Windows 2000 and later including Windows XP & Windows 2003 supports Remote Registry access using Remote Registry service. This allows a remote user or a remote administrator to connect to the PC or server systems registry remotely and view or modify it. While this is ideally a feature for Remote Administrator or Management Applications to efficiently manage systems without having to manally logging onto the system, this can be a potential security risk.
In simple terms, if this service is not used for any management purpose then needs to be disabled.
To disable the service,
1. Click Start - RUN and type "services.msc"
2. In the right-pane, right-click "Remote Registry" and select Propertes.
3. Select Startup type as "Disabled" and click "stop" if the service is running.
4. Click Apply and OK.
This as said earlier, if there is no need for anyone to connect and modify the Windows Registry remotely. However, if this PC or a system is a part of a corporate network and is part of Active Directory domain then select list of admins or admin groups might need permission to control the registry. In this case, the alternate option to selectively restrict access to the registry remotely the following procedure will help:
1. Click Start - RUN.
2. Type "regedit" and press enter. This will open the Windows Registry Editor.
3. Navigate to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\
4. Select "winreg" and click Edit, Select "Permissions"
5. Select appropriate users/groups & appropriate permission like "Read" or "full Control".
6. Click OK and exit.
This should restrict Remote Registry access on your Windows Server or PC.
Posts
Post a Comment