HKCR permissions and non-privileged user

[Guest]

Hello. I'm trying to use Windows XP as the OS in a school for public-use computers in a lab. I'll be giving domain accounts to all the students. All of them will be able to the lab computer using their account and, so far, looks like they'll be in the Users group

My problem is that I see that the Users group can run regedit (or any other registry utility) and change permissions for keys they don't own, like HKLM and HKCR. A user can change permissions to allow himself full-control of the key. I want users to do whatever they want with HKCU only (HKU\username) but not others nor HKLM and derivates (including HKCR)

Can someone help me or point me to the right direction? Thank you.

 

[Rick \Nutcase\ Rogers]

Hi,

Right-click the HKLM and HKCR branches, access permissions. Make changes
accordingly (read only for users). You may need to set each to inherit
settings from the parent on the advanced settings.

Also, start/run gpedit.msc, expand User config/admin templates/system, there
is a setting to prevent access to the registry editing tools.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

Hello. I'm trying to use Windows XP as the OS in a school for public-use

computers in a lab. I'll be giving domain accounts to all the students. All
of them will be able to the lab computer using their account and, so far,
looks like they'll be in the Users group.

My problem is that I see that the Users group can run regedit (or any

other registry utility) and change permissions for keys they don't own, like
HKLM and HKCR. A user can change permissions to allow himself full-control
of the key. I want users to do whatever they want with HKCU only
(HKU\username) but not others nor HKLM and derivates (including HKCR).