9.8. Restricting Access to the Registry
You want to restrict access to a certain registry key or value. This may be necessary if you need to store sensitive data in the registry and want to prevent normal users from seeing it.
Using a graphical user interface
You must use regedt32.exe to set registry permissions on Windows 2000.
Open the Registry Editor (regedit.exe).
In the left pane, browse to the key on which you want to set permissions.
Right-click the key and select Permissions.
To add a new permission, click the Add button. This launches the Object Picker dialog box. Select the user or group you want to add permissions for and click OK. The default permission granted to this user or group is read access.
To delete a permission, select the user or group you want to remove under Group or user names and click the Remove button. Click OK.
To modify a permission, click the Advanced button. Select the permission you want to modify under Permission entries and click the Edit button. Check the boxes corresponding to the permissions you want to grant. Click OK until all dialog boxes are closed.
You can also configure registry permissions with group
policy. In the left pane of the Group Policy Object Editor,
Settings\Registry in either the
Computer Configuration or the
User Configuration section.
Right-click on Registry and
select Add Key. This allows you to select a target registry key and configure the permissions you wanted on ...