Disable Registry Editors


Prevents standard Registry tools from running. This will only protect against
the casual, unsophisticated user. You can start the Registry editors but they
exit with a brief security messsage.

Hive: HKEY_CURRENT_USER
Key:
Software\Microsoft\Windows\CurrentVersion\Policies\System
Name:
DisableRegistryTools
Type: REG_DWORD
Value: 1

To prevent remote editing of registry. The
registry ACLs have special access permissions:

Query Value: Read any values
within the key

Set Value:
Create or update a value within the key

Create
Subkey:
Create a subkey to the current key

Enumerate Subkeys: List
the subkeys of the current key

Notify: Audit notification events raised by the key
Create Link: Create a link in the current
key

Delete: Delete the
current key

Write DAC:
Write a discretionary ACL to the key

Write
Owner:
Take ownership of the key
Read Control: Read the key’s ACL

Windows NT and Windows 2000 ship with two registry editors, regedit.exe, and
regedt32.exe. Regedt32.exe provides access to a key’s ACL. You can list the
access permissions in regedt32.exe by selecting a registry key, then
Security|Permissions from the main menu, click the Advanced button to open the
Access Control Settings for Names dialog box, select the Permissions tab, and
click the View/Edit button.

As with other objects secured by ACLs, you can audit activity for a
particular key. From the same Access Control Settings for Names dialog box,
select the Auditing tab and the Add button. You can audit all of the same
actions in the above list, selecting success, failure, or both for each
activity. Any such events are then recorded in the Windows NT / Windows 2000
security event log.

Leave a Comment

Your email address will not be published.

Scroll to Top