Editing registry

Hello everyone! I need to edit my registry to make it read only but do not know how. Could someone kindly help me out. I am using Win 7 Prof. (32 bit). Will appreciate all the help I can get.

Thank you.

Welcome to sevenforum, Onditi


Registry cannot be Read only deleted, period.

Registry is LIVE.

It is for many uses, such as Install /uninstall Program and application.

If you make any changes to the Registry (thru regedit) it will take immediate effect, no option or saving, deleted, etc.


So try not to use Registry to make changes inside.


There is one way which may help you.

Window: Run and input: regedit
Look on top at regedit.exre and right click "Run as administrator"

Highlight My Computer

Menu: click on File and select Export and named as you like, maybe date/time.

In this way, you have a backup copy of the Registry.

This is not System Restore points.


Eric.

The question is imprecise.
Do you mean making the registry itself read only? This would prevent most applications and Windows itself from working properly. Most installers wouldn't work.
Or do you mean making Regedit read-only? Regedit does not have this feature but I believe there are third party alternatives that do. I don't know of any off hand.

Explain what you're trying to achieve.
To from prevent virus, other users...?

What do you plan to achieve exactly?
The registry already has permissions that make the per-user keys read-only to all but the owner, and the shared sections read-only to all but admins, pretty much the same as the default file system access rights.

My aim is to be able to achieve the following:

a) disable standard users from installing or uninstalling programmes, deleting or modifying terms in the drives
a) disable standard users from accessing the administrator account
c) disable autorun from editing the registry new devices such as flash disks are connected to computer. This is a precaution to prevent viruses form infecting registry files.

Nothing of that requires modifying registry permissions, as the defaults will do:

Onditi said:

a) disable standard users from installing or uninstalling programmes, deleting or modifying terms in the drives

Standard users can't install anything globally. Installers typically ask for administrator access, and the default permissions on both the registry and file system precludes them from writing to the shared portions of the system. Regular users have freedom over their own profile folder, and nothing else.

Onditi said:

a) disable standard users from accessing the administrator account

What do you mean by that? Standard user permissions restrict them to their own account, in both folders and registry keys. Not even they can create or modify other accounts.

Onditi said:

c) disable autorun from editing the registry new devices such as flash disks are connected to computer. This is a precaution to prevent viruses form infecting registry files.

The autorun vulnerability can be disabled by changing a few keys in the registry or via GPO, as shown here But note that the changes it do affect system-wide portions of the registry, therefore only administrators can enable it back. By making them standard users you're already safe from autorun.

Of course, all this is effective as long as the administrators account have strong passwords and only known by trusted people. As soon as an admin password is guessed, the system is at the mercy of that user.