Help and Support

Article ID: 186433 - Last Review: November 1, 2006 - Revision: 2.1

Clarification of Winreg Operation in Windows NT

View products that this article applies to.
This article was previously published under Q186433
Expand all | Collapse all

SUMMARY

The Winreg registry key does not limit registry access in the same manner that share permissions can restrict file access. Winreg works by allowing or disallowing remote access to the registry.

MORE INFORMATION

When a user attempts to connect to the registry of a remote computer running Windows NT, the Server service on the target computer checks for the presence of the Winreg key. If Winreg does not exist, the user is permitted to connect to the target computer's registry. If Winreg exists, the ACL on Winreg is checked. If the ACL gives the user read or write access, either explicitly or through group membership, that user may connect to the registry.

After a remote connection is made to the registry, the permissions on the individual registry keys are the only restrictions on the user manipulating the registry. So, if a user has read permission on Winreg, it will still be possible for that user to modify registry keys with less restrictive ACLs.

For additional information on the winreg key, please see the following article in the Microsoft Knowledge Base:
153183  (http://support.microsoft.com/kb/153183/EN-US/ ) How to Restrict Access to NT Registry from a Remote Computer
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
Back to the top
Keywords: 
kbinfo KB186433

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers