M
mikesw
I have two Win XP Pro SP2 machines on a local home network.
No external access outside of this network is needed.
I'm trying to use computer A to remotely modify the registry of
computer B or vice versa depending on which PC I'm at and logged
in as part of the Administrators users group.
I'm trying to do remote registry by two different methods:
a) using regedit and to connect to the other computers registry
b ). using XP support tools to use the "reg.exe" command
to query, and add or delete registry entries on the computer
I see that the remote registry service is started and is automatic on both
machines.
Here's the problem,
a). I can use regedit to pull the other computers registry in. The
two keys are HKLM and HKCU (if I remember). However, when I
try to expand this list, I am denied. Nor can I change these keys
permissions or see if I'm on the access list as admin.
If I try to add to the access list i.e. computer B\Administrator
or my user account name in place of Administrator by changing
the permissions on the HKLM or HKCU by going to that computer
(computer A) and changing it there and save it off, it wont let me
so that I can go back to computer B and try to view these keys remotely
now that I've given them access permissions. Why?
b ). If I try to remotely query, add, delete a registry entry in HKLM on
the remote computer (ie computer B ) from computer A I get
access denied even though the remote registry service is running.
reg add \\COMPUTERB\HKLM\..... and the rest of the registry key with the DWORD
I'm trying to add
The same applies to the "query" command too for the DWORD I'm trying to see.
In both of the above cases, I've read the following at MSoft
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true
KB314837 article http://support.microsoft.com/kb/314837
that deals with the "winreg" key entry being setup a certain way with the
other keys too
and my two computers are already configured like the KB article states.
I even tried to change the access permissions on the keys dealing with
"winreg" and couldn't when I tried to do i.e. "COMPUTERB\Administrators" or
my user
login account (that is in admin group) like above so that I could give
another Computer access by
telling "winreg" to allow me through. Note: Computer A and B are my computer
names that I assigned.
How to fix the problems in (a) and (b ) above to allow me to do this?
I haven't tried adding to AllowedPaths whereby all the users can access per
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true
PS: Must my admin account or my user account which belongs to the
admin group have a password for the above to work? But, neither
the regedit connect to remote computer registry nor the reg query
command prompt me for a password based on a username that may
be sent to the remote computer that I' trying to remote registry to.
If so, must the passwords and/or usernames be the same? There
is no KB article to address the user account/password needs for
remote registry. Although a regular user will not belong to the Admin group,
can I assign this user to the winreg subkey to give them permission to change
the registry - assuming I was logged in as Administrator when I modifed the
registry
permissions on this subkey to give this non admin user permission to modify
the registry?
Is there any parent/child permission inheritance on registry keys/subkeys
similar to what
one can do on the files in a disk filesystem? presently i don't see any
option to inherit from the
parent. Thus, I don't think I have to give COMPUTERB\Administrators full
control on the
SecurePipeServers key which is the parent of the winreg subkey (the child).
Of course the
local computername Administrator has full control from the root parent HKLM
all the way down to
winreg. Perhaps I need to give COMPUTERB\Administrators access, I must
change permissions at HKLM first
then the child and then the next child etc til I will be able to change
winreg although COMPUTERA\Administrators
already have permissions and I'm the COMPUTERA\Administrators Admin doing
the change on the COMPUTER A
registry.
BTW, here's a known problem as of Dec 2007 with performance counters
accessed remotely.
http://support.microsoft.com/kb/300702
Based on KB890161 although KB is Win2K it applies to XP too. My
RestrictAnonymous on all computers is 0.
Restricting anonymous remote registry access
The RestrictAnonymous registry value also lets you restrict anonymous remote
registry access. This feature prevents anonymous users from connecting to the
registry remotely. It also prevents anonymous users from reading or from
writing any registry data. Remote access to the registry is controlled
through the ACL on the winreg registry key. The ACL on the winreg registry
key identifies the authenticated users who can remotely connect to the
registry.
PS: To CHUCK MVP at http://nitecruzr.blogspot.com Can you update the blog
to talk about doing remote registry between computers for both the
support tools reg.exe and regedit?
Your site straightened out my file sharing, remote desktop and remote
assistance problems. Now I have remote registry problems.
No external access outside of this network is needed.
I'm trying to use computer A to remotely modify the registry of
computer B or vice versa depending on which PC I'm at and logged
in as part of the Administrators users group.
I'm trying to do remote registry by two different methods:
a) using regedit and to connect to the other computers registry
b ). using XP support tools to use the "reg.exe" command
to query, and add or delete registry entries on the computer
I see that the remote registry service is started and is automatic on both
machines.
Here's the problem,
a). I can use regedit to pull the other computers registry in. The
two keys are HKLM and HKCU (if I remember). However, when I
try to expand this list, I am denied. Nor can I change these keys
permissions or see if I'm on the access list as admin.
If I try to add to the access list i.e. computer B\Administrator
or my user account name in place of Administrator by changing
the permissions on the HKLM or HKCU by going to that computer
(computer A) and changing it there and save it off, it wont let me
so that I can go back to computer B and try to view these keys remotely
now that I've given them access permissions. Why?
b ). If I try to remotely query, add, delete a registry entry in HKLM on
the remote computer (ie computer B ) from computer A I get
access denied even though the remote registry service is running.
reg add \\COMPUTERB\HKLM\..... and the rest of the registry key with the DWORD
I'm trying to add
The same applies to the "query" command too for the DWORD I'm trying to see.
In both of the above cases, I've read the following at MSoft
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true
KB314837 article http://support.microsoft.com/kb/314837
that deals with the "winreg" key entry being setup a certain way with the
other keys too
and my two computers are already configured like the KB article states.
I even tried to change the access permissions on the keys dealing with
"winreg" and couldn't when I tried to do i.e. "COMPUTERB\Administrators" or
my user
login account (that is in admin group) like above so that I could give
another Computer access by
telling "winreg" to allow me through. Note: Computer A and B are my computer
names that I assigned.
How to fix the problems in (a) and (b ) above to allow me to do this?
I haven't tried adding to AllowedPaths whereby all the users can access per
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true
PS: Must my admin account or my user account which belongs to the
admin group have a password for the above to work? But, neither
the regedit connect to remote computer registry nor the reg query
command prompt me for a password based on a username that may
be sent to the remote computer that I' trying to remote registry to.
If so, must the passwords and/or usernames be the same? There
is no KB article to address the user account/password needs for
remote registry. Although a regular user will not belong to the Admin group,
can I assign this user to the winreg subkey to give them permission to change
the registry - assuming I was logged in as Administrator when I modifed the
registry
permissions on this subkey to give this non admin user permission to modify
the registry?
Is there any parent/child permission inheritance on registry keys/subkeys
similar to what
one can do on the files in a disk filesystem? presently i don't see any
option to inherit from the
parent. Thus, I don't think I have to give COMPUTERB\Administrators full
control on the
SecurePipeServers key which is the parent of the winreg subkey (the child).
Of course the
local computername Administrator has full control from the root parent HKLM
all the way down to
winreg. Perhaps I need to give COMPUTERB\Administrators access, I must
change permissions at HKLM first
then the child and then the next child etc til I will be able to change
winreg although COMPUTERA\Administrators
already have permissions and I'm the COMPUTERA\Administrators Admin doing
the change on the COMPUTER A
registry.
BTW, here's a known problem as of Dec 2007 with performance counters
accessed remotely.
http://support.microsoft.com/kb/300702
Based on KB890161 although KB is Win2K it applies to XP too. My
RestrictAnonymous on all computers is 0.
Restricting anonymous remote registry access
The RestrictAnonymous registry value also lets you restrict anonymous remote
registry access. This feature prevents anonymous users from connecting to the
registry remotely. It also prevents anonymous users from reading or from
writing any registry data. Remote access to the registry is controlled
through the ACL on the winreg registry key. The ACL on the winreg registry
key identifies the authenticated users who can remotely connect to the
registry.
PS: To CHUCK MVP at http://nitecruzr.blogspot.com Can you update the blog
to talk about doing remote registry between computers for both the
support tools reg.exe and regedit?
Your site straightened out my file sharing, remote desktop and remote
assistance problems. Now I have remote registry problems.