Windows 7: Standard user Registry does not prompt UAC

Does anyone know why by default running regedit under a standard user account does not prompt the UAC for administrative credentials?

Under an admin account the UAC does prompt when running regedit, but obviously does not prompt for admin credentials.

I was successful at adding and modifying registry keys under a standard user account. It would seem like restricting access to the registry would be essential for security, any reason why its setup like this?

If UAC blocked access to editing registry keys, then almost all changes and all programms you run would have need UAC prompt. As almost anything now changes registry keys.

But as you said leaving it without any blocks, will be great security flaw.
So UAC only controls registry keys which it considers as Administrative.
So, user can edit and create registry keys under HKEY_CURRENT_USER, but it's denied to edit or create most registry enteries under HKEY_LOCAL_MACHINE, and some registry enteries blocked even for reading.

Just simple examples:
1. In this picture my LUA (standart user) can't even access (read) HKEY_LOCAL_MACHINE\SECURITY as it dosen't have permissions.

2. In this example: LUA is denied access, when it tried to create new registr entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current_Version\Run (Autorun for all users)


But LUA won't be denied if he tries to create registy entry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current_Version\Run
Because it's autorun only for this user and so user should be able to create autoruns for himself...

So, as you can see it's not security flaw, but just something to make standard user's life easier without braking security setup.

Hop it will help you

I understand. Thank you.