Account SYSTEM must have Full Control access to Registry


NEVER remove SYSTEM as a
qualified user in Registry permissions. Doing so will make changing the Registry
with Control Panel or during software installation impossible. Changes will not
take effect and software will most likely be unusable. Similarly, access
permissions for the boot and system partitions: the critical entry on the ACL is
the SYSTEM/Full Control ACE. Do not under any circumstances remove this ACL from
the list or modify it; NT crashes and will not restart. It might be temping to
to exclude unncessary users from the NT installation direcory tree. Don’t
experiment on production boxes.

Each key in the registry has its own ACL. The registry ACLs are conceptually
similar to file permission ACLs. The registry ACL access permission types
follow.














Query Value
Read access to values in key
Set Value
Create / update values in key

Create Subkey
Create subkey in key

Enumerate Subkeys
List subkeys in key

Notify
Audit notification events in key

Create Link
Create link to key

Delete
Delete key

Write DAC
Write Discretionary ACL (DAC) on key

Write Owner
Take ownership of key

Read Control
Read ACL of key

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top