The registry stores settings for various Windows components and applications. Incorrectly editing the entries here can cause a number of problems, from application errors to system crashes and BSODs. As such, it’s best to revoke registry editing privileges on remotely accessible accounts. We’ve detailed the steps to do precisely this in this article.
How to Disable Remote Access?
Remote registry access in Windows is generally managed through a couple of ways; the Services utility and the Registry Editor. We recommend first preventing registry access with these methods. Here are the steps for this: You can also do the same thing via the Registry Editor. Once you’ve backed up the registry, you can follow the steps listed below for this method: After performing either of these methods, make sure to actually test if the registry is no longer remotely accessible. If the steps worked, then you’re good to go. But if the registry is still accessible, please check the next section.
Disabling Remote Registry with System Policies
This workaround is slightly lengthier, but it works, so bear with us. First, we’ll temporarily give a standard account admin privileges. Then, we’ll use the Group Policy Management Console to disable Registry Editing on this account. Finally, we’ll add this account to the Remote Desktop Users group and revoke admin privileges. Here are the full steps for this: Now that the admin privileges have been revoked, registry editing will be disabled on it. Only an administrator can re-enable it via the Group Policy Management Console. As long as non-admin users remote into this account, they won’t be able to edit the registry over the network.