Security Question

  • Thread starter Thread starter Robert Paris
  • Start date Start date
R

Robert Paris

I am looking for how I can do the following on Win2K:

1. Disable a User's ability to write to/edit the registry
(Actually disable for all but Administrator)
 
Hi,
You can do it using regedt32.
Right click on the hive,then set the permission that you want.
 
In said:
I am looking for how I can do the following on Win2K:

1. Disable a User's ability to write to/edit the registry
(Actually disable for all but Administrator)
Click to expand...

There are two parts here.
1 Disabling use of registry tools (a Group Policy item)
2 Changing the ACLs of registry keys.

1 would be a preferred method if it fits your requirements.
2 is fraught with hazards and might break things.

And the original question does not specify *where* you need to disable
a user from writing. Ordinary users are already restricted in where
they can write in "the registry". For the HKCU branch (hive), they
*must* be able to write (in most portions). You need to be more
specific.
 
Basically, here's the problem: people are going on the internet and
downloading files that install themselves and write all sorts of crap to the
registry (like setting themselves to run on startup, etc). I want to keep
the users and the programs they download (by accident or on purpose) from
writing ANYTHING to the registry. I only want an admin able to write to the
registry. And you're right it includes both the tools and the permissions.
So what's the best way to do this?
 
In said:
Basically, here's the problem: people are going on the internet
and downloading files that install themselves and write all sorts
of crap to the registry (like setting themselves to run on
startup, etc). I want to keep the users and the programs they
download (by accident or on purpose) from writing ANYTHING to the
registry. I only want an admin able to write to the registry. And
you're right it includes both the tools and the permissions. So
what's the best way to do this?
Click to expand...

That would be outside the scope of a group focused on registry issues
IMO. A comprehensive security analysis of not just local systems,
but company policies, routers, proxies, firewalls, and other aspects
is likely warranted.
 
Back
Top