Orignally I have Powershell script for doing that, but it turns out not so good:
if (!(Test-Path HKCC:))
{New-PSDrive -PSProvider registry -Root HKEY_CURRENT_CONFIG -Name HKCC}
$RegPath= ”HKCC:\SOFTWARE\XXX”
New-Item -Path ”HKCC:\SOFTWARE\” -Name Encompass -Force
$acl = Get-Acl $RegPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule (“BUILTIN\Users”,”FullControl”,”Allow”)
$rule2 = New-Object System.Security.AccessControl.RegistryAccessRule (“Everyone”,”FullControl”,”Allow”)
$acl.SetAccessRule($rule)
$acl.SetAccessRule($rule2)
Here is the bath file to do the registry permissions change:
reg add “HKCC\SOFTWARE\XXX” /f
REGPERM /K “HKEY_CURRENT_CONFIG\SOFTWARE\XXX” /A:Everyone:F /E /I /F
Here is the little program can make great registry permission change:
FYI, I tried to make it as a SCCM application, but it seems to get good and bad result with the detection rule:
if (!(Test-Path HKCC:))
{New-PSDrive -PSProvider registry -Root HKEY_CURRENT_CONFIG -Name HKCC}
$RegPath= “HKCC:\SOFTWARE\Encompass”if (test-path $RegPath ){
$acl= get-acl $RegPath | select -expandproperty Access | ? {$_.IdentityReference -eq ‘Everyone'}
if($acl.RegistryRights -eq ‘FullControl')
{write-host “Installed”}}
else
{ }