#save as ziqi.ps1functionServer-Sddl-Change{[CmdletBinding()]param([parameter(Mandatory=$false)][String]$Name)$ROOT="HKLM:\SYSTEM\CurrentControlSet\Services\"$S=$ROOT+$NAME$acl=Get-Acl$S$acl.SetAccessRuleProtection($true,$false)$person=[System.Security.Principal.NTAccount]"Everyone"$access=[System.Security.AccessControl.RegistryRights]"QueryValues"$inheritance=[System.Security.AccessControl.InheritanceFlags]"None"$propagation=[System.Security.AccessControl.PropagationFlags]"None"$type=[System.Security.AccessControl.AccessControlType]"Deny"$rule=New-ObjectSystem.Security.AccessControl.RegistryAccessRule(`$person,$access,$inheritance,$propagation,$type)$acl.AddAccessRule($rule)$person=[System.Security.Principal.NTAccount]"Everyone"$access=[System.Security.AccessControl.RegistryRights]"SetValue,CreateSubKey,EnumerateSubKeys,Notify,CreateLink,Delete,ReadPermissions,WriteKey,ExecuteKey,ReadKey,ChangePermissions,TakeOwnership"$inheritance=[System.Security.AccessControl.InheritanceFlags]"None"$propagation=[System.Security.AccessControl.PropagationFlags]"None"$type=[System.Security.AccessControl.AccessControlType]"Allow"$rule=New-ObjectSystem.Security.AccessControl.RegistryAccessRule(`$person,$access,$inheritance,$propagation,$type)$acl.AddAccessRule($rule)Set-Acl$S$acl}