Re: Enable users to modify Protected Registry Keys

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Cathy Milan (cathymilan_at_excite.com)
Date: 03/11/04 

Date: Thu, 11 Mar 2004 11:21:47 -0500

Hi WTH

Can you please share that code with us. It might be helpful.

Cathy

"WTH" <spamsucks@Ih8it.com> wrote in message
news:Ou0TJl3BEHA.3024@tk2msftngp13.phx.gbl...
> Admin does, I have code which modifies policies in order to disable the
Task
> Manager under XP (and other items for Win2K.)
>
> WTH
>
> "Cathy Milan" <cathymilan@excite.com> wrote in message
> news:%23eXcleYBEHA.3776@tk2msftngp13.phx.gbl...
> > Doesn't an admin have the privilege to change the protection of
protected
> > keys?
> > I know it does for HKEY_LOCAL_MACHINE but how is it done for the
different
> > individual HKEY_CURRENT_USER?
> >
> > Cathy
> >
> >
> >
> > "Joseph M. Newcomer" <newcomer@flounder.com> wrote in message
> > news:bfbq40lfte1sf828e4gfl3onbf1kcdq2pv@4ax.com...
> > > None. I don't know why this question has become so popular in the last
> > week, but the
> > > answer is no, you can't, and there's nothing you can do to fix that,
> > because you do not
> > > have the privileges (in most machines) of changing either protected
keys
> > or the protection
> > > of protected keys.
> > >
> > > (I can think of dozens of fascinating ActiveVirus attacks and other
> > malware that could
> > > take advantage of these features, which is why there is protection in
> the
> > first place)
> > > joe
> > >
> > > On Mon, 8 Mar 2004 16:42:32 -0500, "Cathy Milan"
<cathymilan@excite.com>
> > wrote:
> > >
> > > >By default users are not able to modify registry keys under
> > > >
> > > >HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
> > > >
> > > >What code or function would I be able to use so that all
> > > >users would be able to modify those keys?
> > > >
> > > >Thanks in advance.
> > > >
> > > >Cathy
> > > >
> > >
> > > Joseph M. Newcomer [MVP]
> > > email: newcomer@flounder.com
> > > Web: http://www.flounder.com
> > > MVP Tips: http://www.flounder.com/mvp_tips.htm
> >
> >
>
>

Relevant Pages

  • RE: Thanks and a follow-up question on private keys
    ... These keys are not accessible even by an admin, ... these keys can be deleted if the profile is deleted by ... It seems from some replies that protected storage is located in a mixture of ... protection. ...
    (Focus-Microsoft)
  • Re: How About a Hardended Win2K Image to Bash?
    ... this and to them antivirus protection has a low TCO considering the havoc it ... part time admin that knows how to lock down a network or OS. ... There is also the possibility of a zero day threat that a antivirus ...
    (microsoft.public.security)
  • Re: Odd problems that have no permission to copy!
    ... as Bari asked, is your VM running while trying to copy its files? ... preventing the file protection (not recommended by very usefull in test ... Another problem might be the effective rights, you're admin on both servers ...
    (microsoft.public.scripting.vbscript)
  • Re: I turned off UAC
    ... All of those MS botnet machines are not out there by accident, as the user continually participates in the compromise of the machine, as they point and click on everything under the Sun as user admin. ... From what I understand, one can turn UAC up to its highest level and make it verbose, which will be the setting I'll use when I get to Windows 7. ... I must say that you have missed the point altogether about UAC, and the protection it provides to the machine and the O/S, not the user. ...
    (microsoft.public.windows.vista.general)
  • Re: UAC help anyone?
    ... user/admin with no protection, wide-open to attack. ... Nothing has stopped me from doing anything on Vista as admin with UAC enabled -- nothing. ... There is also this user account, yes, the same one on XP that allows one to use full admin rights, still have UAC enabled, but no UAC prompts. ... But even that built-in Administrator account doesn't have full rights on protected folders. ...
    (microsoft.public.windows.vista.general)