Re: Disable regedit/registry

From: Steven Umbach (n9zrou_at_nscomcast.com)
Date: 01/05/04

• Next message: BA: "Re: Logical Drive (access is denied)"
• Previous message: tennislvr: "what is a product key?"
• In reply to: hannibal: "Disable regedit/registry"
• Next in thread: Doug Knox MS-MVP: "Re: Disable regedit/registry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 05 Jan 2004 04:01:46 GMT

I don't know if you are using Home or Pro. In Pro you can use Group Policy to
disable regedt32 and regedit with Software Restriction Policies and set the
enforcement rule to not restrict administrators. That would be the most secure
way. Otherwise try changing the ntfs permissions on the regedt32 and regedit
executables so that regular users do not have execute permissions. The problem
with that method is that the executables may be in more than one place on the
hard drive [in service pack files, etc], may be overwritten in a service pack
upgrade, or the user may copy an unrestricted version to their profile folder
and try to execute it from there. There is also a setting in Group Policy user
configuration/administrative templates/system to disable registry editing.
However by default that will restrict all users on the local machine from
editing the registry. A work around for administrators may be that they still
could edit the registry remotely on those machines if he was on a machine that
did not have that policy enforced. --- Steve

http://support.microsoft.com/?kbid=310791

"hannibal" <smulberr@yahoo.com> wrote in message
news:03a501c3d338$c8d41f40$a301280a@phx.gbl...
> Hello, i am an administrator, and i want to disable non-
> administrators from accessing the registry; what is the
> best means/practice in a standalone environment?
>
> Thanks

---

• Next message: BA: "Re: Logical Drive (access is denied)"
• Previous message: tennislvr: "what is a product key?"
• In reply to: hannibal: "Disable regedit/registry"
• Next in thread: Doug Knox MS-MVP: "Re: Disable regedit/registry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Admin / Domain Admin rights problem ... As far as Group Policy - registry you will not see that in Local ... >> Key and SubKey - Type of Access: ... >> Detailed Access Flags: ... (microsoft.public.win2000.security) Re: Applying zone settings on Pop-up Blocker ... I checked the registry and the settings is there! ... > Troubleshooting Group Policy in Microsoft? ... (microsoft.public.windows.group_policy) Re: Apply registry setting. ... registry setting to the editor in Group Policy and allow you to manage it. ... GPOE and then managed on the GPO itself. ... diagnostic value called 'Replication Events' that can be turned on the ... (microsoft.public.win2000.group_policy) Re: Setting up new users ... could do is to let the users logon as the guest account. ... configured in permissions for a share folder so keep that in mind. ... Use Group Policy to restrict the users further. ... (microsoft.public.win2000.security) Re: Location of local policies ... The registry is one location. ... The Group Policy template folder contains subfolders, including, but not ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)