powershell script to set permission for remote registry
#set rights for read remote registry
#https://support.microsoft.com/ru-ru/help/314837/how-to-manage-remote-access-to-the-registry
#*netsh firewall set service RemoteAdmin *required
$login = "username@domain.win"
$path = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($($path), [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($($login),"ReadKey","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-5.1
Enable-PSRemoting -SkipNetworkProfileCheck -Force
Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any
=====================================================================
with array of hosts:
$psscript = {
$login = "mylogin@mydomain.dom"
$path = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($($path), [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($($login),"ReadKey","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
foreach($pshost in $hostsresult)
{
$ps = $null
$ps = New-PSSession -Computername $($pshost.name) -EA SilentlyContinue
if ($ps -eq $null){
write-host "Not connected to $($pshost.name)"
continue
}
Invoke-Command -Session $ps -ScriptBlock $psscript
write-host "$($pshost.name) IS OK"
Disconnect-PSSession $ps -EA SilentlyContinue | out-null
}
#set rights for read remote registry
#https://support.microsoft.com/ru-ru/help/314837/how-to-manage-remote-access-to-the-registry
#*netsh firewall set service RemoteAdmin *required
$login = "username@domain.win"
$path = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($($path), [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($($login),"ReadKey","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-5.1
Enable-PSRemoting -SkipNetworkProfileCheck -Force
Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any
=====================================================================
with array of hosts:
$psscript = {
$login = "mylogin@mydomain.dom"
$path = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($($path), [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($($login),"ReadKey","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
}
foreach($pshost in $hostsresult)
{
$ps = $null
$ps = New-PSSession -Computername $($pshost.name) -EA SilentlyContinue
if ($ps -eq $null){
write-host "Not connected to $($pshost.name)"
continue
}
Invoke-Command -Session $ps -ScriptBlock $psscript
write-host "$($pshost.name) IS OK"
Disconnect-PSSession $ps -EA SilentlyContinue | out-null
}
Комментариев нет:
Отправить комментарий