none
Windows 7 Registry: LanManServer Parameters set to read-only

    Question

  • Hello, I'm wondering about finding a definitive solution for one recurring issue. I keep checking periodically, if my PC's administrative shares are turned off. Periodically I find this is not the case, however since I haven't watched the process closely, I'm unable to determine if for example some application installation turns them back on. So, I've got AutoShareWks and AutoShareServer DWORD values set to 0 under LanManServer\Parameters. Now I'm curious about one thing, is it possible somehow to deny anyone to change only these two values, while not tampering with the security on all the others under \parameters? I can imagine it's impossible, only solution is to set permissions on the above key \parameters as a whole. If that's the case, is it going to be a problem when I set the permissions only to "read" for SYSTEM and Administrators, removing all other entries in the key's permissions tab?

    Thanks for any help


    • Edited by DexSK Monday, February 11, 2013 1:16 PM
    Monday, February 11, 2013 1:14 PM

Answers

  • Hi,

    I haven’t tried whether deny permission for system could cause the problem. However, you can set for system to test the result.

    Assign permissions to a registry key


    Regards,

    Vincent Wang

    If you have any feedback on our support, please click here


    Vincent Wang
    TechNet Community Support

    Wednesday, February 13, 2013 9:26 AM
    Moderator
  • Hello Vincent,

    I've set the permissions to the key to for myself (my user) and NT AUTHORITY\System to Read, and over the Advanced button marked the checkbox "replace child object permissions...etc" and closed the tab, restarted, so far no problems whatsoever with this setup for a few days runtime already.

    Regards

    Marek


    System Specs: Windows 7 x64 SP1 build 7601, Intel Core i7-2700k @ 3,5-3,9GHz, 8GB DDR3 SDRAM @ 1600MHz, Gigabyte z77x-UD3h Motherboard, Gigabyte GeForce GTX560 Ti SOC 1GB

    Monday, February 18, 2013 3:53 AM

All replies

  • Hi,


    I am not sure about set LanManServer Parameters to read-only, but here is a way to disable user to access registry.


    1. Click Start. In field search, type the command regedit
    2. Click the right mouse button on the program regedit.exe and click Run as administrator."
    3. Unroll then the key HKEY_CURRENT_USER, Software, Microsoft, Windows, Current Version, Policies, System.
    4. Click menu Edit, on New and click DWORD Value 32-bit.
    5. Name the value DisableRegistryTools and double click it.
    6. Set its value to 1 and click OK.
    7. Create the same way a value of the same name in the key HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, Current Version, Policies, System and also attach value to 1.
    8. Close the Registry Editor. The registry access is now blocked.


    To regain access to the registry, click Start and enter the command gpedit.msc.


    Pull down the folder User Configuration, Administrative Templates, System , and double click on the parameter Prevent access to registry editing tools.
    Select Disabled and click OK. Finally, restart your computer to regain access to the registry.


    Regards,

    Vincent Wang

    If you have any feedback on our support, please click here


    Vincent Wang
    TechNet Community Support

    Tuesday, February 12, 2013 4:57 AM
    Moderator
  • Hello,

    thanks for the answer, but unfortunately this doesn't help me very much, as I am the only physical user of my PC, and I'd like to retain access to regedit without having to restart my PC unnecessarily... And I know how to completely disable regedit from the system, this imho however doesn't restrict the OS (or any installed program) to change the registry anyway, right? Not to mention the System account itself...ok. So it's not possible to disable writing those values only. Does the Read only permission on the entire Parameters subkey cause any trouble then?

    Thanks very much


    System Specs: Windows 7 x64 SP1 build 7601, Intel Core i7-2700k @ 3,5-3,9GHz, 8GB DDR3 SDRAM @ 1600MHz, Gigabyte z77x-UD3h Motherboard, Gigabyte GeForce GTX560 Ti SOC 1GB

    Tuesday, February 12, 2013 6:18 AM
  • Hi,

    I haven’t tried whether deny permission for system could cause the problem. However, you can set for system to test the result.

    Assign permissions to a registry key


    Regards,

    Vincent Wang

    If you have any feedback on our support, please click here


    Vincent Wang
    TechNet Community Support

    Wednesday, February 13, 2013 9:26 AM
    Moderator
  • Hi,

     

    How’s everything going? Please feel free to give me any update.

    Thank you for your cooperation.

     

    Regards,

    Vincent Wang

    If you have any feedback on our support, please click here


    Vincent Wang
    TechNet Community Support

    Monday, February 18, 2013 3:45 AM
    Moderator
  • Hello Vincent,

    I've set the permissions to the key to for myself (my user) and NT AUTHORITY\System to Read, and over the Advanced button marked the checkbox "replace child object permissions...etc" and closed the tab, restarted, so far no problems whatsoever with this setup for a few days runtime already.

    Regards

    Marek


    System Specs: Windows 7 x64 SP1 build 7601, Intel Core i7-2700k @ 3,5-3,9GHz, 8GB DDR3 SDRAM @ 1600MHz, Gigabyte z77x-UD3h Motherboard, Gigabyte GeForce GTX560 Ti SOC 1GB

    Monday, February 18, 2013 3:53 AM
  • Hi Marek,


    Glad to hear it runs well after changing the permission.


    Regards,


    Vincent Wang
    TechNet Community Support

    Tuesday, February 19, 2013 1:21 AM
    Moderator