<#====================================================================
Copyright © 2015, September. Michael Pomfret
Creates the Machine Translation Service
The following updates the WSS_RESTRICTED_WPG Registry Permissions.
====================================================================#>
Write-Host “”
Write-Host “=============================================================================”
Write-Host “SharePoint 2013 – Updating registry permissions for the WSS_RESTRICTED_WPG…”
Write-Host “=============================================================================”
Write-Host “”
#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin
# Full control, No Inheritance
# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.
cls
$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”
$acl = Get-Acl $RegKey
$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”
$access = [System.Security.AccessControl.RegistryRights]”FullControl”
$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”
$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys
$type = [System.Security.AccessControl.AccessControlType]”Allow”
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)
$acl.ResetAccessRule($rule)
Set-Acl $RegKey $acl