<#====================================================================

Copyright © 2015, September. Michael Pomfret

The following updates the local system registry permissions.

====================================================================#>

Write-Host “”

Write-Host “=======================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the local system…”

Write-Host “=======================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings

# Read, No Inheritance

# This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

# This registry key applies only to SharePoint Server.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LauncherSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure

# Full control, No Inheritance

# This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin

# Full control, No Inheritance

# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS

# Full control Yes

# This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl