RegistryAccessEntry will not gracefully handle access rule addition of the 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' principal.

[bcwilhite]

If a configuration requires the "ALL APPLICATION PACKAGES" IdentityReference to be added to a registry ACL, the resource doesn't gracefully handle this scenario. The code in this resource converts the user input string to an NTAccount, which creates the Fully Qualified version of this principal, then creates an access rule with the converted Identity. When the access rule is added to the current ACL, this error occurs: Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated." There is code, however, in this resource to handle successful removal of an identity for this scenario, but isn't handled when adding to the ACL. This is a known win32 API bug according to Yanbing, see the following link: https://github.com/PowerShell/Win32-OpenSSH/issues/750 To workaround this issue, one of two things must occur, the short name can be provided to the access rule or the SID equivalent. I will be submitting a PR for this issue momentarily with the latter workaround as the fix.