Secure registry for remote access
Have a client program that accesses a server using a mapped drive and uses
this connection to access the server's registry for it's settings.
At the moment I am trying to secure the registry so that a user with this
program could not open regedt32 or regedit and tamper with the servers
registry but I am having a few problems.
If I give read access to
HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg then when I
run regedt32 as a user with only user group permissions I can access and
change almost any registry key/value that does not have specific permissions
to restrict access. In the MSDN various articles state that you do not need
to give permission on the winreg key as long as you add the path to the key
you wish to access in the Machine MULTI_SZ under the winreg\AllowedPaths key
e.g. add path Software\Test and I should be able to connect anonymously and
access the HKLM\Software\Test key with the access being restricted by the
permissions on the Test key. Unfortunatly this does not work either as the
client program is unable to access the registry at all.
Has anybody come across this problem? Does anyone have a solution?
Top DevX Stories
Easy Web Services with SQL Server 2005 HTTP Endpoints
JavaOne 2005: Java Platform Roadmap Focuses on Ease of Development, Sun Focuses on the "Free" in F.O.S.S.
Wed Yourself to UML with the Power of Associations
Microsoft to Add AJAX Capabilities to ASP.NET
IBM's Cloudscape Versus MySQL