There is really no need to do this on Windows Vista. From the root of HKM,
only SYSTEM and local administrators have full access; everyone else has
read-only access. Removing read-only access will put the system in an
unsupported state -- meaning we haven't tested this configuration, and can't
predict how the computer will behave.
Also, you say that you've used lcacls for folder restriction. What changes
have you made? Again, there is no reason to change the default ACLs; doing
so will create the same potential problems for you.
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
Protect Your Windows Network:
http://www.amazon.com/dp/0321336437
"ashapadmanabhan" <ashapadmanabhan.3390184@vistabanter.com> wrote in message
news:ashapadmanabhan.3390184@vistabanter.com...
>
> Hi,
>
> Please tell me whether any command line tool available for restricting
> users from accessing registry hive in windows Vista.
>
> Before I was using Subinacl.exe for windows XP. The following registry
> hive is specified with subinacl to restrict registry from users.
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> NT\CurrentVersion\Winlogon" /revoke="USERS" .
>
> The same registry hive I want to restrict in Windows Vista.
> I have used Icacls for folder restrictions.
> Please let me know is there any tool available for registry
> restrictions through command line.
>
> Thanks in Advance,
> Regards,
> Asha.
>
>
>
>
> --
> ashapadmanabhan
Linear Mode
