Securing Registry Keys in Windows 2000
RegEdt32 allows you to set permissions on any key in the Registry. Since most of the data in the Registry belongs to system components, you must use this feature carefully; if you change permissions on a key so that the application that needs it can’t get to it, you may destabilize or destroy your system.
The Security→Permissions... command, which displays the Permissions dialog as shown in Figure 5-12, is the only security-related command in the Windows 2000 version of RegEdt32. To use it, select a key in any root key window, then select the command. When the dialog opens, it shows which key you’ve selected and what ACEs are in effect for that particular key. This is different from the NT 4.0 version of the same dialog; that’s because the standard security dialog in Windows 2000 has been substantially enhanced.
Figure 5-12. Registry key Permissions dialog
The Name list shows the current list of accounts and groups that have ACE entries on this key. The names of domain groups are expanded to show the domain they belong in. You can change which users and groups are in the ACL with the Add and Remove buttons to the right of the list.
The Permissions field shows the predefined composite DACs listed in Table 5-3. The two checkboxes to the right of each entry let you specify whether to allow or deny specific permissions, according to the rules I mentioned ...
Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.