Hi all:
Looking for some deeper knowledge about reg key permissions similar to
that easily available for file & folder permissions. My security group
has changed their scanning and we have a new finding.
Specifically, Windows 2012R2 though I think it may apply more
universally. At HKey Classes Root, our security policy require the user
group is to have read only. At the basic level that is exactly what
shows "Read". However they are flagging a subsetting they call
"execute" which I suspect may be actually "Query Value" or "Enumerate
subkeys" when I look at the Effective Permissions.
Does anyone have anything that would confirm my suspicion that similar
to Traverse and List under file & folder permissions, in order to read a
subkey you must have the Query Value & Enumerate subkeys permission?
tks
gt
- [NTSysADM] Registry Key Permissions geoff taylor
-
