The first thing that I would do would be to assess exactly what kind of access I DO need to grant and to who and then see how to go about preventing everything else. I don't know if I've ever seen a 'Top 10 keys to keep safe' anywhere.
Wouldn't it be easier to keep the remote reg off limits to everyone but a few trusted domain admin-like accounts? How about a special remote reg account-that way auditing/accountability can be strong? Regards Murad Talukdar --------------------------------------------------------------------------- ---------------------------------------------------------------------------
