Standard user Registry does not prompt UAC

Firestrider

New member
Power User
VIP
Local time
1:04 PM
Messages
333
Does anyone know why by default running regedit under a standard user account does not prompt the UAC for administrative credentials?

Under an admin account the UAC does prompt when running regedit, but obviously does not prompt for admin credentials.

I was successful at adding and modifying registry keys under a standard user account. It would seem like restricting access to the registry would be essential for security, any reason why its setup like this?
 

My Computer My Computer

At a glance

Linux (Debian, Android)Intel Core i7 8602x 2GB Kingston DDR3-1333AMD Radeon HD 5750
Computer Manufacturer/Model Number
Intel WBIBX10J
OS
Linux (Debian, Android)
CPU
Intel Core i7 860
Motherboard
Intel DP55WB
Memory
2x 2GB Kingston DDR3-1333
Graphics Card(s)
AMD Radeon HD 5750
Sound Card
Realtek ALC888
Monitor(s) Displays
2x Dell Inc. E248WFP
Screen Resolution
3840x1200
Hard Drives
Intel X25-V
Samsung HD103SJ
PSU
Corsair CX400
Case
Silverstone GD05
Cooling
Stock
Keyboard
Dell Inc. Bluetooth Wireless
Internet Speed
30 Mbps
If UAC blocked access to editing registry keys, then almost all changes and all programms you run would have need UAC prompt. As almost anything now changes registry keys.

But as you said leaving it without any blocks, will be great security flaw.
So UAC only controls registry keys which it considers as Administrative.
So, user can edit and create registry keys under HKEY_CURRENT_USER, but it's denied to edit or create most registry enteries under HKEY_LOCAL_MACHINE, and some registry enteries blocked even for reading.

Just simple examples:
1. In this picture my LUA (standart user) can't even access (read) HKEY_LOCAL_MACHINE\SECURITY as it dosen't have permissions.
Capture.JPG
2. In this example: LUA is denied access, when it tried to create new registr entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current_Version\Run (Autorun for all users)
Capture3.JPG

But LUA won't be denied if he tries to create registy entry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current_Version\Run
Because it's autorun only for this user and so user should be able to create autoruns for himself...

So, as you can see it's not security flaw, but just something to make standard user's life easier without braking security setup.

Hop it will help you ;)
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86 SP1
OS
Windows 7 Ultimate x86 SP1
I understand. Thank you.
 

My Computer My Computer

At a glance

Windows 7 Professional x64
Computer Manufacturer/Model Number
Dell Studio XPS 8100
OS
Windows 7 Professional x64
Back
Top