Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force

Start-Transcript -Path "C:\Logs\PC-DMISrights.txt" -Append

# 1. Define the authorized username
$authorizedUser = "SupportUser"

# 2. Check if the current environment user matches
if ($env:USERNAME -ne $authorizedUser) {
    Write-Warning "Unauthorized user detected. Run as SupportUser instead."
    return
}

# 3. Access granted for SupportUser
Write-Host "Welcome, $authorizedUser. Access granted."


# 4. Define the list of registry keys to modify
$registryKeys = @(
    "HKLM:\SOFTWARE\Classes\PCDLRN.Application",
    "HKCU:\SOFTWARE\Hexagon"
    "HKCU:\SOFTWARE\WAI"
    "HKLM:\SOFTWARE\Hexagon"
    "HKLM:\SOFTWARE\WAI"
    "HKLM:\SOFTWARE\Wow6432Node\Hexagon"
    "HKLM:\SOFTWARE\Wow6432Node\WAI"
    "Registry::HKU\.DEFAULT\SOFTWARE\Hexagon"
    "Registry::HKU\.DEFAULT\SOFTWARE\WAI"
)

# 5. Define the permission rule details
$identity = "BUILTIN\Users"     # The target group
$rights = "FullControl"         # Permission level
$inheritance = "ContainerInherit, ObjectInherit" # Applies to subkeys and values
$propagation = "None"
$type = "Allow"

# 6. Create the Access Rule object
$accessRule = New-Object System.Security.AccessControl.RegistryAccessRule($identity, $rights, $inheritance, $propagation, $type)

# 7. Loop through each key and apply the new rule
foreach ($keyPath in $registryKeys) {
    try {
        if (Test-Path $keyPath) {
            Write-Host "Applying permissions to: $keyPath" -ForegroundColor Cyan
            
            # Get existing ACL (Access Control List)
            $acl = Get-Acl -Path $keyPath
            
            # Add the new rule to the existing ACL
            $acl.SetAccessRule($accessRule)
            
            # Apply the updated ACL back to the registry key
            Set-Acl -Path $keyPath -AclObject $acl
            
            Write-Host "Success!" -ForegroundColor Green
        } else {
            Write-Warning "Registry key not found: $keyPath"
        }
    } catch {
        Write-Error "Failed to update $keyPath. Error: $($_.Exception.Message)"
    }
}

# 8. Define the list of root folders to modify
$folderPaths = @(
    "C:\Program Files\Hexagon",
    "C:\Program Files\WAI",
    "C:\Program Files (x86)\Hexagon"
    "C:\Program Files (x86)\WAI"
    "C:\ProgramData\Hexagon"
    "C:\ProgramData\WAI"
)

# 9. Define the permission rule details
$identity = "BUILTIN\Users"	# The target group
$rights = "FullControl"		# Permission level
$inheritance = "ContainerInherit, ObjectInherit" # Applies to subfolders and files
$propagation = "None"
$type = "Allow"

# 10. Create the Access Rule object
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $rights, $inheritance, $propagation, $type)

# 11. Loop through each folder path and apply the new rule
foreach ($path in $folderPaths) {
    try {
	if (Test-Path $path) {
	    Write-Host "Applying permissions to: $path" -ForegroundColor Cyan
			
	    # Get existing ACL (Access Control List)
	    $acl = Get-Acl -Path $path
			
	    # Add the new rule to the existing ACL
	    $acl.SetAccessRule($accessRule)
			
	    # Apply the updated ACL back to the folder
	    Set-Acl -Path $path -AclObject $acl
			
	    Write-Host "Success!" -ForegroundColor Green
	} else {
	    Write-Warning "Folder not found: $path"
	}
    } catch {
        Write-Error "Failed to update $keyPath. Error: $($_.Exception.Message)"
    }
}
pause
exit 1
Stop-Transcript