Registry Tasks and Tools | 115
The Registry
So, which keys do you lock, and which actions do you forbid? Here are
some examples:
Make a read-only key. To lock a value yet still allow applications and Windows
to read it, place a Deny checkbox next to Set Value, Delete, and
Write Owner, as in Figure 3-10.
Create a complete lock-out. To prevent all applications from reading, modifying,
or deleting a value, place a Deny checkbox next to Full Control.
Keep away ShellNew. To prevent applications from making new keys
under the selected key, place a Deny checkbox next to Create Subkey.
For instance, you can do this to file type keys (explained later in this
chapter) to prevent applications from adding themselves to Windows
Explorer??™s New list.
Enforce security policies. To prevent another user from modifying a security
policy (such as those covered in Chapter 8), use the procedure in
???Find the Registry Key That Does...,??? earlier in this chapter, to locate
Figure 3-10. Lock a Registry key to prevent applications or Windows from modifying it
116 | Chapter 3: The Registry
the corresponding key in the Registry. Then, instead of adding a Deny
rule to the key as described above, remove any permissions that allow
anyone other than an administrator to delete, modify, or add subkeys to
the key. Make sure that there??™s still at least one rule for the Administrators
group (or at least your own administrator-level account) that
affords Full Control.
Pages:
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180