Dave, Chris, * Chris Taylor (2005-10-27 10:59 +0100) > Dave Korn wrote: >> Thorsten Kampe wrote: >>>* Chris Taylor (2005-10-26 17:38 +0100) >>>>Problem with that is that if the sysadmin knows what he's doing, it only >>>>takes about 4 seconds to block off almost all possible ways of actually >>>>editing the registry... >>> >>>Definitely not. >> >> Oh yes it does. Start->Run->regedit. Right-click the user's tree under >> HKEY_USERS, choose Permissions, remove their write access leaving them a >> read-only per-user registry tree. Easily done in 4 seconds by an experienced >> BOFH, and can't be reversed without admin rights! > > Thankyou for proving my point Dave. > Does anyone else feel Thorsten should let this go now, before we all > lose any semblance of respect for him as a person? (Or did that already > happen to the rest of you?)
You and Dave actually tried that, didn't you?! Of course you did - because, as Dave pointed out in [1]: "There's an important point here. Before claiming that a piece of software does or does not exhibit a certain behaviour, DON'T JUST GUESS - TEST IT AND SEE!" The bad news is that your whole scenario is absolutely pointless. The registry key under HKEY_USERS is only dynamically loaded from the user's ntuser.dat while he's *logged on*[2]. So an experienced BOFH couldn't just "Right-click the user's tree under HKEY_USERS, choose Permissions, remove their write access leaving them a read-only per-user registry tree" BECAUSE THERE IS NO SUCH KEY UNDER HKEY_USERS!! It's easy to verify that if you look at [3]. T. [1] http://permalink.gmane.org/gmane.os.cygwin/70828%3E [2] except systemprofile, LocalService and NetworkService which are always loaded [3] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/