Security
Each key in the registry of Windows NT based versions of Windows can have an associated security descriptor. The security descriptor contains an access control list (ACL) that describes which user groups or individual users are granted or denied access permissions. The set of registry permissions include 10 rights/permissions which can be explicitly allowed or denied to a user or a group of users.
| Permission | Description |
|---|---|
| Query Value | The right to read the registry key value. |
| Set Value | The right to write a new value |
| Create Subkey | The right to create subkeys. |
| Enumerate Subkeys | Allow the enumeration of subkeys. |
| Notify | The right to request change notifications for registry keys or subkeys. |
| Create Link | Reserved by the operating system. |
| Delete | The right to delete a key. |
| Write DACL | The right to modify permissions of the container’s DACL. |
| Write Owner | The right to modify the container’s owner. |
| Read Control | The right to read the DACL . |
As with other securable objects in the operating system, individual access control entries (ACE) on the security descriptor can be explicit or inherited from a parent object.
Windows Resource Protection is a feature of Windows Vista and later versions of Windows that uses security to deny Administrators and the system WRITE access to some sensitive keys to protect the integrity of the system from malware and accidental modification.
Special ACEs on the security descriptor can also implement mandatory integrity control for the registry key and subkeys. A process running at a lower integrity level cannot write, change or delete a registry key/value, even if the account of the process has otherwise been granted access through the ACL. For instance, Internet Explorer running in Protected Mode can read medium and low integrity registry keys/values of the currently logged on user, but it can only modify low integrity keys.
Outside of security, registry keys cannot be deleted or edited due to other causes. Registry keys containing NULL characters cannot be deleted with standard registry editors and require a special utility for deletion, such as RegDelNull.
Read more about this topic: Windows Registry
Famous quotes containing the word security:
“We now in the United States have more security guards for the rich than we have police services for the poor districts. If you’re looking for personal security, far better to move to the suburbs than to pay taxes in New York.”
—John Kenneth Galbraith (b. 1908)
“Modern children were considerably less innocent than parents and the larger society supposed, and postmodern children are less competent than their parents and the society as a whole would like to believe. . . . The perception of childhood competence has shifted much of the responsibility for child protection and security from parents and society to children themselves.”
—David Elkind (20th century)
“Our security depends on the Allied Powers winning against aggressors. The Axis Powers intend to destroy democracy, it is anathema to them. We cannot provide that aid if the public are against it; therefore, it is our responsibility to persuade the public that aid to the victims of aggression is aid to American security. I expect the members of my administration to take every opportunity to speak to this issue wherever they are invited to address public forums in the weeks ahead.”
—Franklin D. Roosevelt (1882–1945)