Everyone security hole

When a properly authenticated user logs on locally to a Windows NT computer,
that user becomes a member of the Everyone group. The
default permission on the keys below allow members of the “Everyone” group special access, which includes the right to
Set Values or Create Subkeys. This allows members of the “Everyone” group to create an entry under the Run and RunOnce keys that contains
the name of a program to run when the computer starts. The Uninstall key defines the programs to run when you remove an




Because there is a potential for the abuse of this level of
rights, you may want to reset these permissions.

A. From the Security menu, click Permissions.
B. Click “Replace
Permissions on Existing Subkeys” so that it is selected.
C. Click
Everyone, change the Type Of Access to Read, and then click OK.

Several sources recommend modifying the following subkeys so that the
Everyone group has only Query Value, Read Control, Enumberate Subkeys, and
Notify access.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top