2

I know that I can use group policy preferences to set registry key values on a Windows 7 computer. But is it possible to apply registry key permissions using group policy?

Note: I've seen this post about writing scripts using SubInAcl but was trying to find a way to use a group policy without a script.

Community
  • 1
Shannon Wagner
  • 375
  • 3
  • 5
  • 20

1 Answers1

8

Yes; from the Group Policy Object Editor, expand Computer Configuration > Windows Settings > Security Settings. You should see a Registry option, where you can add keys and specify permissions.

Note that just allows you to play with permissions; i.e. this is different from Group Policy Preferences, where you can actually set values

jimbobmcgee
  • 2,645
  • 4
  • 24
  • 40
  • Thanks! Any chance you know if this works also for user registry keys? – Shannon Wagner May 17 '12 at 20:53
  • 1
    Doesn't appear to; no 'Registry' branch under 'User Configuration'. AD is full of oversights like this. You could do it for specific users, if you know their SIDs, by adding to the USERS hive. But for all users, you're going to need a script. I would probably use a computer startup script which enumerated all the user folders, loaded their registry hives with REG.EXE and set the permissions with REGINI.EXE (or have the script create a Scheduled Task which would periodically do the same). – jimbobmcgee May 18 '12 at 10:04