Remko Weijnen's Blog (Remko's Blog)
About Terminal Server, Citrix, Delphi and other stuff
Most administrator will want to prevent normal users from opening Regedit and a command prompt. Usually this is done by activating the “Prevent access to registry editing tools” and “Prevent access to the command prompt” policy settings. They are located under User Configuration | Administrative Templates | System:
Activating the policies will set the matching keys in the registry:
If we try to open regedit we are denied access:
So how does this work? Actually regedit contains some code that checks these registry values and if the DWORD value is 1 access is denied.
Sometimes you (the Administrator) want to check a specific registry setting when the user has a problem. We can offcourse do this by starting regedit with elevated permissions and browse to the user’s keys under HKEY_USERS. But this is inconvenient especially since the user’s registry is not shown under his/her username but the SID:
Wouldn’t it be nice to have a patched regedit.exe and a patched cmd.exe that ignore these policies?
Here’s your chance: Patched Regedit and Cmd prompt (863)
Related posts:
Profile
Tags
Active Directory Altiris bug Citrix Dell Delphi Exchange Exchange2003 Exchange2010 Hewlett-Packard HP iOS Jailbreak Java LinkedIn Linux MSI MySQL Navigation Objects Office Outlook Passat PowerPoint PowerShell referall was returned RNS315 RNS510 SasLibEx script slow Terminal Server ThinApp TSAdmin TSAdminEx VBS VCDS Vista VMWare Volkswagen Windows PE WLAN Wordpress WTSWaitSystemEvent wts_event_flush
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
Recent Tweets
- @neilspellings @andyjmorgan @HelgeKlein Guys, I really liked the idea of the community T-Shirts recently! Could start at e2e? (/cc @E2EVC ) 56 minutes ago
- @douglasabrown Sounds like a job for @neilspellings , he did a series of blogposts on XenClient recently... 58 minutes ago
- Created a small exe that launches the "Connect to Wireless Network" Dialog 7 hours ago
- Got this error error while trying to submit a support ticket: http://t.co/iibA3cTW Am I on someone's dangerous people list? ;-) 9 hours ago
- RT @andyjmorgan: Blogged: Adding Windows Media Player Codec's to Windows Thin PC. http://t.co/r4w6h0ej ~Nice! 12 hours ago
Views
Recent Comments
- Tony K on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- Remko on VM not joined to Domain after Deploying from Template
- Remko on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- Tony K on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- Konflikt on VM not joined to Domain after Deploying from Template
Donate
Blogroll
- Andrew Morgan
- Arnout’s blog
- Assa’s Blog
- Barry Schiffer
- Delphi Praxis
- Ingmar Verheij
- Jedi Api Blog
- Jedi API Library
- Jeroen Tielen
- Kees Baggerman
Categories
- .NET (1)
- Active Directory (25)
- Altiris (36)
- Apple (3)
- Application Compatibility (7)
- Automotive (2)
- C# (1)
- C++ (1)
- Citrix (54)
- Delphi (55)
- Embedded (4)
- Exchange (16)
- General (57)
- iPhone (4)
- Java (7)
- Oracle (4)
- Packaging (18)
- PowerShell (31)
- Programming (73)
- RES (1)
- script (18)
- SQL Server (10)
- Strange Error (3)
- Terminal Server (64)
- Unattended Installation (18)
- Uncategorized (31)
- Vista (34)
- VMWare (20)
- Windows 2003 (20)
- Windows 2008 (32)
- Windows 2008 R2 (11)
- Windows 7 (23)
- Windows Internals (8)
- Windows XP (12)
Archives
- January 2012 (9)
- December 2011 (9)
- November 2011 (4)
- October 2011 (5)
- September 2011 (10)
- August 2011 (10)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (14)
- February 2011 (8)
- January 2011 (32)
- December 2010 (23)
- November 2010 (19)
- October 2010 (10)
- September 2010 (6)
- August 2010 (1)
- July 2010 (1)
- June 2010 (6)
- March 2010 (7)
- February 2010 (3)
- December 2009 (3)
- November 2009 (11)
- September 2009 (2)
- July 2009 (1)
- June 2009 (5)
- May 2009 (1)
- April 2009 (2)
- March 2009 (3)
- February 2009 (6)
- January 2009 (3)
- December 2008 (8)
- November 2008 (5)
- October 2008 (3)
- September 2008 (3)
- August 2008 (3)
- June 2008 (6)
- May 2008 (2)
- April 2008 (3)
- March 2008 (5)
- January 2008 (3)
- December 2007 (3)
- November 2007 (13)
- October 2007 (10)
3 Responses for "Registry editing has been disabled by your administrator (not anymore!)"
Wow great news for me!
kindest regards
s!
[...] Related article(s): Registry editing has been disabled by your administrator (not anymore!) [...]
Wonderful patches – but I don’t know how to do it to 64bit regedit and these tools crash!
Would be lovely if there was an updated set, thanks!
Leave a reply