is there any way to lock few Windows Registry enteries

0

I have seen that most of virus , spyware etc changes few registry files which are linked to boot process or which starts when window loads user settings.

Is there any way to lock those files which are linked to start the system like explorer.exe , userinit.exe so that virus at least should not be able to stop the system to start up.

Why did'nt microsoft put those registry file separately so that nothing can touches them

Now my userinit.exe file is affected and its not letting me logn on to computer. I get blank desktop but system loads during safe mode. I have run anti virus bootable cd but still have not found solution

Mirage

Posted 2011-11-15T09:18:14.347

Reputation: 2 563

The registry entries should not be locked, Windows needs access to them also. You are best to back up your data and do a clean install of XP, – Moab – 2011-11-15T21:39:56.683

Answers

2

There is a simple locking mechanism: log in as a non-Administrator user. That stops most viruses.

Also, the registry file (actually files) are separate. Doesn't help that much, actually.

MSalters

Posted 2011-11-15T09:18:14.347

Reputation: 7 587

0

To start off I'm going to suggest that you NOT do what you've asked. Don't worry, I'll tell you how but it isn't a good idea because many applications actually DO use those keys and for good reasons.

If you haven't done so already, have a look at msconfig.exe (click Start, click Run, type msconfig, and then click OK). It is the Microsoft tool for managing this and it isn't the preemptive solution you're asking for but it is definitely going to be handy for this.

An answer to your question:

First, I'm not responsible for any damage you are about to do to your system. Secondly, read and understand this article: http://support.microsoft.com/kb/310516 . Thirdly, there are actually several registry node you'll need if you want to do this. I'm not going to track each of those down for you (they can easily be found using msconfig).

Now that you are more familiar with regedit command line options it is just a matter of exporting the reg key you want and then calling regedit /s you_reg_file.reg at the correct time.

There is a bit of a problem concerning the correct timing of this however. I haven't tested this but it is very likely that putting this in your startup will cause trouble (it will overwrite the very node that the startup handler is reading; it's hard to tell exactly which parts of that node have already been cached without a little trial and error).

You could run this on a schedule or manually but really what you want is to run this on shutdown. Shutdown scripts are possible in XP but they aren't terribly reliable. Several things can happen which will cause them to not actually run. If you're going to try this use gpedit:

  1. Start, Run, gpedit.msc
  2. Select Computer Configuration, Windows Settings, Scripts (Startup/Shutdown)
  3. Double Click Shutdown
  4. Click Add, and browse to the script.
  5. Click OK, and OK again.
  6. Close Group Policy and Restart Computer.

The script should now be run on shutdown.

Now A Better Option:

If you'd like to ensure that NOTHING every gets changed on your PC then I'd suggest looking into something like Deepfreeze: http://www.faronics.com/products/deep-freeze/standard/

This program will basically do what you're doing to a single registry node to the whole system. I've used it for many years in an industrial setting and it's great if that's what you're wanting to do.

I've also seen a few anti virus applications that just monitor these sections for changes and popup a warning when they're modified. I'd say this is the best way to achieve the net effect you're wanting.

krowe

Posted 2011-11-15T09:18:14.347

Reputation: 5 031

Asked: 2011-11-15T09:18:14.347

Viewed: 197 times

Active: 2013-08-13T03:44:45.687