You can also restrict the registry paths that can be connected to remotely via policy (local or group) to further lock this down.
Cheers Ken From: Christopher Bodnar [mailto:[email protected]] Sent: Monday, 17 August 2009 8:39 PM To: NT System Admin Issues Subject: RE: log parsing Taken directly from the article: In Windows 2000 and later, only Administrators and Backup Operators have default network access to the registry. How severe a security risk this is depends on a number of other factors. I'd take a look at your whole security structure not just this one aspect of it. Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected]<mailto:[email protected]> Phone: 610-807-6459 Fax: 610-807-6003 -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Sunday, August 16, 2009 1:53 PM To: NT System Admin Issues Subject: log parsing Hi, I'm trying to run a script that uses logparser.exe and send by email changes seen in the event viewer in a Windows 2K machine. The scripts fails to connect to the registry getting "Error connecting to registry on server XXXXX". If I manually start the service remote registry, then the script works. However this is a critical machine and I've read around that allowing the remote registry service can be risky. So I came across this article from Microsoft: http://support.microsoft.com/kb/153183/EN-US/ and I tried to add the Users entry in the registry using regedit. Unfortunately adding an entry for the administrator didn't work (neither using administrator nor capitalizing using Administrator). Also the article states "Select "winreg". Click Security and then click Permissions. Add users or groups to which you want to grant access." I don't where I can "click" on security on this version of regedit. Questions: - Is really a security risk running the remote registry service? - How can I bypass and allow just certain users (administrators for instance) to access the registry? thanks in advance, Miguel ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
