Re: denying registry usage.

From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 06/17/05 

Date: Fri, 17 Jun 2005 07:31:25 -0400

You can deny users access to regedit.exe and regedt32.exe, via NTFS file
permissions, via Group Policy, and/or via Software Restriction Policy [as
long as they are not in the local Administrators group on the computer].
However, they can still attempt to edit the registry by, say, copying
regedit.exe to a floppy disk and running it from there, or via other means.

If it is really important that these users absolutely not have the ability
to edit the registry, I think it would however be more secure to run
whatever program is trying to access the registry as a different user
account. For example, if only the installer needs to edit the registry just
once, then you could require someone log in as administrator to do the
install. Or, if the program needs to be able to edit the registry, you
could figure out a way for the program to run under a different account,
such as via a service account. If absolutely necessary, I suppose a RunAs
icon [set up so that the user does not need to know the admin password]
might be something to consider [doesn't sound very elegant or completely
secure, but I don't know your complete situation].

http://securityadmin.info/faq.asp#runas

"EDMS" <qasoft4@sltnet.lk> wrote in message
news:OyMI70icFHA.1384@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I am a software developer, I have developed a software with a seperate
> software registration
> process, which accesses the windows registry to input some details about
the
> software.
>
> but some users complain that there registration process fails.
>
> so I want to make an environment on my machine so that I cannot write to
the
> registry
> how can I achieve this.
>
> i know how to stop accessing the registry editors, but not how to stop
> writing to it
>
>
> thanks
>
>
>

Relevant Pages

  • Re: Deleting Search Entries
    ... Edit IE URL is a freeware that lets you keep only the URLs you want to ... see in the Internet Explorer's address bar. ... These URL addresses are maintained in the Windows Registry and can be ...
    (microsoft.public.windowsxp.general)
  • Re: Microsoft Photo Editor
    ... By default Photo Editor is install into this directory C:\Program ... I found this will not work in the registry edit. ... Control the things you can and Don't Worry about the things you can't ...
    (microsoft.public.windowsxp.photos)
  • Re: Mail Rule Problem
    ... Yes you will have to go into the registry to remove it then edit the numbers ... Each subkey below mail corresponds to a rule. ... Once you have the rules renumbered, close Regedit ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: GOD PLEASE HELP
    ... And/or run this edit, ... Can't Delete a File or Folder in XP ... Delete Stubborn AVI Files ... A quick Registry fix will unlock your AVIs so you can move or delete them. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Help Understanding DCOM Error
    ... nor can I even find the registry key that I am told to edit. ... > Can someone explain what DCOM is all about. ... > If the problem continues to occur, contact the program vendor. ...
    (microsoft.public.windowsxp.help_and_support)