Question about Securing the Registry

  • Thread starter Thread starter JS
  • Start date Start date
J

JS

Has anyone ever used security on the registry keys
to block write access to parts of the registry?

I was thinking about cases where you can't use EWF to protect
a drive, but it would still be useful to provide some measure
of protection for the registry.

For example, you might want to only permit a few changes
to the registry (like the IP address, for example), and everything
else could be blocked.

Has anyone ever done anything like this?

- J
 
Are you talking about applying ACLs to some registry keys so some users
(like local Admin) can modify and the rest cannot?
If so - any MSDN search for ACLs will show you how to do that including code
samples in C++ and C#. Do you want to do that from the build machine or
after the image is already deployed to the runtime?

Thanks,
Oren
 
Hi Oren,
Are you talking about applying ACLs to some registry keys so some users
(like local Admin) can modify and the rest cannot?
Click to expand...

Yes, that is exactly what I was thinking of.
In fact I was thinking of restricting Everyone to read access only
to most parts of the registry (or more accurately, deny write access
to Everyone, since an ACL deny takes precedence over ACL permits).

This is bound to cause problems with some parts of Windows,
which is why I was wondering if anyone has ever done anything like
this before. Has anyone figured out what registry keys Windows
has to be able to write and what can be safely locked?

Thanks,
- J.
 
You want to make sure that at least the SYSTEM account still have access to
everything. It really depends on the components in your OS image on what
will happen when you do that as some modules will probably attempt to write
values running as non-system.
 
Back
Top