Registry Bypass?

[spools.exe]

Put the following in a ".reg" file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTools"=dword:00000000

And put the following in a batch file

REGEDIT /S <name of reg file>.REG

Run the batch file and that should work.

[nihil]

Well,

I got a bit further that time. I now have a folder called "system" on the 98se machine but it just says "default" and "no values"...............as the default is to allow registry editing, is that right?

I don't quite understand the significance of this with the 9x systems as there are lots of registry editing tools out there that don't use regedit.exe? You might have a chance at reasonable remote security, but I cannot see it if someone has physical access to a fully configured (CD & floppy) machine.

Cheers

[spools.exe]

if you add "DisableRegistryTools"=dword:00000001 then that will dissallow acces to regedit. if you add "DisableRegistryTools"=dword:00000000 to it then it will allow it.

[Scatman420]

The aspect that I would be most curious about is that is the batch being executed before or after a log-onhas been made. The reason I say this is, that if a user that is executing this type of command would not be able to if he/she didn't have regedit access in the first place. The only way that I could actually see this working is that if you ran the batch command even before a log-on was made. Yes, a different registry entry would have to be exploited but it's all relative.

scat

[catch]

This requires the ability to write to the registry already so no new privileges are granted you are just allowing the user to do something they are already allowed to do in a more straight forward manner.
My system for example allows local domain users to access the registry via regedit, they can read and write only to the entries they have access to. Using access to regedit to attempt to control the regisrty is a non-functional, feeble attempt. it's like trying to restrict access to a text file by disallowing the user to use notepad, pretty lame and just plain not gonna work.

So to answer your question, no that would not allow users to do anything extra and consequently it need not be secured. (If you are talking about the SUE line of Windows, don't bother trying to secure it, it has no security policy and anything you do is bypassable.)

catch

[Tiger Shark]

If you want to lock the registry why don't you just use the permissions function. You can lock down anything from a hive to a key. So, for example, you could lock the "run" key to , administrator's only. Thus any "nasty" trying to add itself to the registry would fail when a regular or power user executes the file.

[Nokia]

Just whilst there is a thread about batch files, would this only delete the contents of a temp folder?

DEL /S /Q /F "%USERPROFILE%\Local Settings\Temp\*.*"
DEL /S /Q /F C:\WINNT\Temp\*.*"
DELTREE /Y C:\WINDOWS\TEMP\*.*

Thanks.

(obviously different lines for different o/s's)

[Tiger Shark]

Nokia: It's going to delete exactly what you have told it to delete except the last line will not delete any subfolders that might have been created in the Windows\temp folder.... Or am I misunderstanding your question?

[Nokia]

No, sorry My fault,
I have just been here http://www.experts-exchange.com/Netw..._20721764.html
and seen the persons post and thought it was a good idea.

I am going to do the same thing he is but i just wanted to make sure that nothing else would be deleted. I didnt understand the /S /Q /F part!

Thanks.

[Tiger Shark]

Go to the command prompt and type:

del /?

it gives you an explanation of the switches and what they do for you......

All command prompt commands have the /? switch that, sometimes explain what the hell it "might" do.....