0

Is it possible to test write permissions to the registry without actually writing? I have some code now where I just do the write, and exit with an error if it fails. But I am doing that after the user has approved processing and I would really rather do it during initialization, so if it's going to fail I never ask the user about proceeding, only to immediately exit with the failure. The other behavior I am looking for is to not actually change anything on the machine without that user approval. I COULD do the write during init, then delete again, before getting user approval and then creating my key again, but that's ugly. I had hoped -WhatIf would work, but while

New-Item -Path:'registry::HKLM\SOFTWARE\Test'

throws an error when I am not running elevated,

New-Item -Path:'registry::HKLM\SOFTWARE\Test' -WhatIf

throws no error and in fact returns exactly the same message. Which is pretty stupid. I mean, basically it's Do-AThing -WhatIf returns "Do a thing", whether it will actually succeed or fail. Well, no shit, Sherlock.

Anyway, is there any elegant option in PowerShell, or am I going to have to accept one of the ugly solutions?

Gordon
  • 6,257
  • 6
  • 36
  • 89
  • 1
    Use `Get-ACL` and see if the current user has write permissions? Or try it this way: https://stackoverflow.com/questions/22943289/powershell-what-is-the-best-way-to-check-whether-the-current-user-has-permissio – Scepticalist Feb 28 '23 at 07:54
  • 1
    Bear in mind that permissions can change at any time since the registry isn't under your exclusive control. So even if you get a yes answer to "would this change have succeeded" you still need to account for possible failure later. – Damien_The_Unbeliever Feb 28 '23 at 08:05
  • @scepticalist interesting. Out-File will work with a registry key? So many places where PowerShell creates confusion in the pursuit of, I don't know what. I may try Get-ACL, as I do think that's the most likely IT failure. Someone locking everything down because they don't know what they are doing. But I am also ignorant of all the ways IT could do this, and if simple permissions isn't the only way, then I might miss it. For example, I THINK I have seen AV that simply suppresses script function. Sigh. – Gordon Feb 28 '23 at 08:06
  • @damien-the-unbeliever Yeah, that is what has me considering a bloated mess of looking for an existing test value and trying to delete it, then create it again, then delete it again, and log the specific error condition if anything fails. God I hate Windows. – Gordon Feb 28 '23 at 08:08

0 Answers0