<div>
<div class="content wysiwyg-content">
I have been task by the Security department to change the registry permissions for the following paths for all of my Windows 2008 R2 servers (which include DCs, member servers, Exchange 2010, ect. ) <br />
<br />

<div class="bullet">
HKLM\Software\Microsoft\Wi<wbr />ndows NT\CurrentVersion\SecEdit\<wbr />
</div>
<div class="bullet">
HKLM\System\CurrentControl<wbr />Set\Servic<wbr />es\CryptSv<wbr />c\Security<wbr />\
</div>
<div class="bullet">
HKLM\System\CurrentControl<wbr />Set\Servic<wbr />es\rpcss\S<wbr />ecurity\
</div>
<div class="bullet">
HKLM\System\CurrentControl<wbr />Set\Servic<wbr />es\samss\S<wbr />ecurity\
</div>
<br />
The requirement is to have an ACL of only:<br />

<div class="bullet">
Administrators - Full Control
</div>
<div class="bullet">
SYSTEM - Full Control
</div>
<br />
Has anyone done this before with no negative effects within their network? &nbsp;No time to setup a test network right now.
</div>
</div>


I have been task by the Security department to change the registry permissions for the following paths for all of my Windows 2008 R2 servers (which include DCs, member servers, Exchange 2010, ect. ) 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\SecEdit\
HKLM\System\CurrentControlSet\Services\CryptSvc\Security\
HKLM\System\CurrentControlSet\Services\rpcss\Security\
HKLM\System\CurrentControlSet\Services\samss\Security\

The requirement is to have an ACL of only:
Administrators - Full Control
SYSTEM - Full Control

Has anyone done this before with no negative effects within their network?  No time to setup a test network right now.

registry permission change for hklm\Software\Microsoft\Windows NT\CurrentVersion\SecEdit

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.