-
Notifications
You must be signed in to change notification settings - Fork 17
/
get-regPermissions.ps1
101 lines (74 loc) · 2.6 KB
/
get-regPermissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<#
.SYNOPSIS
powershell script to query registry auditing and permissions
.DESCRIPTION
This script will get access and auditing permissions on a registry key
*** ALWAYS TEST IN LAB BEFORE USING IN PRODUCTION TO VERIFY FUNCTIONALITY ***
.NOTES
File Name : get-regPermissions.ps1
Author : jagilber
Version : 150109
History :
.EXAMPLE
.\get-regPermissions.ps1
.PARAMETER regKeys
quoted, comma separated, string array of key names in format hive:\key. Example: HKLM:\System\CurrentControlSet\Control\Terminal Server
#>
Param(
[parameter(Position=0,Mandatory=$true,HelpMessage="Enter quoted, comma seperated, string array of key names to query. Example: HKLM:\System\CurrentControlSet\Control\Terminal Server")]
[string[]] $regKeys
)
cls
$error.Clear()
$ErrorActionPreference = "Continue"
$logFile = "get-regPermissions.log"
# ----------------------------------------------------------------------------------------------------------------
function main()
{
cls
$error.Clear()
log-info "starting"
foreach($regKey in $regkeys)
{
get-accessAcl $regKey
}
log-info "finished"
}
# ----------------------------------------------------------------------------------------------------------------
function get-accessAcl($key)
{
$acl = Get-Acl $key -Audit
log-info "--------------------------------------------------"
log-info "--------------------------------------------------"
log-info "current acl:$($key)"
log-aclInfo $acl
}
# ----------------------------------------------------------------------------------------------------------------
function log-aclInfo($acl)
{
log-info "Path: $($acl.Path)"
log-info "Owner: $($acl.Owner)"
log-info "Group: $($acl.Group)"
log-info "Access:"
foreach($obj in $acl.Access)
{
$accessLine += "$($obj.IdentityReference) $($obj.AccessControlType) $($obj.RegistryRights)`n`t"
}
log-info $accessLine
log-info "Audit:"
foreach($obj in $acl.Audit)
{
$auditLine += "$($obj.IdentityReference) $($obj.AuditFlags) $($obj.RegistryRights)`n`t"
}
log-info $auditLine
log-info "Sddl: $($acl.Sddl)"
}
# ----------------------------------------------------------------------------------------------------------------
function log-info($data)
{
$data = "$([DateTime]::Now):$($data)"
Write-Host $data
out-file -Append -InputObject $data -FilePath $logFile
}
# ----------------------------------------------------------------------------------------------------------------
main