Blog Image

PowerShell

SharePoint Powershell Commands

GoSharePoint Website
Documentation Blog

This blog is based on SharePoint 2013 PowerShell Commands. Please visit my other blog which contains SharePoint Documentation.

WSS_WPG Registry Permissions

Registry Posted on Tue, June 28, 2016 05:28:18

<#====================================================================

Copyright © 2015, September. Michael Pomfret

The following updates the WSS_WPG Registry Permissions.ps1

====================================================================#>

Write-Host “”

Write-Host “========================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the WSS_WPG group…”

Write-Host “========================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\15.0

#Read, No Inheritance

#This key is the root of the SharePoint 2013 registry settings.

$RegKey = “HKLM:\SOFTWARE\Microsoft\Office Server\15.0”

$person = [System.Security.Principal.NTAccount]”WSS_WPG”

$access = [System.Security.AccessControl.RegistryRights]”Readkey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit” #This key and subkeys

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit”

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\Diagnostics

#Read, write, No Inheritance

#This key contains settings for the SharePoint 2013 diagnostic logging. Altering this key will break the logging functionality.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\Diagnostics”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey, WriteKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LoadBalancerSettings

# Read, write, No Inheritance

# This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LoadBalancerSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey, WriteKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings

# Read, write, No Inheritance

# This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LauncherSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey, WriteKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure Read No

# Read, No Inheritance

# This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS

# Read, Inherit – Yes

# This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”InheritOnly” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl



WSS_RESTRICTED_WPG Registry Permissions

Registry Posted on Tue, June 28, 2016 05:27:31

<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the WSS_RESTRICTED_WPG Registry Permissions.

====================================================================#>

Write-Host “”

Write-Host “=============================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the WSS_RESTRICTED_WPG…”

Write-Host “=============================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin

# Full control, No Inheritance

# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

cls

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl



WSS_ADMIN_WPG Registry Permissions

Registry Posted on Tue, June 28, 2016 05:27:12

<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the administrators file permissions.

====================================================================#>

Write-Host “”

Write-Host “==============================================================================”

Write-Host “SharePoint 2013 – Updating file permissions for the local Administors group…”

Write-Host “==============================================================================”

Write-Host “”

#Windows Registry resources & permissions

#WSS_ADMIN_WPG

#WSS_ADMIN_WPG has read and write access to local resources. The application pool accounts for the Central Administration and Timer services are in WSS_ADMIN_WPG. The following table shows the WSS_ADMIN_WPG registry entry permissions.

#HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS

# FullControl Inherit – Not Applicable

$RegKey = “HKLM:\SYSTEM\CurrentControlSet\Services\VSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office\15.0\Registration\{90150000-110D-0000-1000-0000000FF1CE}

# Read, write Inherit – Not Applicable

$RegKey = “HKLM:\Software\Microsoft\Office\15.0\Registration\{90150000-110D-0000-1000-0000000FF1CE}”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey, WriteKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server

# Read, No Inheritance

$RegKey = “HKLM:\SOFTWARE\Microsoft\Office Server”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”Readkey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\15.0 Full control No This key is the root of the SharePoint 2013 registry settings.

# Full control No Inheritance

$RegKey = “HKLM:\SOFTWARE\Microsoft\Office Server\15.0”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”None”

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LoadBalancerSettings Read, write No This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

# Read, write, No Inheritance

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LoadBalancerSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey, WriteKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings

# Read, write, No Inheritance

# This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LauncherSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey, WriteKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

# HKLM:\Software\Microsoft\Office Server\15.0\Search

# Full control Inherit – Not Applicable

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\Search”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”None”

$propagation = [System.Security.AccessControl.PropagationFlags]”None” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Search

# Full control Inherit – Not Applicable

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Search”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”None”

$propagation = [System.Security.AccessControl.PropagationFlags]”None” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure

# Full control No Inheritance

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS

# Full control Inherit

#This key contains settings used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”WSS_ADMIN_WPG”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl



Network service Registry Permissions

Registry Posted on Tue, June 28, 2016 05:12:42

<#====================================================================

Copyright © 2015, September. Michael Pomfret

The following updates the Network service registry permissions.

====================================================================#>

Write-Host “”

Write-Host “==============================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the Network service…”

Write-Host “==============================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\Search\Setup

# Read, Inheritance – Not Applicable

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\Search\Setup”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”Network Service”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl



Local System Registry Permissions

Registry Posted on Tue, June 28, 2016 05:12:08

<#====================================================================

Copyright © 2015, September. Michael Pomfret

The following updates the local system registry permissions.

====================================================================#>

Write-Host “”

Write-Host “=======================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the local system…”

Write-Host “=======================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings

# Read, No Inheritance

# This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

# This registry key applies only to SharePoint Server.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LauncherSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure

# Full control, No Inheritance

# This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin

# Full control, No Inheritance

# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS

# Full control Yes

# This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl



Local service Registry Permissions

Registry Posted on Tue, June 28, 2016 05:10:29

<#====================================================================

Copyright © 2015, September. Michael Pomfret

The following updates the local service file permissions.

====================================================================#>

Write-Host “”

Write-Host “====================================================================”

Write-Host “SharePoint 2013 – Updating file permissions for the local service…”

Write-Host “====================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LoadBalancerSettings

# Read, No Inheritance

# This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

$RegKey = “HKLM:\Software\Microsoft\Office Server\15.0\LoadBalancerSettings”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”Local Service”

$access = [System.Security.AccessControl.RegistryRights]”ReadKey”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl



Administrators Registry Permissions

Registry Posted on Tue, June 28, 2016 05:08:25

<#====================================================================

Copyright © 2015, September. Michael Pomfret

Creates the Machine Translation Service

The following updates the administrators registry permissions.

====================================================================#>

Write-Host “”

Write-Host “==================================================================================”

Write-Host “SharePoint 2013 – Updating registry permissions for the local Administors group…”

Write-Host “==================================================================================”

Write-Host “”

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure

# Full control No

# This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”None”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

#HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin

# Full control No

# This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”None”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl

# HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS

# Full control Yes

# This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

$RegKey = “HKLM:\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS”

$acl = Get-Acl $RegKey

$person = [System.Security.Principal.NTAccount]”System”

$access = [System.Security.AccessControl.RegistryRights]”FullControl”

$inheritance = [System.Security.AccessControl.InheritanceFlags]”ContainerInherit”

$propagation = [System.Security.AccessControl.PropagationFlags]”NoPropagateInherit” #This key and subkeys

$type = [System.Security.AccessControl.AccessControlType]”Allow”

$rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)

$acl.ResetAccessRule($rule)

Set-Acl $RegKey $acl