Registry policy that sets up registry permissions under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node does not work

Article ID: 2565916 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

On a computer that is running one of the following 64-bit operating systems:
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
you attemp to directly configure any registry permissions under the location HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node through group policies. You find that the group policy settings do not work.

Note: You can configure the registry permission permission under one of the location:
  • Computer Configuration\Policies\Windows Settings\Security Settings\Registry
  • Computer Configuration\Preferences\Windows Settings\Registry



CAUSE

Registry permission policy application is handled by client side security policy extension. On 64-bit platforms, for each registry path defined in the security policy, the extension first uses the 64-bit routine. It directly searches for the target key under the default Software key. E.g., if you set up registry permissions for HKLM\Software\Contoso in the policy, the extension will first set the permissions on HKLM\Software\Contoso as expected. Then, the extension starts over again, but uses the 32-bit routine: It searches for “Contoso” under the virtualized 32-bit registry node (HKLM\Software\Wow6432), that is, HKLM\Software\Wow6432\Contoso. If the key exists, it sets the permissions.

Therefore, if you directly set permissions HKLM\SOFTWARE\Wow6432Node in security policy, the extension will try to find the HKLM\Software\Wow6432 registry which obviously does not exist. Then, permissions are not correctly set on the right key.


RESOLUTION

Directly use the normal registry path in Computer Configuration\Windows Settings\Security Settings\Registry; the client extension will automatically handle the virtualized 32-bit key node under Wow6432Node on x64 platforms.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2565916 - Last Review: October 25, 2011 - Revision: 2.0
APPLIES TO
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
Keywords: 
KB2565916

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com