|
|
; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *;; Registry ACL definition file;; Use this file to set the registry key ACL's to the desired ; security. The format of each entry is:;; [RegistryKey]; Domain\Account = [INHERIT,] access [, access]...;; where:;; RegistryKey is the key path of the key to set. This is in the; format of:;; PREDEFINED_KEY\[path | *]; where:;; PREDEFINED_KEY is one of:; HKEY_LOCAL_MACHINE; HKEY_USERS; HKEY_CURRENT_USER; HKEY_CLASSES_ROOT ;; and; path is the path to the key. The path may end in a "*"; character in which case, all sub-keys of the specified; path will be set to the specified security;; for example:;; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*];; would assign the security description of that section; to all keys UNDER the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft; key but NOT to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft; key itself. To assign security to that key, an entry; such as the following would be needed:;; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft];;; Domain\Account; specifies the account to recieve the specified access for that ; key. Account may be an account or a group. For Example to give; permissions to all administrator accounts, the:;; BUILTIN\Administrators;; would be the correct entry.; ; access is defined as one of the following:;; QV = Query Value; SV = Set Value; CS = Create Subkey; ES = Enumerate Subkeys; NT = Notify; CL = Create Link;; DE = Delete; RC = Read Control; WD = Write DAC; WO = Write Owner;; there are also some predefined combination access keys:;; NONE = no access; FULL = QV, SV, CS, ES, NT, CL, DE, WD, WO, RC; READ = QV, ES, NT, RC;; The 'INHERIT' string can be specified (in the first entry only); to indicate this is the access control to be assigned by default; to created subkeys.;; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
[HKEY_LOCAL_MACHINE\SOFTWARE]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Description]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Description\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLBUILTIN\Power Users = QV, SV, CS, ES, NT, DE, RCBUILTIN\Power Users = INHERIT, QV, SV, CS, ES, NT, DE, RCEveryone = READEveryone = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Secure]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLEveryone = READEveryone = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLEveryone = READEveryone = INHERIT, READ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\*]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = QV, SV, CS, ES, NT, DE, RCEveryone = INHERIT, QV, SV, CS, ES, NT, DE, RC
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]BUILTIN\Administrators = FULLBUILTIN\Administrators = INHERIT, FULLSYSTEM = FULLSYSTEM = INHERIT, FULLCREATOR OWNER = FULLCREATOR OWNER = INHERIT, FULLEveryone = READEveryone = INHERIT, READ
|
