Lock Down Run keys in HKEY_USERS

[Townshend]

I would like to lock down the Run keys in the HKEY_USERS hive to prevent malware. I know in Group Policy you can enable "Do Not Process The Legacy Run List" however that also restricts HKLM which is locked down to non-admins and I would still like programs to run from there. Any suggestions on how I can accomplish?

Thanks!

 

[logicearth]

Install an anti-virus suit of software. That is how you prevent malware. Any real nasty malware is not going to be affected by your restricted user startup programs.

 

[Townshend]

Been using Norton Antivirus but finding it doesn't always disallow malicious software from inserting itself into HKCU. Norton does not always stop everything even with the latest defs.

 

[MilesAhead]

You could try WinPatrol. When it detects a new startup it asks if you wish to allow it. I've used it for years. Although BillP Studios is selling WinPatrol. I believe it's still in a transition state. But if that makes you paranoid you can always download the free version a few releases back.

 

[Townshend]

Ideally I wanted to avoid utilizing 3rd party software and either utilize Group Policy or a logon script of some sort but I'll certainly take a look. Thanks for the suggestion!

 

[MilesAhead]

The trouble with group policy is it runs as the user who set the policy. I tried using it to prevent IE from being run. During the install of a program IE popped up. Windows installer has a higher security rating than my normal admin account it seems.

Perhaps some system administrator who runs a domain knows the right way to do it.