Chapter 7: Managing Registry Security

Previous page
Table of content
Next page

Overview

Security is not the most interesting registry-related topic, nor is it the most popular. I don't use a lot of pages talking about it because, well, there's just not much to tell you. You can change a key's access control list (ACL). You can audit keys. You can also take ownership of keys. You can't do any of these things with individual values, though. Power users generally won't care much about registry security, but IT professionals often have no choice.

Just because you can edit keys' ACLs doesn't mean you should, however. Messing with your registry's security is not a good idea unless you have a specific reason to do so. At best, you will make a change that's irrelevant, but at worst, you can prevent Microsoft Windows XP from working properly. So why am I including security in this book at all? There are cases in which IT professionals must change the registry's default permissions to deploy software. That is a totally different story than tinkering with your registry's security out of curiosity. For example, you might have an application that users can run only when they log on to the operating system as a member of the Administrators group. Ouch. In a corporate environment, you don't want to dump all your users in this group. The solution is to deploy Windows XP with custom permissions so users can run those programs as a member of the Power Users or Users group. This is the most common scenario, and it's the primary focus of this chapter.

You have two methods of deploying custom permissions. First you can do it manually. For the sake of completeness, I show you how to change a key's permissions in Registry Editor (Regedit). You can also build a security template, complete with custom registry permissions, and then apply that template to a computer manually. You wouldn't run around from desktop to desktop applying the template, though; you'd apply that template to your disk images before deployment. The second method is by using Group Policy. You create a Group Policy object (GPO) and then import a security template into it to create a security policy for your network. Windows XP automatically applies the custom permissions in your template to the computer and user if that GPO is in the Resultant Set of Policy (RSoP). I don't talk about Group Policy a whole lot in this book, but Chapter 6, "Using Registry-Based Policy," points out a lot of good, free resources for learning more about it.

Note 

If you're interested in learning about the new security features in Windows XP, see the white paper "What's New in Security for Windows XP Professional and Windows XP Home Edition." You find this paper on Microsoft's Web site at http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/evaluate/xpsec.asp


Previous page
Table of content
Next page
Microsoft Windows XP Registry Guide
Microsoft Windows XP Registry Guide (Bpg-Other)
ISBN: 0735617880
EAN: 2147483647
Year: 2005
Pages: 185
Authors: Jerry Honeycutt
BUY ON AMAZON
C++ How to Program (5th Edition)
Introduction to 80x86 Assembly Language and Computer Architecture
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
GO! with Microsoft Office 2003 Brief (2nd Edition)
Information Dashboard Design: The Effective Visual Communication of Data
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy