LES! Posted December 8, 2007 Posted December 8, 2007 I believe that most security guides recomemend thatHKU\.Default\Software\Microsoft\SystemCertificates\Root\ProtectedRoots have these permissions. Administrators-Full, System-Full, Users-read. As the system boots and WinDefender loads, I believe the MsMpENG.exe resets the permissions on this key to Everyone_Read, System-Full. Is there a method to change this behavior?I am using Windows XP pro that is updated through November 2007. By testing, I know the key permission is not reset on boot, if Windows Defender is not loaded on boot. The NSA Guide (C44-026-02) pg 71 (pdf pg 86)shows settings.NSA GuideThank you.
cluberti Posted December 8, 2007 Posted December 8, 2007 Why would Administrators need anything other than read access to this key? You should only be adding things here if you specifically need to lock down the CA chain for your users, and even then, you can (and should) start regedit from a command prompt running as the SYSTEM account anyway.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now