RE: Securing access to network registry

From: Cherry Qian (cherryq_at_online.microsoft.com)
Date: 07/24/03 

Date: Thu, 24 Jul 2003 07:30:59 GMT

Hi Keven,

Thank you for the posting.

I understand you performed the steps in knowledge base article 153183 and
then when you log on as just a domain user you can get read access to
HKEY_CLASSROOT and HKEY_USERS.

This is normal because your domain user account is in the administrators
group. To test whether the restriction is effective, you can have other
domain user log on your computer and they should not be able to access the
registry keys because they are not in the administrators group.

If you want, you can also remove your domain user account from the
administrators group to pervent it from accessing the registry keys.
Anyone in the administrators group can have access to the registry keys.
Only those who are not in the administrators group will be prevented from
accessing the registry keys.

Hope the above information and suggestion helps and answers your question.
If anything is unclear, please let me know.

Sincerely,
 
Cherry Qian
MCSE2000, MCSA2000, MCDBA2000
Microsoft Partner Online Support
 
 
Get Secure! - www.microsoft.com/security
 
====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

Relevant Pages

  • RE: Securing access to network registry
    ... >Thank you for the posting. ... >This is normal because your domain user account is in the ... >registry keys because they are not in the administrators ... >Anyone in the administrators group can have access to the ...
    (microsoft.public.win2000.security)
  • RE: Securing access to network registry
    ... >Thank you for the posting. ... >This is normal because your domain user account is in the ... >registry keys because they are not in the administrators ... >Anyone in the administrators group can have access to the ...
    (microsoft.public.win2000.security)
  • Re: Give Domain Users Local Admin Rights
    ... I know that I could add the indivdual domain user to the ... they do not have local admin ... >> I added DOMAIN USERS to the local administrators group ... >> are logged on to without giving them Local Admin rights ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Add domain user to Local Administrators Group on a workstation
    ... Curt Winter typed: ... workstation in the domain and try and add a domain user to the local ... Administrators Group, it does not show me the domain or allow me to ... via restricted groups & group policy, or even by running a startup ...
    (microsoft.public.windows.server.general)
  • Re: Computer user & domain user
    ... I normally configure two accounts for each workstation. ... Administrators group, it works fine. ... >> software between computer user & domain user in a Windows XP Pro ... > will automatically have permissions for domain users too. ...
    (microsoft.public.windowsxp.network_web)