I am trying to do the following via Kaseya.
1) Take Ownership of a Registry Key (Permissions)
I need to change the ownership of the following path to EVERYONE Full control "HKLM\SOFTWARE\Cylance\Desktop"
Once I have changed the ownershp to EVERYONE and given them FULL Modify permissions plus changed ownership
2) Delete the Registry Value "LastStateRestorePoint" within the same path as above
3) Then add a DWORD32 to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop called
"SelfProtectionLevel" and set the value to 1
I have tried putting together this batch file then running the batch as system but it seems its doing everything except the first part of taking ownership of the key and assigning the proper permissions.
@EchoOffREG DELETE HKLM\SOFTWARE\Cylance\Desktop /v LastStateRestorePoint /fREG ADD HKLM\SOFTWARE\Cylance\Desktop /v SelfProtectionLevel /t REG_DWORD /d 1 /fecho Cylance Reg Key Deleted. PC Restarting in 15 seconds. shutdown /r /t 15
Is there a way to take ownership of the key with Kaseya and or change permissions?
I think i found a way. Whats the best way to copy the following file SETACL.EXE to the C:\Windows\System32 path? I tried to create a procedure that will do writedirectory but it doesnt seem to do anything? Atleast the file is never copied.
Upload it to your shared files from the Agent Procedure tab, then use writeFile.
There is a native Windows command also, REGINI... (At least windows 10). Use this with executeShellCommand...