Cover your tracks

In Windows 2000, if you modify a key or subkey in the registry that key or subkey stays expanded. So if you were to revisit the registry to perform some other job, the previous key or subkey would still be open. Some users could find this nothing more than an annoyance, because they then have to now "close off" the previous key. But it's more than an annoyance; there is also a security risk to worry about.

Let's say that you have an administrator account and password to access a dedicated workstation located in another department, and that your company policy states that you must give this account and password to senior personnel of that department. To try to keep that password secure, let's say that you hide the diskette and/or CDROM drive to prevent anyone from installing illegal software on this workstation. If someone were to acquire the admin account and password and were to invoke regedit the previous key would be displayed thereby exposing the key that you worked on to hide the drives.

Disabling write permissions for the LastKey subkey can prevent the previous key from being displayed. Here's how: (NOTE: make sure you have backed up the registry in case you make a mistake.)

  1. Load Regedit32

  2. Go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionAppletsRegedit

  3. Double-Click LastKey value. Then delete the entry in the string box. Thereby creating

Requires Free Membership to View

  1. an empty string. Click OK.

  2. Repeat Step 1.

  3. Go to Security, and then select Permissions.

  4. Click Advanced to open the Access Control Settings dialog Box. Select the admin account, and then click View/Edit. Select Deny beside. Set Value and then click OK.

  5. Ensure that the option Reset Permissions On All Child Objects (Located In the Access Control Settings For Regedit) is NOT Selected.

Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

This was first published in October 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.