Re: denying registry usage.
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 06/19/05
- Previous message: Roger Abell [MVP]: "Re: Patch Installation"
- In reply to: Karl Levinson, mvp: "Re: denying registry usage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 18 Jun 2005 22:04:41 -0700
I think OP just needs to test with an environment that matches the
users reporting the issue with the installation.
My guess is prior tests as admin, users installing as users; or test
on W2k, users on XP, etc..
-- Roger Abell Microsoft MVP (Windows Server: Security) "Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message news:OvqiJ8ycFHA.892@tk2msftngp13.phx.gbl... > You can deny users access to regedit.exe and regedt32.exe, via NTFS file > permissions, via Group Policy, and/or via Software Restriction Policy [as > long as they are not in the local Administrators group on the computer]. > However, they can still attempt to edit the registry by, say, copying > regedit.exe to a floppy disk and running it from there, or via other > means. > > If it is really important that these users absolutely not have the ability > to edit the registry, I think it would however be more secure to run > whatever program is trying to access the registry as a different user > account. For example, if only the installer needs to edit the registry > just > once, then you could require someone log in as administrator to do the > install. Or, if the program needs to be able to edit the registry, you > could figure out a way for the program to run under a different account, > such as via a service account. If absolutely necessary, I suppose a RunAs > icon [set up so that the user does not need to know the admin password] > might be something to consider [doesn't sound very elegant or completely > secure, but I don't know your complete situation]. > > http://securityadmin.info/faq.asp#runas > > > > "EDMS" <qasoft4@sltnet.lk> wrote in message > news:OyMI70icFHA.1384@TK2MSFTNGP09.phx.gbl... >> Hi, >> >> I am a software developer, I have developed a software with a seperate >> software registration >> process, which accesses the windows registry to input some details about > the >> software. >> >> but some users complain that there registration process fails. >> >> so I want to make an environment on my machine so that I cannot write to > the >> registry >> how can I achieve this. >> >> i know how to stop accessing the registry editors, but not how to stop >> writing to it >> >> >> thanks >> >> >> > >
- Previous message: Roger Abell [MVP]: "Re: Patch Installation"
- In reply to: Karl Levinson, mvp: "Re: denying registry usage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
