Tech Tips / Windows NT / Registry

Restricting registry edits

It seems like all the cool stuff to enhance NT performance involves registry editing. Obviously you don't want just anyone to have the capability to make potentially devastating registry changes. Here's a way to restrict access to regedt32.exe. (Note that this procedure works in Windows 2000 as well).

Using the registry editor and being logged on as an account with admin privileges, follow these steps:

  1. Highlight HKEY_USERS and choose Load Hive from the Registry menu.
  2. Browse to the user's profile directory for whom you want to restrict access and select NTUser.dat.
  3. When prompted for Key Name, input the username.
  4. Navigate to \Software\Microsoft\Windows\CurrentVersion\Policies.
  5. If no System subkey exists, use Add Key to create it. Then add the value DisableRegistryTools (under the System key) using type REG_DWORD and set it to 1.
  6. Click Registry | Unload Hive.

If you want to do this for all users, it's best to use a system policy.

Note: Please remember that editing your registry can be risky, so always have a verified backup before you begin.

Contact Us | Authors | Subject Index | Directory | RSS Feeds

Copyright ©2006 Setup32.com