I have been task by the Security department to change the registry permissions for the following paths for all of my Windows 2008 R2 servers (which include DCs, member servers, Exchange 2010, ect. )
The requirement is to have an ACL of only:
Administrators - Full Control
SYSTEM - Full Control
Has anyone done this before with no negative effects within their network? No time to setup a test network right now.