Restrict a User’s Access to the Local Registry in 10 Steps

Learn how you can restrict a specific user from editing the registry on a machine running XP Pro or Win2K.

Readers

May 23, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Using a registry editor such as regedit32.exe, a local administrator can restrict a specific user from editing the registry on a machine running Windows XP Professional or Windows 2000. On the user's machine, log on under a Local Administrator account and follow these steps:

  1. Under the Start menu, click Run and type regedt32.exe to open the registry editor.

  2. Highlight HKEY_USERS, then select Registry. Select Load Hive from the Registry menu.

  3. Go to the Users Profile directory of the user you want to restrict. Select Ntuser.dat.

  4. When prompted for the Key Name, enter the username of the person you want to restrict, then click OK.

  5. Navigate to HKEY_USERSSoftwareMicrosoftWindowsCurrentVersionPolicies, where is the person's username. Add the System subkey if it doesn't already exist.

  6. Under the System subkey, add the value DisableRegistryTools.

  7. Make the value a REG-DWORD type, and set the value to 1.

  8. Select Unload Hive from the Registry menu.

  9. Close the registry editor, and restart the system.

  10. To make sure the restriction works, log on with the person's username (which must be restricted). Under the Start menu, click Run and type regedt32.exe. You should see the following error message: editing registry has been disabled by administrator.

Note that editing the registry is risky, so make sure that you have a backup of the registry before making any changes to it.

—Rajesh Mehta
[email protected]

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like