Most administrator will want to prevent normal users from opening Regedit and a command prompt. Usually this is done by activating the “Prevent access to registry editing tools” and “Prevent access to the command prompt” policy settings. They are located under User Configuration | Administrative Templates | System:


Activating the policies will set the matching keys in the registry:


If we try to open regedit we are denied access:


So how does this work? Actually regedit contains some code that checks these registry values and if the DWORD value is 1 access is denied.

Sometimes you (the Administrator) want to check a specific registry setting when the user has a problem. We can offcourse do this by starting regedit with elevated permissions and browse to the user’s keys under HKEY_USERS. But this is inconvenient especially since the user’s registry is not shown under his/her username but the SID:


Wouldn’t it be nice to have a patched regedit.exe and a patched cmd.exe that ignore these policies?

Here’s your chance: Patched Regedit and Cmd prompt (2051)