Registry Security Fundamentals

The Registry’s hierarchical arrangement looks suspiciously like that of a filesystem in more ways than one. Like NTFS files, directories, and volumes, Registry keys can have attached attributes that control who owns them, who may read, write, and change them, and what events should be logged for further scrutiny.

In particular, every key has an access control list, or ACL, associated with it. The ACL is made up of zero or more access control entries, or ACEs. Each ACE grants a specific permission to a specific user or group. The permissions specified by the ACEs in the ACL apply to the object that holds the ACL and its children, if any. There are actually two separate kinds of ACL: a discretionary ACL (DACL) contains the permissions you put on the key, and a system ACL (SACL) contains permissions applied (and managed) directly by the OS.

Basic Registry Permissions

Some Windows 2000 permissions apply to more than one kind of object. However, the semantics of Registry permissions are a bit different from those of filesystem or objects. Table 5-2 shows the 10 basic permissions that can be attached to Registry keys. These permissions are also called Discretionary Access Controls, or DACs.

Table 5-2. Registry Access Permissions

Permission

What It Allows

Query Value

Retrieving a specific key’s value: for example, the value Paul Robichaux of the HKLM\SOFTWARE\SMAIL\Users key

Set Value

Changing the contents of a specific key’s value

Create Subkey ...

Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.