After retweeting my previous post about using a fake driver to modify a boot image I had a great and giving conversation with Andreas Hammarskjöld of 2Pint Software about an obstacle I've never encountered before; the need of setting the ACL of a reg key prior to the boot of the OS (WinPE).

Been busy doing private stuff but this evening I finally got to test what I in that conversation said I believed was possible.... And it is.

So here we go.

This is the inf-file.

I've put [ExampleFileSystem.SetRegistryACL.security] by itself since I bet there are many registry changes to be made and the ".security" sets the ACL for the entire group of reg entries.

So what does that strange line "D:AI(A;CI;GA;;;BU)" actually set?

As I've said, never done this before, but I think this migth be at least ~80% correct.

D=Type dacl.

• O: owner_sid

• G: group_sid

• D: dacl_flags(string_ace1)(string_ace2)... (string_acen)

• S: sacl_flags(string_ace1)(string_ace2)... (string_acen)

AI=Keep inheritance but add/change the ACL.

(A;CI;GA;;;BU)

Allow, Inherit on subkeys, General access (read+write), Builtin\users

See these links for more info:

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/inf-addreg-directive

https://docs.microsoft.com/sv-se/windows/win32/secauthz/security-descriptor-string-format

https://docs.microsoft.com/sv-se/windows/win32/secauthz/ace-strings

https://docs.microsoft.com/sv-se/windows/win32/secauthz/sid-strings