Tech Tip: Restrict access to the NT registry

Take these steps to restrict access to the registry.

Most experienced IT pros are familiar with the risks that come with editing the registry, but the same isn't always true for those capable users who have just enough knowledge to make them dangerous. If you're concerned that one of your inquisitive users may experiment with editing the registry, you can take steps to protect your systems.

You can restrict specific users from editing the registry. Follow these steps:

  1. Open the Registry Editor. (Go to Start | Run, and type regedt32.exe.)
  2. Highlight HKEY_USERS, and select Load Hive from the registry menu.
  3. Go to the Users Profile directory of the user you want to restrict, and select Ntuser.dat.
  4. When prompted for the Key Name, enter the user ID.
  5. Navigate to \Software\Microsoft\Windows\CurrentVersion\ Policies, and add the System subkey if it doesn't already exist.
  6. Under the System subkey, add the DisableRegistryTools value.
  7. Make the value a REG-DWORD type, and set the value to 1.
  8. Unload the Hive from the registry menu.
  9. Close the Registry Editor, and restart the system.

Note: Editing the registry is risky, so be sure you have a verified backup before making any changes.

Editor's Picks

Free Newsletters, In your Inbox