Lock down remote access to the Windows registry

by Guest Contributor | Apr 28, 2005 3:41:00 PM

Tags: Michael Mullins CCNA, MCP, Security Solutions Newsletter

Takeaway: By default, the registry on all Windows-based computers is open and available across the network, leaving it vulnerable to would-be hackers. To mitigate this risk, you need to deny remote access to the registry. Mike Mullins tells you how to tweak the registry and your network.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

The registry is the heart of the Windows operating system. But by default, the registry on all Windows-based computers is open and available across the network. A well-informed hacker can use this vulnerability to compromise your organization's systems or modify file relationships and permissions to inject malicious code. To protect your network, you need to deny remote access to the registry.

You can accomplish this via a network access list change and a simple registry fix. Depending on the complexity of your network, you might consider denying remote registry access on the machines themselves.

Note

Editing the registry can be risky, so be sure you have a verified backup before you begin.

Fix the registry

For computers running Windows 2000, Windows XP, and Windows Server 2003, follow these steps:

Go to Start | Run.
Enter Regedt32.exe, and click OK.
Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers.
If the winreg key is present, skip to Step 8. If this key doesn't exist, go to Edit | Add Key.
Name the key winreg, and give it a class of REG_SZ.
Select the new key, and go to Edit | Add Value.
Enter the following:
Name: Description
Type: REG_SZ
Value: Registry Server
Select the winreg key, and go to Security | Permissions.
Make sure the local System Administrators Group has full access, and give read access to the System account and the Everyone group.
Close the Registry Editor, and restart the computer.

If you have a special group for workstation and server support that isn't a member of your administrators group, you should also grant it the appropriate access permissions.

In addition, if the machine you're making these changes on is a server or if it provides remote services to authorized users, you must allow the service account associated with that service to have read permissions to this key as well.

Fix the network

The registry fix will take care of your internal, authorized needs, but you still need to protect the registry from external and Internet access. Registry exploits are still prevalent among Windows systems, and you should make sure your security strategy addresses these vulnerabilities.

Denying TCP/UDP ports 135, 137, 138, 139, and 445 at the premise router or firewall is the solution. Blocking these ports will not only stop remote registry access�it will also stop most remote attacks against Windows systems.

Shutting down access from the Internet to these ports will instantly boost the security of your Windows networks. However, before blocking these ports, make sure you don't have a business reason to allow external access to these ports.

While there's a Remote Registry service on machines that run Windows 2000, Windows XP, and Windows Server 2003 that you can disable, this isn't always a practical approach for an enterprise network.

Next Steps: Build your skills with these hand-picked resources

Use these scripts to modify a remote registry setting

Remote registry administration in Windows XP Professional

How to use XP registry edits to restrict applications (TechProGuild)

How to use XP registry edits to customize Windows logon and security dialog title (TechProGuild)

17 comment(s)

Print/View all Posts Comments on this article

Registry edits: Is it worth the risk? Jason Hiner

| 07/23/04

Like Edits bear-pain@... | 04/29/05

Sometimes it's the only way winkyx | 04/29/05

Remote registry - services plumley@... | 05/11/05

null brian@... | 11/04/05

Microsoft Certified Solitaire Expert the24Frans@... | 03/23/06

valuable computab | 05/11/05

problem computab | 05/11/05

Re: problem Raheem | 06/16/05

when needed Hanne333 | 06/14/05

Dont fear the registry systemsgod | 06/21/05

RE:Backup techr@... | 06/21/05

Of course ecote@... | 06/24/05

registry edits walkerdude@... | 07/07/05

Remote Registry Service? cbiltcliffe@... | 04/29/05

In a way, yes. winkyx | 04/29/05

Disabling Service bkmead | 04/29/05

White Papers, Webcasts, and Downloads

Managing Dell PowerEdge Servers Using IPMItool Dell Dell promotes industry-standard server management capabilities through its ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the high cost of maintaining or building ever-larger data centers? Get the facts you need to formulate your Virtualization Action Plan. Download Now
Five Steps to Determine When to Virtualize YourServers VMware Thinking of virtualizing the servers at your company? Use this step-by-step guide to determine when's the best time to make your big move. Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Article Categories

Security: Security Solutions, IT Locksmith
Networking and Communications: E-mail Administration NetNote, Cisco Routers and Switches
CIO and IT Management: Project Management, CIO Issues, Strategies that Scale
Desktops, Laptops & OS: Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
Data Management: Oracle, SQL Server
Servers: Windows NT, Linux NetNote, Windows Server 2003
Career Development: Geek Trivia
Software/Web Development: Web Development Zone, Visual Basic, .NET