User write access to registry and event log

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Windows 2000 server - I have been asked by a 3rd party software developer to
give all users write access to the register and event log as his program
works ok while using a login with local admin permissions but not as a
standard user. I am concerned about this being a security issue. Am I
worrying about nothing or is there a better way to do this without giving all
users write access to the registry.
 
In said:
Windows 2000 server - I have been asked by a 3rd party software
developer to give all users write access to the register and
event log as his program works ok while using a login with local
admin permissions but not as a standard user. I am concerned
about this being a security issue. Am I worrying about nothing
or is there a better way to do this without giving all users
write access to the registry.
Click to expand...

You should be worried IMHO. It is the developers job to adhere to
The Microsoft Way and make all post-installation registry write
requirements "local" to HKCU. _He_ needs to fix his program.
 
100 % agreed with Mark's assessment.

You can set up failure auditing on the local machine hive. Run regedt32.exe
then browse to HKLM, then
Edit|Permissions|Advanced|Auditing|Add|"everyone"|OK then check the "Failed"
box on Full Control, Set Value, Create Subkey, Enumerate Subkey, Delete,
Create Link

Then try again logged on as a normal user. Then check the Event log security
for errors and pass on to the developer.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Windows 2000 server - I have been asked by a 3rd party software developer
to
| give all users write access to the register and event log as his program
| works ok while using a login with local admin permissions but not as a
| standard user. I am concerned about this being a security issue. Am I
| worrying about nothing or is there a better way to do this without giving
all
| users write access to the registry.
 
Back
Top