Mayyhem · January 22, 2025 21:37
diff --git a/Get-RegPermissions.ps1 b/Get-RegPermissions.ps1
 function Get-RegPermissions {
    param (
        [Parameter(Mandatory=$true)]
        [string]$RegistryPath,
        [Parameter(Mandatory=$false)]
        [string]$ComputerName = $env:COMPUTERNAME
    )
    
    function Convert-RegRights {
        param($Rights)
        switch ($Rights) {
            [Microsoft.Win32.RegistryRights]::FullControl { "Full Control" }
            [Microsoft.Win32.RegistryRights]::ReadKey { "Read" }
            [Microsoft.Win32.RegistryRights]::WriteKey { "Write" }
            [Microsoft.Win32.RegistryRights]::Execute { "Execute" }
            [Microsoft.Win32.RegistryRights]::ChangePermissions { "Change Permissions" }
            [Microsoft.Win32.RegistryRights]::TakeOwnership { "Take Ownership" }
            default { $Rights.ToString() }
        }
    }

    try {
        # Get the key
        $regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($RegistryPath, $ComputerName)
        if (-not $regKey) {
            Write-Error "Registry key not found: $RegistryPath"
            return
        }

        # Get ACL
        $acl = $regKey.GetAccessControl()
        
        # Output permissions for current key
        foreach ($ace in $acl.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])) {
            [PSCustomObject]@{
                Path = $RegistryPath
                Identity = $ace.IdentityReference.ToString()
                AccessType = $ace.AccessControlType.ToString()
                Rights = (Convert-RegRights -Rights $ace.RegistryRights)
            }
        }

        # Recursively process subkeys
        $regKey.GetSubKeyNames() | ForEach-Object {
            $subPath = Join-Path $RegistryPath $_
            Get-RegPermissions -RegistryPath $subPath
        }
    }
    catch {
        Write-Error "Error processing $RegistryPath : $_"
    }
    finally {
        if ($regKey) { $regKey.Close() }
    }
 }

 # Example usage:
 #Get-RegPermissions -ComputerName ps2-pss -RegistryPath "SOFTWARE\Microsoft\SMS" | Where-Object { $_ -notmatch "Administrators|SYSTEM|SERVICE|APPLICATION|CREATOR|S-1-15-3|INTERACT" } | Format-Table -AutoSize
	function Get-RegPermissions {
	param (
	[Parameter(Mandatory=$true)]
	[string]$RegistryPath,
	[Parameter(Mandatory=$false)]
	[string]$ComputerName = $env:COMPUTERNAME
	)

	function Convert-RegRights {
	param($Rights)
	switch ($Rights) {
	[Microsoft.Win32.RegistryRights]::FullControl { "Full Control" }
	[Microsoft.Win32.RegistryRights]::ReadKey { "Read" }
	[Microsoft.Win32.RegistryRights]::WriteKey { "Write" }
	[Microsoft.Win32.RegistryRights]::Execute { "Execute" }
	[Microsoft.Win32.RegistryRights]::ChangePermissions { "Change Permissions" }
	[Microsoft.Win32.RegistryRights]::TakeOwnership { "Take Ownership" }
	default { $Rights.ToString() }
	}
	}

	try {
	# Get the key
	$regKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($RegistryPath, $ComputerName)
	if (-not $regKey) {
	Write-Error "Registry key not found: $RegistryPath"
	return
	}

	# Get ACL
	$acl = $regKey.GetAccessControl()

	# Output permissions for current key
	foreach ($ace in $acl.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])) {
	[PSCustomObject]@{
	Path = $RegistryPath
	Identity = $ace.IdentityReference.ToString()
	AccessType = $ace.AccessControlType.ToString()
	Rights = (Convert-RegRights -Rights $ace.RegistryRights)
	}
	}

	# Recursively process subkeys
	$regKey.GetSubKeyNames() \| ForEach-Object {
	$subPath = Join-Path $RegistryPath $_
	Get-RegPermissions -RegistryPath $subPath
	}
	}
	catch {
	Write-Error "Error processing $RegistryPath : $_"
	}
	finally {
	if ($regKey) { $regKey.Close() }
	}
	}

	# Example usage:
	#Get-RegPermissions -ComputerName ps2-pss -RegistryPath "SOFTWARE\Microsoft\SMS" \| Where-Object { $_ -notmatch "Administrators\|SYSTEM\|SERVICE\|APPLICATION\|CREATOR\|S-1-15-3\|INTERACT" } \| Format-Table -AutoSize
No results found