Disable the remote registry on any version of windows as a good security measure

 

When a hacker tries to remotely break into a windows system, one of the things they may look at is the target's windows registry remotely.

It contains information about usernames on the system, password policies, and a whole wealth of other information which is useful to a hacker.

The remote registry is rarely used on home systems but more commonly legitimately used by system admins in offices of many computers on large networks.

This following code will disable the remote registry service, which is left enabled on WinXP Pro, 2000, Sever 2003, Vista and Windows 7:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry][/br]"Start"=dword:00000004

 

You can copy and paste this text above into notepad, and save the file as filename.reg on the desktop, when you double-click it, it will merge the changes into your registry.

You can also change this manually by loading "services.msc" from run and finding "Remote Registry" in the list of services, double click it and choose "disabled" from the 'Startup type' option.

To complete these changes, you need to reboot so that the remote registry service is not in the computers memory any longer.

You need to have local administrator rights to be able to change this manually or with the registry file.

And here is a direct link to the registry file that you can run from my site, but you still need to be logged on with local admin rights for it to work:

http://www.glennroast.co.uk/disremotereg.reg

 

Back to Technical Tips

Back To Main Page