Windows 2000 Server allows you to access and modify a registry remotely. This ability can serve as a very powerful method for fixing or tweaking a system across the network.
In some cases, the ability to remotely edit the registry can be a lifesaver that helps you bring a near-dead server back to life. In fact, in some situations, you can even overcome the inability to log on locally by making a registry fix.
However, this ability is not without its drawbacks. Most important, remote registry access is a potential security risk. So, if you don't need or want to manage a server's registry remotely, you should disable this access to better secure the system.
Follow these steps:
- Go to Start | Run.
- Enter Regedt32.exe, and click OK.
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg.
- Go to Security | Permissions.
- In the Permissions dialog box, allow and deny access to groups and users as needed. (A good place to start is to allow full access to the local System Administrators Group, and give read access to the System account and the Everyone group.)
- Close the Registry Editor, and restart the computer.
If the winreg key doesn't exist, you can easily add it. Follow these steps:
- After you've opened the Registry Editor and navigated to the above key, go to Edit | Add Key.
- Name the key winreg, and give it a class of REG_SZ.
- Select the new key, and go to Edit | Add Value.
Value: Registry Server
After you've created the key, continue with the steps listed above.
Note: Editing the registry can be risky, so be sure you have a verified backup before making any changes.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!