If you’ve done much work supporting Windows XP, or any other
version of Windows that has been released in the last ten years, then you are
no doubt familiar with the Windows registry. As I’m sure you already know, Â the registry is the heart and sole of the
Windows operating system. Almost any aspect of Windows behavior can be
controlled through the registry. If you know what you are doing, you can use
the registry to make Windows do all sorts of wonderful things.

On the flip side though, if you don’t know what you are
doing (or if you have malicious intent), you can destroy Windows by modifying
the registry incorrectly. In fact, almost every article that you will ever see
which involves editing the Windows registry has some kind of standard
disclaimer telling you that you can destroy Windows and / or your applications
by modifying Windows incorrectly and that you should make a full system backup
before you so much as touch the registry.

The point is that the registry can be modified for both good
and evil purposes. With that in mind, how would you feel if I told you that
Windows XP contains a service that allows the Windows registry to be edited
remotely, without the knowledge of the person who is using the computer that’s
being modified? Would it make you feel any better if I told you that this
service is enabled by default? I didn’t think so. If you don’t like the idea of
anybody with a little know how being able to tamper with your Windows registry,
then you might consider disabling the remote registry service.

Author’s Note

Before you stop reading this article and go running off in a
panic to disable the Remote Registry service though, you should know that there
are some consequences to disabling the service.

Since there are both advantages and disadvantages to
disabling the Remote Registry service, I’m not going to tell you to disable it,
but I’m not going to tell you not to disable it either. You need to make up
your own mind as to what is appropriate in your organization. To help you
decide, I am going to show you how the remote registry service works, how to
enable or disable the service, and what the consequences are of disabling the
Remote Registry service.

Using the Remote Registry service

As I have already explained, the whole point of the Remote
Registry service is that it allows you to make modifications to the registry on
a remote machine. One minor detail that might make you feel a little bit better
though is that in Windows XP, not just anyone can modify a remote computer’s
registry. In order to make registry modifications to a remote machine, the
person who is making those modifications must be a member of the local
administrators group on the remote machine.

To access a remote machine’s registry, you must begin by
opening the Registry Editor on your own computer. Once the Registry Editor is
open, select the Connect Network Registry command from the Registry Editor’s
File menu. When you do, you will see the Select Computer dialog box appear.
Enter the name of the computer that you want to connect to and click OK. When
you do the remote computer’s registry will open within the Registry Editor.

You have to be at least a little bit careful when you are
editing a remote computer’s registry. You might have noticed that when you edit
your own computer’s registry, the top node displayed within the Registry Editor
is My Computer. Beneath My Computer, you find HKEY_LOCAL_MACHINE,
HKEY_CURRENT_USER, etc. When you open a remote computer’s registry, the My
Computer node still exists, and its contents still refer to your local
computer. The remote computer’s registry is beneath an entirely different node
which bares the remote computer’s name.

For example, of you open the registry of a remote computer
named COMPUTER1, then the registry editor will contain a My Computer node for
the local machine’s registry, and a COMPUTER1 node for the remote machine’s
registry. It is absolutely crucial that you edit the correct registry.

Enabling or disabling the Remote Registry service

Now that I have shown you how to work with the registry on a
remote system, I want to show you how you can disable the Remote Registry
Service. To disable the Remote Registry Service, you must do the work from the
computer whose registry you do not want to be remotely edited.

Begin the process by opening that machine’s Control Panel
and selecting the Administrative Tools icon. When the Administrative Tools
window opens, double-click the Services icon to open the Service Control
Manager.

The Service Control Manager displays a list of all of the
services that are running on the machine. Scroll through the list of services
until you locate the Remote Registry Service. Right click on the Remote
Registry Service and select the Properties command from the resulting shortcut
menu. You will now see the Remote Registry Properties sheet. At this point,
click the Stop button to shut down the service. You must now use the Startup
Type drop down list to set the startup type to Disabled. Click OK and the
Remote Registry Service is disabled and nobody will be able to remotely modify
that machine’s registry.

If you later decide that you need to re-enable the Remote
Registry Service then you can do so by opening the Service Control Manager,
right clicking on the Remote Registry Service, and selecting the Properties
command from the resulting shortcut menu. Now, just set the Startup type to
Automatic and click OK. Right click on the Remote Registry Service one more
time and select the Start command from the shortcut menu. The Remote Registry
Service is now up and running.

One side note that I want to mention is that the Remote
Registry Service is dependant on the Remote Procedure Call (RPC) service. If
the Remote Procedure Call Service is not started, you will not be able to start
the Remote Registry Service.

The consequences of disabling the Remote Registry service

At the beginning of this article, I mentioned that there
were some consequences to disabling the Remote Registry Service. Ninety nine
percent of the time, disabling the remote registry service won’t cause any
problems for you. There are a few applications out there that depend on it
though.

Another consequence of disabling the Remote Registry Service
on a machine is that you lose some of your ability to remotely manage the
machine. Imagine for a moment that your company informs you that they are
opening up a branch office in the middle of nowhere, near some place called
Hogs Holler, Kentucky.
Fortunately for you, you don’t actually have to visit Hogs Holler. You simply
preconfigure all of the machines and let the FedEx guy worry about finding the
place.

You setup the machines in your office, and since you are a
security conscious administrator, you disable the Remote Registry Service. You
pack the machines up and ship them off to the country. The administrator in
Hogs Holler receives the machines, plugs them up to the newly constructed
network, and everything appears to work fine. After a couple of weeks though,
someone from the branch office calls you and tells you that they are having a
weird problem. You try to connect to the remote machines using Remote
Assistance, but you suddenly realize that you forgot to enable Remote
Assistance on those machines. No problem, there is a registry tweak that you
can use to turn on Remote Assistance remotely. Wait a minute. You disabled
Remote Registry, so you can’t even use the tweak. It looks like you are going
to be taking the next Hillbilly Air flight to Hogs Holler.

OK, that’s kind of a silly example, but the point is that if
you do forget to enable remote assistance on a machine, you could normally use
the Remote Registry service to enable Remote Assistance via a registry tweak.
If you have disabled the Remote Registry service though, then you have
basically locked yourself out of that machine unless you physically travel to
the machine.