Original Question - Update below - Final code in marked answer
More or less a simple question I hope but my brain is fried. I'm trying to write a module to set registry key permissions, named 'Set-RegistryPermissions', and have a slight problem with naming my switches and creating acceptable parameter sets. I've come up with the following but I got to last line and got stumped.
# -Recurse Sets Permissions for supplied key and subkeys (entire tree)
# -Inherit Sets Inheritance for supplied key
# -SubkeyInherit Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit -Recurse Sets Inheritance for supplied key and subkeys (entire tree)
# -SubkeyInherit -Recurse Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
The more I look at it the more confused I'm getting. Maybe I could combine -Inherit & -SubkeyInherit instead of -Inherit -Recurse or maybe start again and have something like SetSuppliedKey, Recurse, Set... Ahhh I'm confused again. Any suggestions please?
---- Update ----
In response to the comment by @Scepticalist I came up with the following which also allows me to add '-Permissions -Subkeys'.
I did think I could change '-Permissions -Recurse' to '-Permissions -All' but that sounds harder to understand or I could change '-Inherit -All' to '-Inherit -Recurse' and scrap the -All switch, but that might make the last option confusing, like your trying to recurse all the permissions as well as the inherit.
Maybe I'm just overthinking this or trying to do too much in one command. It might be easier if the command was ran twice, set Permissions then set Inheritance.
Please let me know your thoughts, if you see any problems or think it's too complicated. Thank you.
# -Permissions (Parameter)
# -Recurse (Switch)
# -Inherit (Switch)
# -Subkeys (Switch)
# -All (Switch)
# -Permissions Sets Permissions for supplied key
# -Permissions -Subkeys Sets Permissions for only subkeys (entire subkey tree)
# -Permissions -Recurse Sets Permissions for supplied key and subkeys (entire tree)
# -Inherit Sets Inheritance for supplied key
# -Inherit -Subkeys Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit -All Sets Inheritance for supplied key and subkeys (entire tree)
# -Permissions -Inherit -Subkeys Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
# -Permissions -Inherit -All Sets Permissions for supplied key and Inheritance for entire tree
These would be the only valid combinations, a example of a invalid combination would be, -Permissions -Subkeys -Recurse, or -Permissions -Subkeys -All
[EDIT]
Reading it over I think I might change 'Subkeys' to 'InheritSubkeys' and scrap the 'All' switch making the last 4 lines read,
# -InheritSubkeys Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit -InheritSubkeys Sets Inheritance for supplied key and subkeys (entire tree)
# -Permissions -InheritSubkeys Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
# -Permissions -Inherit -InheritSubkeys Sets Permissions for supplied key and Inheritance for entire tree
I worked out my names and with a little help from the answer here, Multiple mandatory parameters in a single parameter set, I finally got everything working the way I want.
Get-Help displays correctly, tab completion works correctly and only valid parameters are displayed after typing a dash when others are present.
I still don't fully understand how this is all working but it's working and that's all I care about now.
So my final naming and parameter sets are:
# -User (Mandatory)
# -RegKey (Mandatory)
# -Rights (Allow | Deny)
# -Permissions (Validateset)
# -Recurse (Switch)
# -SubkeysOnly (Switch)
# -Inherit (SingleKey | All | Subkeys)
# -Permissions -Rights Sets Permissions for supplied key
# -Permissions -Rights -Recurse Sets Permissions for supplied key and subkeys (entire tree)
# -Permissions -Rights -SubkeysOnly Sets Permissions for only subkeys (entire subkey tree)
# -Inherit SingleKey Sets Inheritance for supplied key
# -Inherit Subkeys Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit All Sets Inheritance for supplied key and subkeys (entire tree)
# -Permissions -Rights -Inherit Subkeys Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
# -Permissions -Rights -Inherit All Sets Permissions for supplied key and Inheritance for entire tree
function Set-RegistryPermissions
{
param(
[Parameter(Mandatory=$true, ValueFromPipeline=$false)]
[ValidateNotNullOrEmpty()]
[string]$User,
[Parameter(Mandatory=$true, ValueFromPipeline=$false)]
[ValidateNotNullOrEmpty()]
[string]$RegKey,
[Parameter(ParameterSetName = 'PermissionsInherit', Mandatory = $true)]
[Parameter(ParameterSetName = 'SubKeysOnly', Mandatory = $true)]
[Parameter(ParameterSetName = 'Recurse', Mandatory = $true)]
[Parameter(ParameterSetName = 'PermissionsRights', Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[Validateset("ChangePermissions","CreateSubKey","Delete","EnumerateSubKeys","ExecuteKey","FullControl", ``
"Notify","QueryValues","ReadKey","ReadPermissions","SetValue","TakeOwnership","WriteKey")]
[string[]]$Permissions,
[Parameter(ParameterSetName = 'Recurse', Mandatory = $true)]
[Switch]$Recurse,
[Parameter(ParameterSetName = 'SubKeysOnly', Mandatory = $true)]
[Switch]$SubKeysOnly,
[Parameter(ParameterSetName = 'Inherit', Mandatory = $true)]
[Parameter(ParameterSetName = 'PermissionsInherit', Mandatory = $true, ValueFromPipeline=$false)]
[ValidateNotNullOrEmpty()]
[Validateset("SingleKey","All","Subkeys")]
[string]$Inherit,
[Parameter(ParameterSetName = 'SubKeysOnly', Mandatory = $true)]
[Parameter(ParameterSetName = 'Recurse', Mandatory = $true)]
[Parameter(ParameterSetName = 'PermissionsInherit', Mandatory = $true)]
[Parameter(ParameterSetName = 'PermissionsRights', Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[Validateset("Allow","Deny")]
[string]$Rights
)
}
Get-Help Set-RegistryPermissions
If you want to copy and test there should only be one backtick(`) in the permissions ValidateSet. I had to add a second to get it to display right here.
Result from Get-Help
SYNTAX
Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey}
-Rights {Allow | Deny} [<CommonParameters>]
Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey}
-Recurse -Rights {Allow | Deny} [<CommonParameters>]
Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey}
-SubKeysOnly -Rights {Allow | Deny} [<CommonParameters>]
Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey}
-Inherit {SingleKey | All | Subkeys} -Rights {Allow | Deny} [<CommonParameters>]
Set-RegistryPermissions -User <string> -RegKey <string> -Inherit {SingleKey | All | Subkeys} [<CommonParameters>]
The ValidateSet for the permissions can make it a little hard to read but it's correct.