1

I have a .bat file, which runs various cmd commands, and also runs the following command

powershell -c "Get-Acl -Path HKLM:\SOFTWARE\ESRI\License10.0 | Format-List"

The output from that command is 

Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\ESRI\License10.0
Owner  : BUILTIN\Administrators
Group  : CORPOFLONDON\Domain Users
Access : CREATOR OWNER Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  FullControl
Audit  :
Sddl   : O:BAG:DUD:PAI(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KA;;;BA)(A;CI;KA;;;BU)

I want to loop through the Access values to find a particular user and permission level.

What is the best way to do this?

Improve this question
2
  • 1
    The best way would be to do this in PowerShell, not in CMD. Commented Dec 14, 2015 at 10:50
  • I should have added (have now) it is part of a larger batch script Commented Dec 14, 2015 at 16:17

2 Answers 2

Reset to default
1

It's not very clear what you are trying to do. In powershell you can use something like this to search for administrators fullcontrol :

Get-Acl XXX |select -expand access |?{$_.identityreference -match "admin" -and $_.fileSystemRights -eq "FullControl"}

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It needs to be done in cmd as it is part of a larger installation script.
0

IMHO you should directly use PowerShell and not mix with cmd.

Here is an example:

$keyPath = "HKLM:\SOFTWARE\ESRI\License10.0"
$target = "SYSTEM"

"ACL check on $keyPath :"

Get-Acl -Path $keyPath |
    Select-Object -ExpandProperty Access |
    ForEach-Object {    
        if($_.IdentityReference -match $target) {
            "$($_.IdentityReference) : $($_.AccessControlType) $($_.RegistryRights)"
        }    
    }
Improve this answer

3 Comments

I should have added (have now) it is part of a larger batch script.
Can you pass the user name and the permission you need to check as arguments when calling the powershell script ? Can you elaborate a little about the general batch file purpose ?
It is part of a installation package, so once the install is done, the batch file checks where it has copied the appropriate files to the correct location, and one part of the install is applying permissions to the registry,and i Just want to check that registry permissions are applied correctly.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.