RE: Securing access to network registry

From: Keven (kdenton_at_xpsystems.com)
Date: 07/24/03

• Next message: JasonW: "Re: Windows NT/2000 Permissions"
• Previous message: Duncan: "DirectX flaw"
• In reply to: Cherry Qian: "RE: Securing access to network registry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 24 Jul 2003 08:16:09 -0700

>-----Original Message-----
>Hi Keven,
>
>Thank you for the posting.
>
>I understand you performed the steps in knowledge base
article 153183 and
>then when you log on as just a domain user you can get
read access to
>HKEY_CLASSROOT and HKEY_USERS.
>
>This is normal because your domain user account is in the
administrators
>group. To test whether the restriction is effective, you
can have other
>domain user log on your computer and they should not be
able to access the
>registry keys because they are not in the administrators
group.
>
>If you want, you can also remove your domain user account
from the
>administrators group to pervent it from accessing the
registry keys.
>Anyone in the administrators group can have access to the
registry keys.
>Only those who are not in the administrators group will
be prevented from
>accessing the registry keys.
>
>Hope the above information and suggestion helps and
answers your question.
>If anything is unclear, please let me know.
>
>
>Sincerely,
>
>Cherry Qian
>MCSE2000, MCSA2000, MCDBA2000
>Microsoft Partner Online Support
>
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please Reply to Group via your
newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided AS IS with no warranties, and
confers no rights.
>
>.
>I Should also note in case I made an error we are talking
about opening a remote registry on a remote computer even
a DC and I see read rights to this file as just a plain
user with no admin rights anywhere. Thanks Keven

---

• Next message: JasonW: "Re: Windows NT/2000 Permissions"
• Previous message: Duncan: "DirectX flaw"
• In reply to: Cherry Qian: "RE: Securing access to network registry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Securing access to network registry ... >Thank you for the posting. ... >This is normal because your domain user account is in the ... >registry keys because they are not in the administrators ... >Anyone in the administrators group can have access to the ... (microsoft.public.win2000.security) RE: Securing access to network registry ... This is normal because your domain user account is in the administrators ... administrators group to pervent it from accessing the registry keys. ... This posting is provided AS IS with no warranties, ... (microsoft.public.win2000.security) Re: Give Domain Users Local Admin Rights ... I know that I could add the indivdual domain user to the ... they do not have local admin ... >> I added DOMAIN USERS to the local administrators group ... >> are logged on to without giving them Local Admin rights ... (microsoft.public.windowsxp.security_admin) Re: Add domain user to Local Administrators Group on a workstation ... Curt Winter typed: ... workstation in the domain and try and add a domain user to the local ... Administrators Group, it does not show me the domain or allow me to ... via restricted groups & group policy, or even by running a startup ... (microsoft.public.windows.server.general) Re: Computer user & domain user ... I normally configure two accounts for each workstation. ... Administrators group, it works fine. ... >> software between computer user & domain user in a Windows XP Pro ... > will automatically have permissions for domain users too. ... (microsoft.public.windowsxp.network_web)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)