1001 Secrets for Windows NT Registry
(Publisher: 29th Street Press)
Author(s): Tim Daniels
ISBN: 1882419685
Publication Date: 12/01/97

Previous Table of Contents Next


If you remove the Read permissions for the Everyone group, remote users cannot see performance data on the machine.

V-18 Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\WindowsNT\CurrentVersion\Port (and all subkeys)  

V-19 Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\WindowsNT\CurrentVersion\Type1 Installer  

V-20 Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\WindowsNT\CurrentVersion\WOW (and all subkeys)  

V-21 Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\WindowsNT\CurrentVersion\ Windows3.1MigrationStatus (and all subkeys)  

V-22 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\LanmanServer\Shares

V-23 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\UPS  

Note that besides setting security on this key, you must also secure any batch or command file associated with the UPS service. Generally, if you allow administrators full control and system full control, everything should function normally.

Event Log

By default, anyone can read your event logs; however, you might not want everyone reading some of the information in your logs. These registry entries let you restrict access to these logs from Guest and Null Logons accounts. A value of 1 restricts guest access and a value of 0 permits it. You must set these values for each log type: Application, Security, and System.

V-24 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\EventLog\Application
Value Name: RestrictGuessAccess
Data Type: Dword
Value: 1

This value controls guest access to the Application Log file.

V-25 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\EventLog\Security
Value Name: RestrictGuessAccess
Data Type: Dword
Value: 1

This value controls guest access to the Security Log file.

V-26 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\EventLog\System
Value Name: RestrictGuestAccess
Data Type: Dword
Value: 1

This value controls guest access to the System Log file. Make sure you change the security on this key to allow only Administrator and System access to these values.


Previous Table of Contents Next