Registry run line

  • Thread starter Thread starter Loyd
  • Start date Start date
L

Loyd

Hello all, I have a problems I need to keep my 2k/XP users from hosing their
computers. I need to keep these keys from being modified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,

There are applications which require all the users to be local
administrators, so it leaves a pretty big hole open.

Can I do it with a group policy or registry permissions?

Is there a utility that will warn when the run line is being modified.
Thanks for your help in advance.
Lloyd
 
Loyd said:
Hello all, I have a problems I need to keep my 2k/XP users from
hosing their computers. I need to keep these keys from being
modified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,

There are applications which require all the users to be local
administrators, so it leaves a pretty big hole open.

Can I do it with a group policy or registry permissions?

Is there a utility that will warn when the run line is being modified.
Thanks for your help in advance.
Click to expand...

None that I know of. Your choices, as I see I are:

1) Stop making them administrators. There is no program that REQUIRES
someone to be an administrator, just some that require access to certain
keys in the registry or files in certain directories. Give these rights to
the people.

2) Take away the admin rights to change the RUN key - the bad part about
that? They can give it back to themselves if they know how and you have to
give it back or add your user specifically to it. I'd choose to figure out
the keys in the registry and files in folders they need access to and use
#1. Every user of a computer never needs to be administrator - you only
need one. (maybe two, just in case.)
 
Shenan Stanley said:
None that I know of. Your choices, as I see I are:

1) Stop making them administrators. There is no program that REQUIRES
someone to be an administrator, just some that require access to certain
keys in the registry or files in certain directories. Give these rights to
the people.

2) Take away the admin rights to change the RUN key - the bad part about
that? They can give it back to themselves if they know how and you have to
give it back or add your user specifically to it. I'd choose to figure out
the keys in the registry and files in folders they need access to and use
#1. Every user of a computer never needs to be administrator - you only
need one. (maybe two, just in case.)
Click to expand...


Thanks Shenan, I'll research both approaches.
 
Back
Top