Prevent remote access to the Windows Registry

Protect the Windows registry as mentioned in this Article to prevent remote attacks.

　　Problem

Registry is the core of Windows. However, by default, the registries of all Windows-based computers can be accessed on the network. Hackers who know this can exploit this security vulnerability to attack your company's computer system, modify file relationships, and insert malicious code. To protect your network, you must disable remote access to the registry.

　　Solution

You can easily achieve this by modifying the network access list. Depending on the complexity of your network, you may need to consider disabling remote access to the registry.

　　Note:

It may be risky to edit the registry, so you must make sure that you have backed up the registry before you start.

　　Modify registry

To use Windows 2000, Windows XP, and Windows Server 2003, take the following steps:

1. Click the Start menu and select Run ".

2. Enter “regedt32.exe and click "OK ".

3. Select "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurePipeServers ".

4. If the winreg key already exists, go to Step 8. If the key does not exist, click the "edit" menu and select "add ".

5. Name the key "winreg" and set the category to REG_SZ.

6. Select the new key, click the "edit" menu, and select "added value".

7. Enter the following information:

Name: Description
Type: REG_SZ
Value: Registry Server

8. Select the winreg key to go to security | license.

9. Make sure that the local System administrator Group has all the access permissions and the read-only permission is granted to the System account and the Everyone group ).

10. Close the Registry Editor and restart the computer.

If you set a special group for the workstation or server support and the members of these groups are not administrators, you should also set appropriate permissions for them.

Moreover, if you are dealing with a server or a computer that provides remote services to special users, you must allow the account with the right to use the service to have read-only permissions on the relevant content.

　　Adjust Network

Registry Modification can protect your internal network from being authorized for access, but you also need to protect the registry from external access from the Internet. Attacks against Windows systems by using Registry security vulnerabilities are still very common, so you need to ensure that your security policies have effectively solved these security vulnerabilities.

Disabling TCP/UDP ports 135, 137, 138, 139, and 455 on the front-end router or firewall is a good solution. Disabling these ports not only prevents remote access to the registry, but also prevents most remote attacks against Windows systems.

Closing these ports quickly improves the security of your Windows network. Before Disabling these ports, you need to check if there are commercial reasons to keep these ports open.

These are Remote Registry services that can be disabled and run on Windows 2000, Windows XP, and Windows Server 2003 systems. For enterprises, it is always a very helpful and practical method.