Protecting the Registry Against Unauthorized Remote Access

The remote access to the registry is very convenient when the system administrator needs to support end users from his own workplace. However, in some cases, this capability may be potentially dangerous, that's why remote access must be authorized.

When you attempt to connect the registry of the remote Windows NT/2000 system, the Server service will check if there's an HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg key in that registry (Fig. 9.6). Getting remote access to the registry is made possible with the following factors:

  • If there isn't a \Winreg key in the registry you want to protect, then any remote user will have access to the registry. This user will be able to manipulate your registry within the limits defined by its ACL.

  • If there's a \Winreg subkey, then the Access Control List defined for this key will specify who can access the registry remotely. (But remember that Back Orifice 2000, or BO2K, allows remote access to the registry. However, someone must install its server part on your system).

click to expand
Fig. 9.6: Configuring the Access Control List for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg

This means that to protect your system from unauthorized remote access, you need to configure the ACL for the following registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg.

If the ACL for Winreg key provides the remote user's read or write access (explicitly or through group membership), the user will be able to connect to the Windows NT/2000/XP registry remotely. After establishing the connection, the user rights will be restricted only by his access rights to individual keys. Thus, if the user has Read access to the Winreg key, this will provide him access to other registry keys (if this is allowed by their ACLs).

Note 

You only need to create the \Winreg key on the computers running Windows NT 4.0. Workstation. Windows NT 4.0. Server, Windows 2000 Professional and Windows 2000 Server contain this key by default, and system administrators have Full Control access to this key.



Windows XP Registry
Linux Enterprise Cluster: Build a Highly Available Cluster with Commodity Hardware and Free Software
ISBN: N/A
EAN: 2147483647
Year: 2000
Pages: 144
Authors: Karl Kopper

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net