RE: Securing access to network registry

From: Keven (kdenton_at_xpsystems.com)
Date: 07/24/03


Date: Thu, 24 Jul 2003 08:13:52 -0700


>-----Original Message-----
>Hi Keven,
>
>Thank you for the posting.
>
>I understand you performed the steps in knowledge base
article 153183 and
>then when you log on as just a domain user you can get
read access to
>HKEY_CLASSROOT and HKEY_USERS.
>
>This is normal because your domain user account is in the
administrators
>group. To test whether the restriction is effective, you
can have other
>domain user log on your computer and they should not be
able to access the
>registry keys because they are not in the administrators
group.
>
>If you want, you can also remove your domain user account
from the
>administrators group to pervent it from accessing the
registry keys.
>Anyone in the administrators group can have access to the
registry keys.
>Only those who are not in the administrators group will
be prevented from
>accessing the registry keys.
>
>Hope the above information and suggestion helps and
answers your question.
>If anything is unclear, please let me know.
>
>
>Sincerely,
>
>Cherry Qian
>MCSE2000, MCSA2000, MCDBA2000
>Microsoft Partner Online Support
>
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please Reply to Group via your
newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided AS IS with no warranties, and
confers no rights.
>
>.
>

I think I might have been unclear. I created a domain
user. This guy is not part of the administrators group on
my machine, the domain or the remote machine I am trying
to access. Yet I can still get to
then when you log on as just a domain user you can get
read access to
HKEY_CLASSROOT and HKEY_USERS. If I use my account which
is a domain admin then I can edit the full registry that
is fine. I just want to know why a person with no
explicit rights still gets the read right to the above
keys. Thanks for your help. Keven



Relevant Pages

  • RE: Securing access to network registry
    ... >Thank you for the posting. ... >This is normal because your domain user account is in the ... >registry keys because they are not in the administrators ... >Anyone in the administrators group can have access to the ...
    (microsoft.public.win2000.security)
  • RE: Securing access to network registry
    ... This is normal because your domain user account is in the administrators ... administrators group to pervent it from accessing the registry keys. ... This posting is provided AS IS with no warranties, ...
    (microsoft.public.win2000.security)
  • Re: Give Domain Users Local Admin Rights
    ... I know that I could add the indivdual domain user to the ... they do not have local admin ... >> I added DOMAIN USERS to the local administrators group ... >> are logged on to without giving them Local Admin rights ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Add domain user to Local Administrators Group on a workstation
    ... Curt Winter typed: ... workstation in the domain and try and add a domain user to the local ... Administrators Group, it does not show me the domain or allow me to ... via restricted groups & group policy, or even by running a startup ...
    (microsoft.public.windows.server.general)
  • Re: Computer user & domain user
    ... I normally configure two accounts for each workstation. ... Administrators group, it works fine. ... >> software between computer user & domain user in a Windows XP Pro ... > will automatically have permissions for domain users too. ...
    (microsoft.public.windowsxp.network_web)