Disable Registry Editors

Prevents standard Registry tools from running. This will only protect against
the casual, unsophisticated user. You can start the Registry editors but they
exit with a brief security messsage.

Value: 1

To prevent remote editing of registry. The
registry ACLs have special access permissions:

Query Value: Read any values
within the key

Set Value:
Create or update a value within the key

Create a subkey to the current key

Enumerate Subkeys: List
the subkeys of the current key

Notify: Audit notification events raised by the key
Create Link: Create a link in the current

Delete: Delete the
current key

Write DAC:
Write a discretionary ACL to the key

Take ownership of the key
Read Control: Read the key’s ACL

Windows NT and Windows 2000 ship with two registry editors, regedit.exe, and
regedt32.exe. Regedt32.exe provides access to a key’s ACL. You can list the
access permissions in regedt32.exe by selecting a registry key, then
Security|Permissions from the main menu, click the Advanced button to open the
Access Control Settings for Names dialog box, select the Permissions tab, and
click the View/Edit button.

As with other objects secured by ACLs, you can audit activity for a
particular key. From the same Access Control Settings for Names dialog box,
select the Auditing tab and the Add button. You can audit all of the same
actions in the above list, selecting success, failure, or both for each
activity. Any such events are then recorded in the Windows NT / Windows 2000
security event log.

Leave a Comment

Your email address will not be published.

Scroll to Top