Using commands on Windows, I am trying to display the advanced audit settings of Registry Keys. I have tried to do this on powershell and cmd with admin privileges but I have had no luck in doing so. After a load of research and testing I have managed to craft commands to display the registry key permissions using the commands below on powershell and on CMD, I feel like I am very close but I cant seem to find the right parameters.
powershell:
(Get-Acl -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion).AuditToString
command prompt:
C FOR /F "tokens=3 delims= " %A IN ('reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v "MachineGuid"')`
DO @icacls %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_%A
I tried this:
PS C:\> (get-acl hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -audit).GetAuditRules($true,$true,[System.Security.Principal.NTAccount])
RegistryRights : FullControl
AuditFlags : Success
IdentityReference : fffff\tom
IsInherited : False
InheritanceFlags : ContainerInherit
PropagationFlags : None
Is this what you expect?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.