powershell - Set-Acl : Requested registry access is not allowed -

powershell - Set-Acl : Requested registry access is not allowed -

after reading this question , this blog post came these commands

class="lang-sh prettyprint-override">set-location hklm:\software\classes\cmdfile\shellex\propertysheethandlers $am = new-object security.principal.ntaccount 'builtin', 'administrators' $ke = get-acl 'shimlayer property page' $ke.setowner($am) set-acl -aclobject $ke -path 'shimlayer property page'

however when run them message

set-acl : requested registry access not allowed.

how can alter owner of key?

after reading these

changing owner of key administrator

set controls on files owned trustedinstaller

i came working solution.

class="lang-sh prettyprint-override">function enable-privilege { param($privilege) $definition = @' using system; using system.runtime.interopservices; public class adjpriv { [dllimport("advapi32.dll", exactspelling = true, setlasterror = true)] internal static extern bool adjusttokenprivileges(intptr htok, bool disall, ref tokpriv1luid newst, int len, intptr prev, intptr rele); [dllimport("advapi32.dll", exactspelling = true, setlasterror = true)] internal static extern bool openprocesstoken(intptr h, int acc, ref intptr phtok); [dllimport("advapi32.dll", setlasterror = true)] internal static extern bool lookupprivilegevalue(string host, string name, ref long pluid); [structlayout(layoutkind.sequential, pack = 1)] internal struct tokpriv1luid { public int count; public long luid; public int attr; } internal const int se_privilege_enabled = 0x00000002; internal const int token_query = 0x00000008; internal const int token_adjust_privileges = 0x00000020; public static bool enableprivilege(long processhandle, string privilege) { bool retval; tokpriv1luid tp; intptr hproc = new intptr(processhandle); intptr htok = intptr.zero; retval = openprocesstoken(hproc, token_adjust_privileges | token_query, ref htok); tp.count = 1; tp.luid = 0; tp.attr = se_privilege_enabled; retval = lookupprivilegevalue(null, privilege, ref tp.luid); retval = adjusttokenprivileges(htok, false, ref tp, 0, intptr.zero, intptr.zero); homecoming retval; } } '@ $processhandle = (get-process -id $pid).handle $type = add-type $definition -passthru $type[0]::enableprivilege($processhandle, $privilege) } {} until (enable-privilege setakeownershipprivilege) $key = [microsoft.win32.registry]::localmachine.opensubkey( 'software\classes\cmdfile\shellex\propertysheethandlers\shimlayer property page', 'readwritesubtree', 'takeownership') $owner = [security.principal.ntaccount]'administrators' $acl = $key.getaccesscontrol() $acl.setowner($owner) $key.setaccesscontrol($acl)

powershell