Also, do you have a Group Policy set? If so, go into
Computer Configuration\Windows Settings\Security
Settings\Registry
This setting allows an administrator to define access
permissions (on DACLs) and audit settings (on SACLs) for
registry keys.
Do you have anything set there, either in the Default
Domain Policy or your own GP?
From the MMC Help file:
<begin paste>
Security settings may still persist even if the setting is
no longer defined in the policy that originally applied it.
Persistence in security settings occurs when:
-The setting has not been previously defined on the local
computer at the time policy was applied.
-The setting is for a registry object in the subtree of the
Registry node.
-The setting is for a file system object.
Whenever Group Policy is applied, the computer stores the
local security settings into a database. If a Group Policy
object defines a security setting, then does not define
that setting, the setting takes on the original local
setting stored in the database. If a value does not exist
in the database, then the setting does not have a setting
to revert to, and it remains defined as is. This behavior
is sometimes referred to as tattooing.
Registry and file settings will remain at the security
setting that is applied through policy until that setting
is set to another value.
</end paste>
Hope that sheds some more light on it.
E
