Key permissions (Windows)

Module: Registry

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This option reports registry key permissions that do not match the permissions that are specified in the template.

The following table lists the error messages for the check.

Table: Error messages for Key permissions

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_ADDITIONAL_ENTRY

Category: System Information

  • Windows 2000 (106737)

  • Windows 2003 (206737)

  • Windows 2008 (249737)

  • Windows Vista (229737)

  • Windows XP (201737)

Title: Additional ACL entry

Description:The account has permissions on the registry key. The template specifies no permissions on this key for the account. If the permissions are authorized, manually update the template. If they are not authorized, remove them.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Account: %s; permissions: %s; comment: %s]

String ID: ESM_DIFFERENT_ENTRY

Category: System Information

  • Windows 2000 (106738)

  • Windows 2003 (206738)

  • Windows 2008 (249738)

  • Windows Vista (229738)

  • Windows XP (201738)

Title: Different ACL entry

Description:The account's permissions on the key do not match the template. If the account's permissions are authorized, update the template manually. If they are not authorized, change the permissions to match the template.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Account: %s; permissions: %s; expected: %s; comment: %s]

String ID: ESM_MISSING_ENTRY

Category: System Information

  • Windows 2000 (106739)

  • Windows 2003 (206739)

  • Windows 2008 (249739)

  • Windows Vista (229739)

  • Windows XP (201739)

Title: Missing ACL entry

Description:The account does not have permissions on the registry key. The template specifies permissions on this key for the account. If the permissions are authorized, grant them to the account. If they are not authorized, remove them from the template.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Account: %s; comment: %s]

String ID: ESM_NOMATCH_PRIV_ENTRY

Category: System Information

  • Windows 2000 (106751)

  • Windows 2003 (206751)

  • Windows 2008 (249751)

  • Windows Vista (229751)

  • Windows XP (201751)

Title: Privileged user ACL entry does not match

Description:The privileged account's permissions on the key do not match those of any privileged user in the template. If the account's permissions are not authorized, change them to match the permissions of one of the privileged users in the template. If they are authorized, update the template manually. This message is reported only if the Allow any privileged account option is enabled.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Account: %s; permissions: %s; comment: %s]

String ID: ESMT_KEY_DISABLED_ACCOUNTS

Category: System Information

  • Windows 2000 (106763)

  • Windows 2003 (206763)

  • Windows 2008 (249763)

  • Windows Vista (229763)

  • Windows XP (201763)

Title: Disabled Accounts in Key permissions

Description:List of disabled accounts in Key permissions.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]