0

I have a question regarding Windows Registry editor. I have disabled the settings window, wallpaper change and control panel via several DWORDs in the Windows Registry.

This works just fine in HKEY_LOCAL_MACHINE, which disables the aforementioned features for all the PC users, including the admin. Meaning that when in the admin account, I have to disable the DWORDs in order to gain access again to the control panel (as an example).

Setting the same DWORDs in the HKEY_CURRENT_USER does not work. I wonder why. The way I see it is it either disables the features for all users or enables them for everyone. Using HKEY_CURRENT_USER to disable them for a specific user is not working.

Did I misunderstand the usage of HKEY_CURRENT_USER registry?

Improve this question

1 Answer 1

Reset to default
0

It is up to the programmer for which registry keys to read. It is as simple as that. This is not done magically by the registry API.

When I write code to read the registry, I have to check one.. if not exist.. check the other.. if not exist.. use a default.

IF you put the keys in the same spot under HKEY_CURRENT_USER and they didn't work, then the windows explorer (desktop) isn't reading them. I am betting that this is by design having to do with permissions.

I am guessing the reasons are:

  1. ANYONE running as the current user (even malware) can modify the current user's HKEY_CURRENT_USER branch. HKEY_LOCAL_MACHINE requires admin.

  2. If you are on a windows domain, then the domain admin might want to control these things without giving you the ability to change them. The group policy editor might give you a way but I don't know what that might be.

You could (in theory) do a work around for this by:

  1. Change the permisssions for the keys you are trying to modify in LOCAL_MACHINE so the user could modify them without escalating privileges (bad idea)
  2. Set a startup task to set the registry keys for each user when they log in. It would load a custom .reg file from each users local profile directory (also bad idea)

This would fall on it's head if more than one user were logged in at the same time.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .