Microsoft KB Archive/186433

= Clarification of Winreg Operation in Windows NT =

Article ID: 186433

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition

-



This article was previously published under Q186433



SUMMARY
The Winreg registry key does not limit registry access in the same manner that share permissions can restrict file access. Winreg works by allowing or disallowing remote access to the registry.



MORE INFORMATION
When a user attempts to connect to the registry of a remote computer running Windows NT, the Server service on the target computer checks for the presence of the Winreg key. If Winreg does not exist, the user is permitted to connect to the target computer's registry. If Winreg exists, the ACL on Winreg is checked. If the ACL gives the user read or write access, either explicitly or through group membership, that user may connect to the registry.

After a remote connection is made to the registry, the permissions on the individual registry keys are the only restrictions on the user manipulating the registry. So, if a user has read permission on Winreg, it will still be possible for that user to modify registry keys with less restrictive ACLs.

For additional information on the winreg key, please see the following article in the Microsoft Knowledge Base:

153183 How to Restrict Access to NT Registry from a Remote Computer

Keywords: kbinfo KB186433

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.