<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the WSS_RESTRICTED_WPG Registry Permissions.

====================================================================#>

Write-Host “”

Write-Host “=============================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the WSS_RESTRICTED_WPG…”

Write-Host “=============================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin

# Full control, No Inheritance

# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

cls

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl