Disable registry in Windows Server 2003

70 pts.
Tags:
Group Policy
Registry editor
User Management
Windows Server 2003
I am using Windows Server 2003. What path is taken to disable the users the ability to edit the registry?

Software/Hardware used:
W2K3 Server
ASKED: May 22, 2010  12:47 PM
UPDATED: May 24, 2010  5:27 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

First, do not make them administrators of the server. (Windows, if I am an admin I OWN the server.)

Next, set a policy to deny specified users / groups access to regedit.exe.

I would also have a policy that they cannot edit the registry. Logging and enforcement of the policy is required or someone will ignore.

NOTE: 1: This is not a perfect solution and there are many ways around the restriction of a file, including third party registry editing tools.

NOTE 2: So long as they are not an administrator of the server, they cannot edit the machine hive. Should they blow up their own profile, delete it and it recreates on next log in. having to reset all you custom settings a couple times usually convinces people to stop doing things they shouldn’t. (Not perfect either as some vendors grant users permissions to their machine hive settings.)

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following