Security
Each key in the registry of Windows NT based versions of Windows can have an associated security descriptor. The security descriptor contains an access control list (ACL) that describes which user groups or individual users are granted or denied access permissions. The set of registry permissions include 10 rights/permissions which can be explicitly allowed or denied to a user or a group of users.
| Permission | Description |
|---|---|
| Query Value | The right to read the registry key value. |
| Set Value | The right to write a new value |
| Create Subkey | The right to create subkeys. |
| Enumerate Subkeys | Allow the enumeration of subkeys. |
| Notify | The right to request change notifications for registry keys or subkeys. |
| Create Link | Reserved by the operating system. |
| Delete | The right to delete a key. |
| Write DACL | The right to modify permissions of the container’s DACL. |
| Write Owner | The right to modify the container’s owner. |
| Read Control | The right to read the DACL . |
As with other securable objects in the operating system, individual access control entries (ACE) on the security descriptor can be explicit or inherited from a parent object.
Windows Resource Protection is a feature of Windows Vista and later versions of Windows that uses security to deny Administrators and the system WRITE access to some sensitive keys to protect the integrity of the system from malware and accidental modification.
Special ACEs on the security descriptor can also implement mandatory integrity control for the registry key and subkeys. A process running at a lower integrity level cannot write, change or delete a registry key/value, even if the account of the process has otherwise been granted access through the ACL. For instance, Internet Explorer running in Protected Mode can read medium and low integrity registry keys/values of the currently logged on user, but it can only modify low integrity keys.
Outside of security, registry keys cannot be deleted or edited due to other causes. Registry keys containing NULL characters cannot be deleted with standard registry editors and require a special utility for deletion, such as RegDelNull.
Read more about this topic: Windows Registry
Famous quotes containing the word security:
“There is one safeguard known generally to the wise, which is an advantage and security to all, but especially to democracies as against despots. What is it? Distrust.”
—Demosthenes (c. 384–322 B.C.)
“Happiness is peace after strife, the overcoming of difficulties, the feeling of security and well-being. The only really happy folk are married women and single men.”
—H.L. (Henry Lewis)
“I think the girl who is able to earn her own living and pay her own way should be as happy as anybody on earth. The sense of independence and security is very sweet.”
—Susan B. Anthony (1820–1906)