Remote registry access between two Win XP Pro computers

[mikesw]

I have two Win XP Pro SP2 machines on a local home network.

No external access outside of this network is needed.

I'm trying to use computer A to remotely modify the registry of

computer B or vice versa depending on which PC I'm at and logged

in as part of the Administrators users group.

I'm trying to do remote registry by two different methods:

a) using regedit and to connect to the other computers registry

b ). using XP support tools to use the "reg.exe" command

to query, and add or delete registry entries on the computer

I see that the remote registry service is started and is automatic on both

machines.

Here's the problem,

a). I can use regedit to pull the other computers registry in. The

two keys are HKLM and HKCU (if I remember). However, when I

try to expand this list, I am denied. Nor can I change these keys

permissions or see if I'm on the access list as admin.

If I try to add to the access list i.e. computer B\Administrator

or my user account name in place of Administrator by changing

the permissions on the HKLM or HKCU by going to that computer

(computer A) and changing it there and save it off, it wont let me

so that I can go back to computer B and try to view these keys remotely

now that I've given them access permissions. Why?

b ). If I try to remotely query, add, delete a registry entry in HKLM on

the remote computer (ie computer B ) from computer A I get

access denied even though the remote registry service is running.

reg add \\COMPUTERB\HKLM\..... and the rest of the registry key with the DWORD

I'm trying to add

The same applies to the "query" command too for the DWORD I'm trying to see.

In both of the above cases, I've read the following at MSoft

http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

KB314837 article http://support.microsoft.com/kb/314837

that deals with the "winreg" key entry being setup a certain way with the other keys too

and my two computers are already configured like the KB article states.

I even tried to change the access permissions on the keys dealing with

"winreg" and couldn't when I tried to do i.e. "COMPUTERB\Administrators" or my user

login account (that is in admin group) like above so that I could give another Computer access by

telling "winreg" to allow me through. Note: Computer A and B are my computer names that I assigned.

How to fix the problems in (a) and (b ) above to allow me to do this?

I haven't tried adding to AllowedPaths whereby all the users can access per

http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

PS: Must my admin account or my user account which belongs to the

admin group have a password for the above to work? But, neither

the regedit connect to remote computer registry nor the reg query

command prompt me for a password based on a username that may

be sent to the remote computer that I' trying to remote registry to.

If so, must the passwords and/or usernames be the same? There

is no KB article to address the user account/password needs for

remote registry. Although a regular user will not belong to the Admin group,

can I assign this user to the winreg subkey to give them permission to change

the registry - assuming I was logged in as Administrator when I modifed the registry

permissions on this subkey to give this non admin user permission to modify the registry?

Is there any parent/child permission inheritance on registry keys/subkeys similar to what

one can do on the files in a disk filesystem? presently i don't see any option to inherit from the

parent. Thus, I don't think I have to give COMPUTERB\Administrators full control on the

SecurePipeServers key which is the parent of the winreg subkey (the child). Of course the

local computername Administrator has full control from the root parent HKLM all the way down to

winreg. Perhaps I need to give COMPUTERB\Administrators access, I must change permissions at HKLM first

then the child and then the next child etc til I will be able to change winreg although COMPUTERA\Administrators

already have permissions and I'm the COMPUTERA\Administrators Admin doing the change on the COMPUTER A

registry.

BTW, here's a known problem as of Dec 2007 with performance counters accessed remotely.

http://support.microsoft.com/kb/300702

Based on KB890161 although KB is Win2K it applies to XP too. My RestrictAnonymous on all computers is 0.

Restricting anonymous remote registry access

The RestrictAnonymous registry value also lets you restrict anonymous remote registry access. This feature prevents anonymous users from connecting to the registry remotely. It also prevents anonymous users from reading or from writing any registry data. Remote access to the registry is controlled through the ACL on the winreg registry key. The ACL on the winreg registry key identifies the authenticated users who can remotely connect to the registry.

Edited January 4, 2008 by mikesw