Changing a registry key's permissions from Chef

Question

I'm attempting to automate the Jenkins Windows slave installation and I need to change the owner and permission of some keys in order to allow read/write access to certain keys for the administrator user. See Jenkins docs for details.

I have found the registry_key resource but this does not mention how to adjust the actual permissions of registry keys. I don't need to create/read/update or delete keys - just adjust the permissions.

Is there a way to do this from within Chef? Or, if not, is there a way to do this via a Powershell script?

Answer 1

I'll outline the expedient solution in order to get some closure here but it ideally needs to be refactored to use the Chef DSC Resource since this can manage the more esoteric Windows features. Thanks to @coderanger for that tip.

What I ended up doing was using the SetACL utility from within an execute block as follows

Set entry owner

execute 'update registry entry owner' do
  command 'c:/path/to/SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}" -ot reg -actn setowner -ownr n:Administrators'
end

Set entry permissions

execute 'update registry permissions' do
  command 'c:/path/to/SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}" -ot reg -actn ace -ace "n:Administrators;p:full'
end

this is for setting the Jenkins Windows Slave registry entries to allow remote installation and management of the Jenkins slave service.