Archived from groups: microsoft.public.win2000.security (
More info?)
I think OP just needs to test with an environment that matches the
users reporting the issue with the installation.
My guess is prior tests as admin, users installing as users; or test
on W2k, users on XP, etc..
--
Roger Abell
Microsoft MVP (Windows Server: Security)
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:OvqiJ8ycFHA.892@tk2msftngp13.phx.gbl...
> You can deny users access to regedit.exe and regedt32.exe, via NTFS file
> permissions, via Group Policy, and/or via Software Restriction Policy [as
> long as they are not in the local Administrators group on the computer].
> However, they can still attempt to edit the registry by, say, copying
> regedit.exe to a floppy disk and running it from there, or via other
> means.
>
> If it is really important that these users absolutely not have the ability
> to edit the registry, I think it would however be more secure to run
> whatever program is trying to access the registry as a different user
> account. For example, if only the installer needs to edit the registry
> just
> once, then you could require someone log in as administrator to do the
> install. Or, if the program needs to be able to edit the registry, you
> could figure out a way for the program to run under a different account,
> such as via a service account. If absolutely necessary, I suppose a RunAs
> icon [set up so that the user does not need to know the admin password]
> might be something to consider [doesn't sound very elegant or completely
> secure, but I don't know your complete situation].
>
>
http://securityadmin.info/faq.asp#runas
>
>
>
> "EDMS" <qasoft4@sltnet.lk> wrote in message
> news:OyMI70icFHA.1384@TK2MSFTNGP09.phx.gbl...
>> Hi,
>>
>> I am a software developer, I have developed a software with a seperate
>> software registration
>> process, which accesses the windows registry to input some details about
> the
>> software.
>>
>> but some users complain that there registration process fails.
>>
>> so I want to make an environment on my machine so that I cannot write to
> the
>> registry
>> how can I achieve this.
>>
>> i know how to stop accessing the registry editors, but not how to stop
>> writing to it
>>
>>
>> thanks
>>
>>
>>
>
>