RegistryAccessEntry resource does not resolve out of box SID used in permissions on HKLM:\SOFTWARE and HKLM:\SYSTEM starting in Server 2019 and Windows 10 (1809+), including Server 2022 and Windows 11.
Applying DSC configuration to set permissions on HKLM:\SOFTWARE with "force" param removes this SID, which is problematic. Attempting to add this SID to the DSC resource causes an error, as it can not resolve to a friendly name, which is by design with capability SIDs.
brwilkinson
commented
1 year ago
RegistryAccessEntry resource does not resolve out of box SID used in permissions on HKLM:\SOFTWARE and HKLM:\SYSTEM starting in Server 2019 and Windows 10 (1809+), including Server 2022 and Windows 11.
Applying DSC configuration to set permissions on HKLM:\SOFTWARE with "force" param removes this SID, which is problematic. Attempting to add this SID to the DSC resource causes an error, as it can not resolve to a friendly name, which is by design with capability SIDs.
SID: S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681
This is a capability SID and should not be removed from the permissions of HKLM:\SOFTWARE or \SYSTEM: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/sids-not-resolve-into-friendly-names#cause