Group Policy : Prevent access to registry editing tools

In another post we made changes to the registry in order for our Kiosk computer to log into a domain account without typing credentials.

In order not to expose the Credentials used we now apply this GPO to prevent regedit from running.

Please note that this setting only specifically Prevent access to registry editing tools.

If we also want to prevent the users from running other administrative tools, we need to setup the GPO Run only specified Windows applications policy setting.

  1. Start you Group Policy Management by typing gpmc.msc, right-click your domain and select Create a GPO in this domain, and Link it here…
    You might obviously want to link the GPO somewhere else.
    01-GPO
  2. Select af fitting name and click OK
    02-LockRegistry
  3. Right-click your new GPO shortcut and select Edit
    03-LockRegistry
  4. Browse to User Configuration, Administrative Templates, System and select Prevent access to registry editing tools.
    04-LockRegistry
    Click for large image.
  5. Select Enabled and set Disable regedit from running silently? to Yes.
    05-LockRegistry

 

 

Posted in Group Policy, Server 2012

Leave a Reply