|
Welcome to articlepublication.com!
Articles » Computers >> View Article
|
 |
|
 |
| Windows registry security tips |
By:
Sulamita Berrezi |
|
|
Whenever I bring up registry security, the inevitable question is always how to prevent users from accessing the registry. You can't. Remember that the registry contains settings that the user must be able to read for Windows to work properly. Users also must have full control of their profile hives for the operating system and applications to save their preferences. You can't prevent access-nor do you want to prevent it. The best you should hope for is limiting users' ability to edit the registry using Regedit or other registry editors.The most elegant way to prevent access to Regedit is by enabling the Prevent access to registry editing tools policy. When users start Regedit, all they see is an error message that says "Registry editing has been disabled by your administrator." The problem with this policy is that not all registry editors honor this policy. Nothing prevents a determined user from downloading a shareware registry editor, of which there are plenty, and using it. Another possibility is using Software Restriction Policies, which you can learn more about in Help and Support Center. Even this doesn't prevent users from running shareware registry editors unless you use Software Restriction Policies to completely restrict them to a short list of acceptable applications.Securing local access to the Windows registry is one thing; securing remote access is another. Windows gives members of the local Administrators and Backup Operators groups remote access to the registry. Because the Domain Admins group is a member of each computer's local Administrators group, all domain administrators can connect the registry of any computer that's joined to the domain. Also, Windows now limits remote access to the registry more than earlier versions of Windows.There might be limited scenarios in which you want to open remote access to computers' registries. For example, in Active Directory, you might create an administrators group for each organizational unit and want to give it the ability to edit computers' registries if they belong to the organizational unit. To enable that group to remotely edit a computer's registry, add that group to the ACL of the key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg. The problem you're going to run into is that although adding a group to winreg allows remote access, each key's ACL still determines which keys the group can change. So to allow a remote user or group to change a setting on the computer, add that user or group to the local Users, Power Users, or Administrators group.
Write on wordpress seo article directory and foto cellulari. |
|
|
 |
 |
 |
 |
|
|
