Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

7.8. Securing the Registry

Inasmuch as the Registry is sort of the master control room for your server software, it stands to reason that the control room ought to have a door with a lock on it. It does, which is why we're next going to examine Registry permissions.

7.8.1. Subkeys Have Permissions

While it's not been obvious so far, each Registry subkey has a set of Windows permissions for restricting who can modify or even view that subkey's contents. (You can't set permissions on an entry, just a subkey.) By default, Windows blocks any "standard" users ("standard user" is Microsoft's phrase for user accounts that are not members of the Administrators group) from writing anything to HKEY_LOCAL_MACHINE, and in fact those accounts can only write to their own HKEY_CURRENT_USER key. To demonstrate that, we need a non-administrative account, so let's create a user named "nopower," log on with that account, and view our Registry permissions. (Note: if you're skipping around the book and want to do this exercise but you've skipped ahead and already created something called an "Active Directory domain controller," then you will not be able to do this exercise, as standard users may not log onto an AD DC. It will, however, run fine on any member server or domain member, such as an XP or Vista workstation. If you didn't skip ahead, then don't worry, this will work fine.)


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint