Sign in with
Sign up | Sign in
Your question

Disabled registry editing

Last response: in Windows 2000/NT
Share
Anonymous
October 4, 2004 2:52:58 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I set up a small Domain with Win2k Server a couple of years ago and all has
been fine until the users tried to install a new document mangement program
on a Win XP workstation. The program wants to make alterations to the
registry for each user, and won't install correctly as I've disabled
registry editing for ordinary users. I'm not sure where I invoked this
policy restriction

I checked through the various policies that I thought were relevent but
can't find where I've made the change - whether it is in the Domain Policy,
User Group Policy or elsewhere.

Any idea of where "Disable Registry Editing Tools" resides?

Ta

Gerry
Anonymous
October 4, 2004 3:18:06 PM

Archived from groups: microsoft.public.win2000.security (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scarebus wrote:
| Hi,
|
| I set up a small Domain with Win2k Server a couple of years ago and
all has
| been fine until the users tried to install a new document mangement
program
| on a Win XP workstation. The program wants to make alterations to the
| registry for each user, and won't install correctly as I've disabled
| registry editing for ordinary users. I'm not sure where I invoked this
| policy restriction
|
| I checked through the various policies that I thought were relevent but
| can't find where I've made the change - whether it is in the Domain
Policy,
| User Group Policy or elsewhere.
|
| Any idea of where "Disable Registry Editing Tools" resides?
|
| Ta
|
| Gerry
|
|
You could make your users 'power users' on the local workstation. We
have software which needs to alter registry keys and that works around
the problem. You could do this via a gpo by using computer configuration
| windows settings > security settings > restricted groups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBYSNeqmlxlf41jHgRAjbcAKCDf5Q/vZgXlaWWnUB8r4p+kazUrwCg1s89
Q2wTK0tTDqiZDpWsq2df6tY=
=3Ihz
-----END PGP SIGNATURE-----
Anonymous
October 5, 2004 2:55:35 AM

Archived from groups: microsoft.public.win2000.security (More info?)

That may not necessarily fix the problem but that settings is under user
configuration/administrative templates/system. If you change that setting on
a domain controller run secedit /refreshpolicy user_policy /enforce on it
and then have the user logoff and logon to speed up policy propagation. If
you logon to a domain computer and run the support tool gpresult it will
show what user configuration Group Polices are being applied to a user and
anyone could be the GPO setting the restriction. GPO /v will give much more
detailed info. --- Steve



"Scarebus" <scarebus@hotmail.com> wrote in message
news:u0ARvffqEHA.3748@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I set up a small Domain with Win2k Server a couple of years ago and all
> has
> been fine until the users tried to install a new document mangement
> program
> on a Win XP workstation. The program wants to make alterations to the
> registry for each user, and won't install correctly as I've disabled
> registry editing for ordinary users. I'm not sure where I invoked this
> policy restriction
>
> I checked through the various policies that I thought were relevent but
> can't find where I've made the change - whether it is in the Domain
> Policy,
> User Group Policy or elsewhere.
>
> Any idea of where "Disable Registry Editing Tools" resides?
>
> Ta
>
> Gerry
>
>
Related resources
Anonymous
October 7, 2004 1:36:44 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks Steve -


By Disabiling the setting it has allowed users gain access. The strange
thing is that neither Domain Policy nor any of the GPOs in effect have the
restiction enabled. Anyway, it's now fixed.
Many thanks

Gerry
Anonymous
October 7, 2004 2:19:20 AM

Archived from groups: microsoft.public.win2000.security (More info?)

OK. Glad it worked and thanks for reporting back. My only guess is that it
was enabled by direct registry editing at one time or a Group Policy had
that setting enabled and then the policy was deleted before any settings in
it were set to undefined and allowed to propagate. --- Steve


"Scarebus" <scarebus@hotmail.com> wrote in message
news:uJK3zQ%23qEHA.2888@TK2MSFTNGP14.phx.gbl...
> Thanks Steve -
>
>
> By Disabiling the setting it has allowed users gain access. The strange
> thing is that neither Domain Policy nor any of the GPOs in effect have the
> restiction enabled. Anyway, it's now fixed.
> Many thanks
>
> Gerry
>
!