|
|
; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *;; Registry ACL definition file;; Use this file to set the registry key ACL's to the desired; security. The format of each entry is:;; [RegistryKey]; Domain\Account = [INHERIT,] access [, access]...;; where:;; RegistryKey is the key path of the key to set. This is in the; format of:;; PREDEFINED_KEY\[path | *]; where:;; PREDEFINED_KEY is one of:; HKEY_LOCAL_MACHINE; HKEY_USERS; HKEY_CURRENT_USER; HKEY_CLASSES_ROOT;; and; path is the path to the key. The path may end in a "*"; character in which case, all sub-keys of the specified; path will be set to the specified security;; for example:;; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*];; would assign the security description of that section; to all keys UNDER the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft; key but NOT to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft; key itself. To assign security to that key, an entry; such as the following would be needed:;; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft];;; Domain\Account; specifies the account to recieve the specified access for that; key. Account may be an account or a group. For Example to give; permissions to all administrator accounts, the:;; BUILTIN\Administrators;; would be the correct entry.;; access is defined as one of the following:;; QV = Query Value; SV = Set Value; CS = Create Subkey; ES = Enumerate Subkeys; NT = Notify; CL = Create Link;; DE = Delete; RC = Read Control; WD = Write DAC; WO = Write Owner;; there are also some predefined combination access keys:;; NONE = no access; FULL = QV, SV, CS, ES, NT, CL, DE, WD, WO, RC; READ = QV, ES, NT, RC;; The 'INHERIT' string can be specified (in the first entry only); to indicate this is the access control to be assigned by default; to created subkeys.;; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
[HKEY_LOCAL_MACHINE\SOFTWARE]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SOFTWARE\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Description]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Description\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Power Users = READBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Secure]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SYSTEM\DISK]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SYSTEM\DISK\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SYSTEM\Select]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SYSTEM\Select\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\Hardware\Description]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\Hardware\Description\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\Hardware\DeviceMap]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\Hardware\DeviceMap\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_LOCAL_MACHINE\Hardware\ResourceMap]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_LOCAL_MACHINE\Hardware\ResourceMap\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
[HKEY_USERS\.DEFAULT]BUILTIN\Administrators = FULLSYSTEM = FULLBUILTIN\Users = READAnonymous = READ
[HKEY_USERS\.DEFAULT\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Users = READBUILTIN\Users = INHERIT, READAnonymous = READAnonymous = INHERIT, READ
|
