How to prevent executing REG files

  • Thread starter Thread starter Holger
  • Start date Start date
H

Holger

Hey all

We're using GPOs to prevent that users are able to use registry tools.
But if they execute an reg-file the users are able to edit registry
keys in hkey_current_user. One example are the internet setting keys
like proxy server and so on.

Is there a way to prevent that user are able to execute reg files?

Regards Holger
 
Hi,
We're using GPOs to prevent that users are able to use registry tools.
But if they execute an reg-file the users are able to edit registry
keys in hkey_current_user. One example are the internet setting keys
like proxy server and so on.
Is there a way to prevent that user are able to execute reg files?
Click to expand...

On XP you can:
http://support.microsoft.com/?kbid=831787

with NT/2K Clients I think you have to work with NTFS right on
regedit.exe and regedt32.exe

HTH
Mark
 
I don't know if it will help but try adding regedit.exe and regedt32.exe to
the disallowed list of Windows applications in user
configuration/administrative templates/system. Windows 2000 is limited in
what it can do as far as preventing users from running executables. If you
have any XP Pro computers you can use Software Restriction Policies to
prevent users from does such as .reg is listed as a file type that can be
restricted with hash/path/certificate rules. It may also help to configure
Group Policy to reapply Internet Explorer maintenance policies at every GP
refresh even if the GP has not changed and to implement a computer user
policy that prohibits trying to bypass the proxy server. Some proxy servers
such as ISA 2004 can still lock down a user quite a bit even if they bypass
the proxy settings as long as they use it for a default gateway. You can
even configure ISA proxy clients to require authenticating to access the
internet which will fail if they are not using the proxy server. See the
links below and you may also want to shorten the period for Group Policy
refresh from the default 90 minutes for at least users. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;316702
http://tinyurl.com/4egjx
 
Back
Top