Missing Remote Registry Permissions

I found that I couldn’t remotely access the registry or event viewer on my kiosk computers. I was rebuffed with a “Access Denied” error message. My kiosk computers are locked down via Group Policy so that was my first suspect.
I looked through the kiosk Group Policy and didn’t find anything obvious so I checked with a co-worker. He found a KB article that pointed out that the permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurePipeServers\winreg control remote access to the registry and event log. That had slipped my mind.
It turned out that the group policy (originally a Windows 2000 group policy) had applied permissions to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurePipeServers\winreg. The setting removed the native XP permission and replaced it with a more restrictive permission . Windows XP uses the local service account for remote registry access. My policy removed that necessary permission. To resolve the problem, I gave local service read access to the registry value. See MSKB892192 for step by step instruction.

One Comment

  1. The issue gets deeper when it becomes near impossible to find a legitimate source of information on registry cleaning software. The issue lies in the wave of spam-review sites which are nothing more than websites promoting affiliate links under the guise of an official “review” site. There main goal is to accomplish one thing, to send you to the site they are promoting and hoping you buy the product they are selling. if you do, they get up to a 80% cut of the sale. In other words, their reviews are up for sale, and are nothing buy thinly vailed sales pitches. For example, if you do a search for the term “Paid Survey” or “Registry Repair” you’ll notice that the paid listings all include sites that say “read our review” or “warning, don’t download anything until you read this…” etc

Comments are closed.