Microsoft KB Archive/245031

= How to: Use a Script to Change Registry Permissions from the Command Line =

Article ID: 245031

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q245031



SUMMARY
This article describes how to use a script to change permissions defined in a registry key from a command prompt by using the Regini.exe utility included with Microsoft Windows NT Server 4.0 Resource Kit. The Resource Kit is a separate product that can be purchased from Microsoft.



MORE INFORMATION
CAUTION: When you use a script to change registry permissions, you replace the entire set of current permissions defined in a registry key. For example, if you have four types of users whose permissions are defined in a particular registry key, and you create and run a script file that changes the permissions for only three of the four types of users, the information about the fourth type is deleted.

To use a script to change permissions defined in a registry key from a command prompt:

 Install the latest version of the Windows NT Server 4.0 Resource Kit. Create a script file that contains the change commands:  Start any text editor (such as Notepad). Type the registry keys and the appropriate permissions in the following format

\Registry\hive\key [permissions]

where hive is the name of the registry hive, key is the name of the registry key, and [permissions] is the binary number format of the permissions.

For example, to modify the HKEY_LOCAL_MACHINE\Software registry key to give the Administrators group and the Creator/Owner group Full Control permission and the Everyone group Read permission, type the following string:

\Registry\Machine\Software [1 5 8]

NOTE: You must type the permissions in the binary number format. You must also refer to the registry hive in the predefined format. For more information about how to refer to a registry hive in a script file and about the binary numbers for various types of permissions, refer to the 'Reference to Registry Hives and Binary Number Representation for Permissions' section in this article. Save and then close the script file.  Type the following command at a command prompt, and then press ENTER

REGINI [-m \\computername] scriptname

where computername is the name of the computer and scriptname is the name of the script file you just created.

NOTE: Use the -m option only when you edit the registry of a remote computer. Be sure to include the entire path to the script file.</li></ol>

Reference to Registry Hives and Binary Number Representation for Permissions

Refer to registry hives as indicated below: <pre class="fixed_text"> HKEY_LOCAL_MACHINE - \Registry\Machine HKEY_USERS - \Registry\Users HKEY_CURRENT_USER - \Registry\User\User_SID (where User_SID is the current user's security identifier) Permissions and their binary number representations are as follows: <pre class="fixed_text">Administrator Full 1 Administrator R 2 Administrator RW 3 Administrator RWD 4 Creator Full 5 Creator RW 6 World Full 7 World R 8 World RW 9 World RWD 10 Power Users Full 11 Power Users RW 12 Power Users RWD 13 System Op Full 14 System Op RW 15 System Op RWD 16 System Full 17 System RW 18 System R 19 Administrator RWX 20 You can use the Regdmp utility, also included with the Resource Kit, to obtain the current permissions of a registry key in the binary number format.

Additional query words: security

Keywords: kbinfo KB245031

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.