How to restrict access to the registry from a remote computer

Restricting Network Access to the Registry

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Note In Windows 2000 and later, only Administrators and Backup Operators have default network access to the registry. This section may not apply in certain instances. To restrict network access to the registry, follow the steps listed below to create the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
Name: Description
Type: REG_SZ
Value: Registry Server

The Security permissions set on this key define what Users or Groups can connect to the system for remote Registry access. The default Windows installation defines this key and sets the Access Control List to restrict remote registry access as follows:

Administrators have Full Control

The default configuration for Windows permits only Administrators remote access to the Registry. Changes to this key to allow users remote registry access require a system reboot to take effect.

To create the registry key to restrict access to the registry:

1.	Start Registry Editor (Regedt32.exe) and go to the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
2.	On the Edit menu, click Add Key.
3.	Enter the following values: Key Name: SecurePipeServers Class: REG_SZ
4.	Go to the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
5.	On the Edit menu, click Add Key.
6.	Enter the following values: Key Name: winreg Class: REG_SZ
7.	Go to the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
8.	On the Edit menu, click Add Value.
9.	Enter the following values: Value Name: Description Data Type: REG_SZ String: Registry Server
10.	Go to the following subkey. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
11.	Select "winreg". Click Security and then click Permissions. Add users or groups to which you want to grant access.
12.	Exit Registry Editor and restart Windows.
13.	If you at a later stage want to change the list of users that can access the registry, repeat steps 10-12.

Back to the top

Bypassing the Access Restriction

Some services need remote access to the registry to function correctly. For example, the Directory Replicator service and the Spooler service when connecting to a printer over the network require access to the remote registry.

You can either add the account name that the service is running under to the access list of the "winreg" key, or you can configure Windows to bypass the access restriction to certain keys by listing them in the Machine or Users value under the AllowedPaths key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths

   Value:        Machine
  Value Type:   REG_MULTI_SZ - Multi string
  Default Data: System\CurrentControlSet\Control\ProductOptions
                System\CurrentControlSet\Control\Print\Printers
                System\CurrentControlSet\Services\Eventlog
                Software\Microsoft\Windows NT\CurrentVersion
                System\CurrentControlSet\Services\Replicator

  Valid Range:  A valid path to a location in the registry.
  Description:  Allow machines access to listed locations in the
                registry provided that no explicit access
                restrictions exists for that location.

  Value:        Users
  Value Type:   REG_MULTI_SZ - Multi string
  Default Data: (None)
  Valid Range:  A valid path to a location in the registry.
  Description:  Allow Users access to listed locations in the
                registry provided that no explicit access
                restrictions exists for that location. 

Changed slightly in Windows 2000 and later:

   Value:        Machine
  Value Type:   REG_MULTI_SZ - Multi string
  Default Data: System\CurrentControlSet\Control\ProductOptions
                System\CurrentControlSet\Control\Print\Printers
                system\CurrentControlSet\control\Server Applications
                System\CurrentControlSet\Services\Eventlog
                Software\Microsoft\Windows NT\CurrentVersion
               
  Value:  Users - Does not exist by default. 

Description of the standard terminology that is used to describe Microsoft software updates

Microsoft is adopting the following standard terminology to describe software updates:

•	Connector Definition: A connector is a software component that is designed to support connections between software.
•	Critical Update Definition: A critical update is a broadly released fix for a specific problem that addresses a critical, non-security-related bug. Additional Information: Critical updates are available for customers to download and are accompanied by a Microsoft Knowledge Base article.
•	Development Kit Definition: A development kit is software that is designed to help developers to write new programs. Development kits typically include a visual builder, an editor, and a compiler.
•	Driver Definition: A driver is a software component that is designed to support new hardware.
•	Feature Pack Definition: A feature pack is new product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release.
•	Guidance Definition: Guidance includes scripts, sample code, and technical documentation that is designed to help deploy and use a product or a technology.
•	Hotfix Definition: A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a product and are cumulative at the binary and file level. A hotfix addresses a specific customer situation and may not be distributed outside the customer's organization. Additional Information: Hotfixes are distributed by Microsoft Product Support Services. Customers may not redistribute hotfixes without written, legal consent from Microsoft.
•	Security Update Definition: A security update is a broadly released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. Additional Information: Microsoft security updates are available for customers to download and are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article. For more information about the format of Microsoft Knowledge Base articles for Microsoft security updates, click the following article number to view the article in the Microsoft Knowledge Base: 824689 (http://support.microsoft.com/kb/824689/) Description of the format of Microsoft Knowledge Base articles for Microsoft security updates
•	Service Pack Definition: A service pack is a tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Service packs may also contain additional fixes for problems that are found internally since the release of the product and a limited number of customer-requested design changes or features. Additional Information: Microsoft service packs are available for download and are accompanied by Microsoft Knowledge Base articles.
•	Software Update Definition: A software update is any update, update rollup, service pack, feature pack, critical update, security update, or hotfix that is used to improve or to fix a software product that is released by Microsoft Corporation. Additional Information: A Microsoft software update is accompanied by a Microsoft Knowledge Base article.
•	Tool Definition: A tool is a utility or a feature that helps to complete a task or a set of tasks.
•	Update Definition: An update is a broadly released fix for a specific problem. An update addresses a non-critical, non-security-related bug. Additional Information: Microsoft updates are available for customers to download and are accompanied by a Microsoft Knowledge Base article.
•	Update Rollup Definition: An update rollup is a tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS). Additional Information: Microsoft update rollups are available for customers to download and are accompanied by a Microsoft Knowledge Base article.
•	Upgrade Definition: An upgrade is a software package that replaces an installed version of a product with a newer version of the same product. The upgrade process typically leaves existing customer data and preferences intact while replacing the existing software with the newer version.

How to Remove Administrative share in windows?

To remove administrative shares and prevent them from being automatically created in Windows:

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

1.	Click Start, and then click Run.
2.	In the Open box, type regedit, and then click OK.
3.	Locate, and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer Note The registry key AutoShareServer must be set as type REG_DWORD. When this value is set to 0 (zero), Windows does not automatically create administrative shares. Note that this does not apply to the IPC$ share or shares that you create manually.
4.	On the Edit menu, click Modify. In the Value data box, type 0, and then click OK.
5.	Quit Registry Editor.
6.	Stop and then start the Server service. To do so: a. Click Start, and then click Run. b. In the Open box, type cmd, and then click OK. c. At the command prompt, type the following lines. Press ENTER after each line: net stop server net start server d. Type exit to quit Command Prompt.