O'Reilly logo

Managing The Windows 2000 Registry by Paul Robichaux

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing Registry Keys in Windows 2000

RegEdt32 allows you to set permissions on any key in the Registry. Since most of the data in the Registry belongs to system components, you must use this feature carefully; if you change permissions on a key so that the application that needs it can’t get to it, you may destabilize or destroy your system.

The SecurityPermissions... command, which displays the Permissions dialog as shown in Figure 5-12, is the only security-related command in the Windows 2000 version of RegEdt32. To use it, select a key in any root key window, then select the command. When the dialog opens, it shows which key you’ve selected and what ACEs are in effect for that particular key. This is different from the NT 4.0 version of the same dialog; that’s because the standard security dialog in Windows 2000 has been substantially enhanced.

Registry key Permissions dialog

Figure 5-12. Registry key Permissions dialog

  • The Name list shows the current list of accounts and groups that have ACE entries on this key. The names of domain groups are expanded to show the domain they belong in. You can change which users and groups are in the ACL with the Add and Remove buttons to the right of the list.

  • The Permissions field shows the predefined composite DACs listed in Table 5-3. The two checkboxes to the right of each entry let you specify whether to allow or deny specific permissions, according to the rules I mentioned ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required