I don't know if you are using Home or Pro. In Pro you can use Group Policy to
disable regedt32 and regedit with Software Restriction Policies and set the
enforcement rule to not restrict administrators. That would be the most secure
way. Otherwise try changing the ntfs permissions on the regedt32 and regedit
executables so that regular users do not have execute permissions. The problem
with that method is that the executables may be in more than one place on the
hard drive [in service pack files, etc], may be overwritten in a service pack
upgrade, or the user may copy an unrestricted version to their profile folder
and try to execute it from there. There is also a setting in Group Policy user
configuration/administrative templates/system to disable registry editing.
However by default that will restrict all users on the local machine from
editing the registry. A work around for administrators may be that they still
could edit the registry remotely on those machines if he was on a machine that
did not have that policy enforced. --- Steve
http://support.microsoft.com/?kbid=310791