Lock down remote access to
the Windows registry
By default, the registry on all Windows-based computers is
open and available across the network leaving it vulnerable to
would-be hackers. To mitigate this risk you need to deny remote
access to the registry.
The registry is the heart of the Windows operating system.
But by default, the registry on all Windows-based computers is
open and available across the network. A well-informed hacker
can use this vulnerability to compromise your organization's
systems or modify file relationships and permissions to inject
malicious code. To protect your network, you need to deny remote
access to the registry.
You can accomplish this via a network access list change and
a simple registry fix. Depending on the complexity of your network
you might consider denying remote registry access on the machines
Note: Editing the registry can be risky, so be sure you have
a verified backup before you begin.
Fix the registry
For computers running Windows 2000, Windows XP and Windows
Server 2003 follow these steps:
- Go to Start | Run.
- Enter Regedt32.exe, and click OK.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers.
- If the winreg key is present, skip to Step 8. If this key
doesn't exist, go to Edit | Add Key.
- Name the key winreg, and give it a class of REG_SZ.
- Select the new key, and go to Edit | Add Value.
- Enter the following:
- Name: Description
- Type: REG_SZ
- Value: Registry Server
- Select the winreg key, and go to Security | Permissions.
- Make sure the local System Administrators Group has full
access, and give read access to the System account and the Everyone
- Close the Registry Editor and restart the computer.
If you have a special group for workstation and server support
that isn't a member of your administrators group, you should
also grant it the appropriate access permissions. In addition,
if the machine you're making these changes on is a server or
if it provides remote services to authorized users, you must
allow the service account associated with that service to have
read permissions to this key as well.
Fix the network
The registry fix will take care of your internal, authorized
needs, but you still need to protect the registry from external
and Internet access. Registry exploits are still prevalent among
Windows systems and you should make sure your security strategy
addresses these vulnerabilities.
Denying TCP/UDP ports 135, 137, 138, 139, and 445 at the premise
router or firewall is the solution. Blocking these ports will
not only stop remote registry accessit will also stop most
remote attacks against Windows systems.
Shutting down access from the Internet to these ports will
instantly boost the security of your Windows networks. However,
before blocking these ports, make sure you don't have a business
reason to allow external access to these ports.
While there is a Remote Registry service on machines that
run Windows 2000, Windows XP and Windows Server 2003 that you
can disable this isn't always a practical approach for an enterprise
Network Chico recommends
the use of the free program EasyCleaner for Windows. EasyCleaner
is a small program which searches the Windows
registry for entries that are pointing nowhere. EasyCleaner
also lets you delete all kinds of unnecessary files like temps,
backups etc. You can search for duplicate files and you can view
some intresting information about your disk space usage. You
can also manage startup programs,
invalid shortcuts and add or remove software.
Be sure to check out the Network
resources for links to more information about Windows
Attention Windows users: Announcing the addition of
the Start-up application list
(startup info) mirrored from
The page presents a searchable, comprehensive list of the programs
you may find that run when you switch on your Windows
PC as typically identified by MSCONFIG or the registry "Run"
keys and whether you need them or not.. This excellent resource
contains more than 14000
entries. Please be advised this page can take some time to load
since it is more than 2MB in size.
Attention Windows users: Mozilla.org has released version 220.127.116.11 of its new secure web browser Firefox
for Windows. Network Chico
recommends the use of this browser as a replacement for Internet
Explorer for more secure web browsing.
Attention Windows XP users: Service Pack 2 for Windows
XP has been released. Network Chico
can install this major security update
for you without the need for any downloads; saving considerable
time since this update can be as large as 266MB.
Additional security pages:
| Anti-virus | Browser
cookies | Email | Firewall
| IPS |
| Network | Passwords
| Registry | Server
| Spyware | Terms
| Wireless |
View current Windows security threats from: