We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

How to lock-down the registry...

TheKenman
TheKenman asked
on
Medium Priority
6,114 Views
Last Modified: 2008-01-16
Mainly so webpages can't hijack your homepage, disable you from changing your homepage, or disable you from accessing your registry. Would prefer a .vbs solution.
Comment
Watch Question

Author

Commented:
P.S. Registry must still be accessible by adminstrator.

Commented:
Use a policy:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/205.asp

...and write a script that will enable/disable the policy.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Also, the professional version of AD-AWARE has a program called AD-WATCH. It doesn't stop a change to the registry, but it does tell you exactly where the change occurred.

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

Author

Commented:
Those are decent suggestions for a home user, but in a corporate setting they are not feasible. Also the reason I would prefer a .vbs- so I can easily mass-deploy the solution.

Thanks though!

Commented:
Well BlackICE comes in a Corporate level configuration.

The other option is the Policy that I suggested above.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Locking down the registry completely can be a daunting task
http://www.uksecurityonline.com/husdg/windowsxp/registry.htm
or MS XP version http://support.microsoft.com/default.aspx?kbid=314837
Requires setting permissions on the registry key's themselves and can even lock user's out from installing software, depends on how many User's you have on your PC. I studied the above pages some time back and decided against it myself. I just keep mjy virus and firewall updated and have had no problem. I also use the above reg edit to prevent homepage changing. I keep that key in my fav's list in my JUmp2Reg program though just in case.

Bottom of the 1st page is this though;
Also if you have the Windows 2000/XP Resource Kit then you can consider using the SUBINACL command to just replace the EVERYONE group wherever it is found with Authenticated Users.

Author

Commented:
Thanks guys, sorry it took so long to get back to this.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.