Is it possible to restrict access to the registry keys, just like Microsoft does on some of the keys(ex. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend)? I was able to get a similar result by setting SYSTEM owner to the key, giving it full control, and deleting all other permissions. But users in the Administrator group can still change its ownership to themselves and then change permissions. On WinDefend, setting a new owner is restricted too. It seems, it somehow overrides the "Take ownership of files or other objects" policy in local group policy.
Asked
Active
Viewed 100 times
0
-
You may need to write a [kernel driver](https://social.technet.microsoft.com/Forums/en-US/de1ae50a-0089-4d91-a3a7-30bf2ceab463/why-cant-i-modify-any-value-under-the-hklmsystemcurrentcontrolsetserviceswindefend-registry?forum=w81previtpro). – user Aug 12 '21 at 17:13
-
[Here's](https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/filtering-registry-calls) some documentation for it. – user Aug 12 '21 at 17:19