Guidelines for Designing a Permission Structure for Registry Keys
Follow these guidelines for designing a permission structure for Vista certificate registry keys.
Do not change system registry keys without extensive research and testing.
Do not change registry file permission keys. Providing file permissions to the registry files is not necessary to provide access to registry keys.
Do not provide users with the ability to modify registry key values where this is not necessary. To understand where it is and is not necessary requires research.
Use test systems to validate permission settings, and then apply new settings to pro duction systems via a tested script, program, security templates, or Group Policy.
Once tested, these systems provide a way to ensure that modifications will be consistent across multiple computers and that accidental applications of the wrong changes won’t crash systems or weaken security. Modify registry permissions and data programmatically where possible. It is easy to damage the ability of the operating system to function by wanton exercise of direct permission and data entry.
If applications require elevated privileges (the user must be an administrator, for example), do not provide access by adding users to the Administrators group.
Instead, evaluate the need for changing permissions to registry keys to allow users the access required without providing them elevated privileges on the computer.
Processing your request, Please wait....
