TheKenman
asked on
How to lock-down the registry...
Mainly so webpages can't hijack your homepage, disable you from changing your homepage, or disable you from accessing your registry. Would prefer a .vbs solution.
Use a policy:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/205.asp
...and write a script that will enable/disable the policy.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/205.asp
...and write a script that will enable/disable the policy.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, the professional version of AD-AWARE has a program called AD-WATCH. It doesn't stop a change to the registry, but it does tell you exactly where the change occurred.
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
ASKER
Those are decent suggestions for a home user, but in a corporate setting they are not feasible. Also the reason I would prefer a .vbs- so I can easily mass-deploy the solution.
Thanks though!
Thanks though!
Well BlackICE comes in a Corporate level configuration.
The other option is the Policy that I suggested above.
The other option is the Policy that I suggested above.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Locking down the registry completely can be a daunting task
http://www.uksecurityonline.com/husdg/windowsxp/registry.htm
or MS XP version http://support.microsoft.com/default.aspx?kbid=314837
Requires setting permissions on the registry key's themselves and can even lock user's out from installing software, depends on how many User's you have on your PC. I studied the above pages some time back and decided against it myself. I just keep mjy virus and firewall updated and have had no problem. I also use the above reg edit to prevent homepage changing. I keep that key in my fav's list in my JUmp2Reg program though just in case.
Bottom of the 1st page is this though;
Also if you have the Windows 2000/XP Resource Kit then you can consider using the SUBINACL command to just replace the EVERYONE group wherever it is found with Authenticated Users.
http://www.uksecurityonline.com/husdg/windowsxp/registry.htm
or MS XP version http://support.microsoft.com/default.aspx?kbid=314837
Requires setting permissions on the registry key's themselves and can even lock user's out from installing software, depends on how many User's you have on your PC. I studied the above pages some time back and decided against it myself. I just keep mjy virus and firewall updated and have had no problem. I also use the above reg edit to prevent homepage changing. I keep that key in my fav's list in my JUmp2Reg program though just in case.
Bottom of the 1st page is this though;
Also if you have the Windows 2000/XP Resource Kit then you can consider using the SUBINACL command to just replace the EVERYONE group wherever it is found with Authenticated Users.
ASKER
Thanks guys, sorry it took so long to get back to this.
ASKER