Recipe 9.8. Restricting Access to the Registry

Previous page
Table of content
Next page

Problem

You want to restrict access to a certain Registry key or value. This may be necessary if you need to store sensitive data in the Registry and want to prevent normal users from seeing it.

Solution

Using a graphical user interface

  1. Open the Registry Editor (regedit.exe).

  2. In the left pane, browse to the key on which you want to set permissions.

  3. Right-click the key and select Permissions.

  4. To add a new permission click the Add button. This launches the Object Picker dialog box. Select the user or group you want to add permissions for and click OK. The default permission granted to this user or group is Read Access.

    1. To delete a permission select the user or group you want to remove under Group or user names and click the Remove button. Click OK.

    2. To modify a permission, click the Advanced button. Select the permission you want to modify under Permission entries and click the Edit button. Check the boxes corresponding to the permissions you want to grant. Click OK until all dialog boxes are closed.

      You can also configure Registry permissions with Group Policy. In the left pane of the Group Policy Object Editor, navigate to \Windows Settings\Security Settings\Registry in either the Computer Configuration or the User Configuration section. Right-click on Registry and select Add Key. This will allow you to select a target Registry key and configure the permissions you want on that key.


Using a command-line interface

Use the subinacl command to grant access to a Registry key. This grants full control for the specified user over a key:

> subinacl /verbose=1 /keyreg \\<ComputerName>\<KeyPath> /grant=<UserOrGroup>

For example:

> subinacl /verbose=1 /keyreg \\fs01\HKEY_LOCAL_MACHINE\Software\Rallencorp  /grant=AMER\rallen

You can also revoke access to a key using the next command. The following command revokes members of the users group from being able to access the specified Registry key:

> subinacl /verbose=1 /keyreg \\<ComputerName>\<KeyPath> /revoke=<UserOrGroup>

For example:

> subinacl /verbose=1 /keyreg \\.\HKEY_LOCAL_MACHINE\Software\Rallencorp  /revoke=Users

Lastly, you can view what users and groups have access on a Registry key using the /display option with subinacl as shown here:

> subinacl /verbose=1 /keyreg \\<ComputerName>\<KeyPath> /display

For example:

> subinacl /verbose=1 /keyreg \\fs01\HKEY_LOCAL_MACHINE\Software\Rallencorp /display

Discussion

Another useful feature of the permissions function in Registry Editor is Effective Permissions. With it, you can select a user or group and determine what rights it has over a key.


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Java for RPG Programmers, 2nd Edition
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Special Edition Using Crystal Reports 10
.NET-A Complete Development Cycle
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy