我正在通过WSUS部署更新,以从运行1703和1709的Windows 10系统中删除损坏的注册表项。PowerShell代码需要打开两个注册表项,获取所有权,将所有权设置为用户,然后删除它们。直接在计算机上运行时,以下代码有效:
#Set our root registry key and new owner (Users)
$rootKey = "LocalMachine"
[System.Security.Principal.SecurityIdentifier]$sid = 'S-1-5-32-545'
#First key
$key = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileNotification\TDL"
#Take ownership and delete if it exists
if (Test-Path "HKLM:\$key") {
$regKey = [Microsoft.Win32.Registry]::$rootKey.OpenSubKey($key, 'ReadWriteSubTree', 'TakeOwnership')
$acl = New-Object System.Security.AccessControl.RegistrySecurity
$acl.SetOwner($sid)
$regKey.SetAccessControl($acl)
$acl.SetAccessRuleProtection($false, $false)
$regKey.SetAccessControl($acl)
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileNotification\TDL" -Force -Recurse
} else{
Add-content $txtLogLocation "Key 1 does not exist."
}
但是,当以SYSTEM用户身份运行此代码时,我收到以下错误(我通过Windows Update进行部署,后者以SYSTEM用户身份运行):
Exception calling "OpenSubKey" with "3" argument(s): "Requested registry
access is not allowed."
At C:\Windows\TEMP\7zSAA99.tmp\1809ReadinessScript.ps1:224 char:2
+ $regKey = [Microsoft.Win32.Registry]::$rootKey.OpenSubKey($key, ' ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SecurityException
Exception calling "OpenSubKey" with "3" argument(s): "Requested registry
access is not allowed."
At C:\Windows\TEMP\7zSAA99.tmp\1809ReadinessScript.ps1:224 char:2
+ $regKey = [Microsoft.Win32.Registry]::$rootKey.OpenSubKey($key, ' ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SecurityException
对为什么会发生这种情况有任何想法吗?是由于SYSTEM用户运行它,还是某些奇怪的PowerShell问题,需要使用其他方法来处理打开的注册表项?
答案 0 :(得分:0)
通过使用PowerShell创建计划任务,然后运行在本地下载到计算机的脚本,我能够解决此问题。该任务以本地用户身份运行,该用户可以打开子项并因此更改权限。出于任何原因,SYSTEM都没有对该特定密钥的读取权限。