mikesw Posted January 3, 2008 Posted January 3, 2008 (edited) I have two Win XP Pro SP2 machines on a local home network.No external access outside of this network is needed.I'm trying to use computer A to remotely modify the registry ofcomputer B or vice versa depending on which PC I'm at and loggedin as part of the Administrators users group.I'm trying to do remote registry by two different methods:a) using regedit and to connect to the other computers registryb ). using XP support tools to use the "reg.exe" command to query, and add or delete registry entries on the computerI see that the remote registry service is started and is automatic on both machines.Here's the problem,a). I can use regedit to pull the other computers registry in. Thetwo keys are HKLM and HKCU (if I remember). However, when Itry to expand this list, I am denied. Nor can I change these keyspermissions or see if I'm on the access list as admin.If I try to add to the access list i.e. computer B\Administratoror my user account name in place of Administrator by changingthe permissions on the HKLM or HKCU by going to that computer(computer A) and changing it there and save it off, it wont let meso that I can go back to computer B and try to view these keys remotelynow that I've given them access permissions. Why?b ). If I try to remotely query, add, delete a registry entry in HKLM onthe remote computer (ie computer B ) from computer A I getaccess denied even though the remote registry service is running.reg add \\COMPUTERB\HKLM\..... and the rest of the registry key with the DWORD I'm trying to addThe same applies to the "query" command too for the DWORD I'm trying to see.In both of the above cases, I've read the following at MSofthttp://technet2.microsoft.com/windowsserve...3.mspx?mfr=trueKB314837 article http://support.microsoft.com/kb/314837that deals with the "winreg" key entry being setup a certain way with the other keys tooand my two computers are already configured like the KB article states.I even tried to change the access permissions on the keys dealing with "winreg" and couldn't when I tried to do i.e. "COMPUTERB\Administrators" or my userlogin account (that is in admin group) like above so that I could give another Computer access bytelling "winreg" to allow me through. Note: Computer A and B are my computer names that I assigned.How to fix the problems in (a) and (b ) above to allow me to do this?I haven't tried adding to AllowedPaths whereby all the users can access perhttp://technet2.microsoft.com/windowsserve...3.mspx?mfr=truehttp://technet2.microsoft.com/windowsserve...3.mspx?mfr=truePS: Must my admin account or my user account which belongs to theadmin group have a password for the above to work? But, neitherthe regedit connect to remote computer registry nor the reg querycommand prompt me for a password based on a username that maybe sent to the remote computer that I' trying to remote registry to.If so, must the passwords and/or usernames be the same? Thereis no KB article to address the user account/password needs forremote registry. Although a regular user will not belong to the Admin group,can I assign this user to the winreg subkey to give them permission to changethe registry - assuming I was logged in as Administrator when I modifed the registrypermissions on this subkey to give this non admin user permission to modify the registry?Is there any parent/child permission inheritance on registry keys/subkeys similar to whatone can do on the files in a disk filesystem? presently i don't see any option to inherit from theparent. Thus, I don't think I have to give COMPUTERB\Administrators full control on theSecurePipeServers key which is the parent of the winreg subkey (the child). Of course thelocal computername Administrator has full control from the root parent HKLM all the way down towinreg. Perhaps I need to give COMPUTERB\Administrators access, I must change permissions at HKLM firstthen the child and then the next child etc til I will be able to change winreg although COMPUTERA\Administrators already have permissions and I'm the COMPUTERA\Administrators Admin doing the change on the COMPUTER Aregistry.BTW, here's a known problem as of Dec 2007 with performance counters accessed remotely.http://support.microsoft.com/kb/300702Based on KB890161 although KB is Win2K it applies to XP too. My RestrictAnonymous on all computers is 0.Restricting anonymous remote registry accessThe RestrictAnonymous registry value also lets you restrict anonymous remote registry access. This feature prevents anonymous users from connecting to the registry remotely. It also prevents anonymous users from reading or from writing any registry data. Remote access to the registry is controlled through the ACL on the winreg registry key. The ACL on the winreg registry key identifies the authenticated users who can remotely connect to the registry. Edited January 4, 2008 by mikesw
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now