Change Registry Permission with PowerShell

# Save target key with takeownership right
$targetkey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells", [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::takeownership)

# Obtain access control, owner, and rule of target key
$targetac = $targetkey.GetAccessControl()
$targetowner = $targetac.GetOwner([System.Security.Principal.NTAccount])
$targetrule = $targetac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Obtain access control, owner, and rule of normal key
$adminac = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\").GetAccessControl()
$adminowner = $adminac.GetOwner([System.Security.Principal.NTAccount])
$adminrule = $adminac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Set owner and permission of target key
$targetac.SetOwner($adminowner)
$targetac.SetAccessRule($adminrule.Item(0))
$targetkey.SetAccessControl($targetac)

# Change key from 40000 to 20000
Rename-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells" -Name 40000 -NewName 20000

# Restore owner and permission of target key
$targetac.SetAccessRule($targetrule.Item(2))
$targetac.SetOwner($targetowner)
$targetkey.SetAccessControl($targetac)