Remote registry access (non-Administrators) (Windows)

Module: Startup Files

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports a problem if any account other than the Administrators security group can remotely access the registry. Any user granted Read or Write access to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg key has remote access to the registry. After a user has established a remote connection to the registry, only the security on individual keys restricts the user's access, regardless of what permissions the user is granted on the Winreg key.

The following table lists the error message for the check.

Table: Error message for Remote registry access (non-Administrators)

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_RMTREGISTRY

Category: System Information

  • Windows 2000 (105840)

  • Windows 2003 (205840)

  • Windows 2008 (248840)

  • Windows Vista (228840)

  • Windows XP (200840)

Title: Remote registry access enabled

Description:At least one account other than the Administrators security group can remotely access the registry. Use the Correct feature to revoke remote access from all accounts except the Administrators group. To correct the problem manually, revoke all permissions from the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg registry key for all accounts except the Administrators group. If the key does not exist, create it. Disabling remote registry access can prevent legitimate remote administration of the system or prevent remote software upgrades.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]