Restrict access to REGEDIT/REGEDT32

Control who can run the REGEDIT/REGEDT32 editor in your organization.

This tip is to prevent someone from running the REGEDIT/REGEDT32 editor.

Using Regedt32 to edit:

  1. Select [Hkey_Users]. Then go to "Load Hive" from the registry Menu.
  2. Browse to the profile directory of the user you want to restrict and select NTUser.dat file.
  3. When prompted for Key Name, input their login UserID.
  4. Now, select the key name (UserID) you just put in, and browse to SoftwareMicrosoftWindowsCurrentVersionPolicies
  5. If no System sub-key exists, go to "Add Key" from the Edit Menu. Here, type System in the Key name field and click "OK".
  6. Highlight System and go to "Add Value" from the Edit Menu. Here, type DisableRegistryTools, using type REG_DWORD and set it to 1.
  7. Now, highlight the Key name (UserID) as in Step 3, and go to Unload Hive from the registry menu. You should see the UserID disappear from the [Hkey_Users].
  8. Log in and verify that that user will not be able to run Regedt32 or Regedit.

This was first published in April 2001

Dig Deeper on Windows Server Monitoring and Administration



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:









  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.