<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the administrators registry permissions.

====================================================================#>

Write-Host “”

Write-Host “==================================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the local Administors group…”

Write-Host “==================================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure

# Full control No

# This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”None”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin

# Full control No

# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”None”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

# HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS

# Full control Yes

# This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl