Details
The registry is integral to the function, security, and stability of the Windows system. Changing the system’s registry permissions allows the possibility of unauthorized and anonymous modification to the operating system.
Solution
Maintain the default permissions for the HKEY_LOCAL_MACHINE registry hive.
The default permissions of the higher-level keys are noted below.
HKEY_LOCAL_MACHINESECURITY
Type – ‘Allow’ for all
Inherited from – ‘None’ for all
Principal – Access – Applies to
SYSTEM – Full Control – This key and subkeys
Administrators – Special – This key and subkeys
HKEY_LOCAL_MACHINESOFTWARE
Type – ‘Allow’ for all
Inherited from – ‘None’ for all
Principal – Access – Applies to
Users – Read – This key and subkeys
Administrators – Full Control – This key and subkeys
SYSTEM – Full Control – This key and subkeys
CREATOR OWNER – Full Control – This key and subkeys
ALL APPLICATION PACKAGES – Read – This key and subkeys
HKEY_LOCAL_MACHINESYSTEM
Type – ‘Allow’ for all
Inherited from – ‘None’ for all
Principal – Access – Applies to
Users – Read – This key and subkeys
Administrators – Full Control – This key and subkeys
SYSTEM – Full Control – This key and subkeys
CREATOR OWNER – Full Control – Subkeys only
ALL APPLICATION PACKAGES – Read – This key and subkeys
Server Operators – Read – This Key and subkeys (Domain controllers only)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.
References
- 800-53|AC-6(10)
- CAT|II
- CCI|CCI-002235
- CSCv6|3.1
- Rule-ID|SV-224835r793228_rule
- STIG-ID|WN16-00-000190
- STIG-Legacy|SV-87907
- STIG-Legacy|V-73255
- Vuln-ID|V-224835