。我建议您打开一个新问题,要求在PowerShell中获得注册表项的所有权。
RegIni.exe是否满足您的需求?您可以编写一个可更改权限的RegIni脚本,然后使用该脚本作为参数调用RegIni。
例如,如果您只希望管理员拥有对该密钥的完全访问权限,则脚本将如下所示:
HKEY_CLASSES_ROOT\CLSID{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder [1]
尽管可能您还希望向系统授予对密钥的访问权限,并且可能对其他所有人授予只读访问权限,在这种情况下,安全性后缀为
[1 8 17]
您可以在此表中找到安全性后缀号:
1 - Administrators Full Access
2 - Administrators Read Access
3 - Administrators Read and Write Access
4 - Administrators Read, Write and Delete Access
5 - Creator Full Access
6 - Creator Read and Write Access
7 - World Full Access
8 - World Read Access
9 - World Read and Write Access
10 - World Read, Write and Delete Access
11 - Power Users Full Access
12 - Power Users Read and Write Access
13 - Power Users Read, Write and Delete Access
14 - System Operators Full Access
15 - System Operators Read and Write Access
16 - System Operators Read, Write and Delete Access
17 - System Full Access
18 - System Read and Write Access
19 - System Read Access
20 - Administrators Read, Write and Execute Access
21 - Interactive User Full Access
22 - Interactive User Read and Write Access
23 - Interactive User Read, Write and Delete Access
不用说,在第一次使用它之前,您应该有一个良好的备份,并可能练习虚拟注册表项以避免任何不幸的事故。