[Gllug] Windows registry permissions (was: Trojans and social engineering)
John Edwards
john at cornerstonelinux.co.uk
Thu Aug 12 10:27:19 UTC 2010
On Thu, Aug 12, 2010 at 09:33:39AM +0100, Nix wrote:
> On 11 Aug 2010, Andrew Farnsworth said:
>> it keeps the individual configurations separate and you can give specific
>> permission access to the individual configuration files,
>
> You can give different permission access to individual nodes in the
> registry. There's just no UI to let the user do so (sigh).
In Windows 2000 and above - open regedit, right click on a key
and select "Permissions". In NT 4.0 and below I think you have
to use regedt32.
I suspect that "Home" versions of Windows may have this feature
disabled, but can't check at the moment.
It's not a great UI, but it is does exist and it is consistent
with the file permissions UI.
You can also expect a whole bunch of programs to stop working
or behave badly if you lock down the registry to the level
recommended by Microsoft's security docs for a shared machine.
This used to even include Microsoft Office.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100812/f0ae81b8/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list