9.8. Restricting Access to the Registry


You want to restrict access to a certain registry key or value. This may be necessary if you need to store sensitive data in the registry and want to prevent normal users from seeing it.


Using a graphical user interface


You must use regedt32.exe to set registry permissions on Windows 2000.

  1. Open the Registry Editor (regedit.exe).

  2. In the left pane, browse to the key on which you want to set permissions.

  3. Right-click the key and select Permissions.

  4. To add a new permission, click the Add button. This launches the Object Picker dialog box. Select the user or group you want to add permissions for and click OK. The default permission granted to this user or group is read access.

  5. To delete a permission, select the user or group you want to remove under Group or user names and click the Remove button. Click OK.

  6. To modify a permission, click the Advanced button. Select the permission you want to modify under Permission entries and click the Edit button. Check the boxes corresponding to the permissions you want to grant. Click OK until all dialog boxes are closed.


You can also configure registry permissions with group policy. In the left pane of the Group Policy Object Editor, navigate to \Windows Settings\Security Settings\Registry in either the Computer Configuration or the User Configuration section. Right-click on Registry and select Add Key. This allows you to select a target registry key and configure the permissions you wanted on ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.