The Easiest Methods of Restricting the Registry Access

Previous page
Table of content
Next page

The easiest way to avoid problems caused by unskilled users who damage the registry is to simply prevent their access to the registry. If Windows NT/2000/XP is installed on the NTFS partition, restricting registry access can be done by setting permissions to critically important files, including registry editors, registry hives, and user profiles. Unfortunately, using NTFS isn't always possible. For example, sometimes it's necessary to use the FAT file system because of legacy applications (most Windows NT/2000 computers use FAT for this reason). Thus, if it's necessary to use the FAT, you'll need to develop alternative measures of protecting the registry.

Additional Protection in Windows 2000 and Windows XP

As I already mentioned, the Windows 2000/XP user interface is oriented towards beginners, who may need protection from their own errors. Because of this, Windows 2000/XP provides the so-called "super-hidden" files.

In Chapter 1, we discussed the protected operating system files (which shouldn't be edited, or even seen, by the ordinary user). These files are sometimes called "super hidden". Actually, there's no such attribute. The files simply have a combination of Hidden and System attributes. By default, Windows Explorer doesn't display these files. You may set Hidden and System attributes for registry editors. Thus, you'll "hide" them from beginner users, who may be afraid of command lines such as dir /a.

If you decide to take this simplest protective measure, don't forget to restore the default system options in relation to displaying protected operating system files. From Windows Explorer or My Computer, select the Folder Options command from the Tools menu, then click the View tab (Fig. 9.1). In the Advanced settings list, set the Do not show hidden files and folders radio button. Also, don't forget to set the Hide protected operating system files (Recommended) option.

click to expand
Fig. 9.1: Default operating system options in relation to protected operating system files

Note 

Did you place the Regedit shortcut to the desktop or to the Start menu (just for convenience)? Well, don't forget to remove them, or otherwise the user can find them with the Search command (Fig. 9.2).

click to expand
Fig. 9.2: The Search command finds Regedit shortcuts

Also, the Start menu contains the Run command, and setting the Hidden and System attributes won't prevent the user from starting Regedit.exe using this command. And, in any case, this method only allows you to "hide" potentially dangerous files from beginners, who may be afraid of command lines such as dir /a.

Tip 

Some authors recommend that one "delete Regedit.exe from all workstations". This, of course, will prevent the beginners from running it. But what about convenience? A better solution would be to rename the file and move it to another directory. Of course, if you decide to do so, don't forget where you moved the file and how you named it.


Previous page
Table of content
Next page
Windows XP Registry
Linux Enterprise Cluster: Build a Highly Available Cluster with Commodity Hardware and Free Software
ISBN: N/A
EAN: 2147483647
Year: 2000
Pages: 144
Authors: Karl Kopper
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Java for RPG Programmers, 2nd Edition
GO! with Microsoft Office 2003 Brief (2nd Edition)
.NET System Management Services
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy