; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ; ; Registry ACL definition file ; ; Use this file to set the registry key ACL's to the desired ; security. The format of each entry is: ; ; [RegistryKey] ; Domain\Account = [INHERIT,] access [, access]... ; ; where: ; ; RegistryKey is the key path of the key to set. This is in the ; format of: ; ; PREDEFINED_KEY\[path | *] ; where: ; ; PREDEFINED_KEY is one of: ; HKEY_LOCAL_MACHINE ; HKEY_USERS ; HKEY_CURRENT_USER ; HKEY_CLASSES_ROOT ; ; and ; path is the path to the key. The path may end in a "*" ; character in which case, all sub-keys of the specified ; path will be set to the specified security ; ; for example: ; ; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*] ; ; would assign the security description of that section ; to all keys UNDER the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft ; key but NOT to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft ; key itself. To assign security to that key, an entry ; such as the following would be needed: ; ; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] ; ; ; Domain\Account ; specifies the account to recieve the specified access for that ; key. Account may be an account or a group. For Example to give ; permissions to all administrator accounts, the: ; ; BUILTIN\Administrators ; ; would be the correct entry. ; ; access is defined as one of the following: ; ; QV = Query Value ; SV = Set Value ; CS = Create Subkey ; ES = Enumerate Subkeys ; NT = Notify ; CL = Create Link ; ; DE = Delete ; RC = Read Control ; WD = Write DAC ; WO = Write Owner ; ; there are also some predefined combination access keys: ; ; NONE = no access ; FULL = QV, SV, CS, ES, NT, CL, DE, WD, WO, RC ; READ = QV, ES, NT, RC ; ; The 'INHERIT' string can be specified (in the first entry only) ; to indicate this is the access control to be assigned by default ; to created subkeys. ; ; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * [HKEY_LOCAL_MACHINE\SOFTWARE] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Description] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Description\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Secure] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\DISK] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\DISK\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\Select] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\Select\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\Setup] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\SYSTEM\Setup\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Hardware\Description] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Hardware\Description\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Hardware\DeviceMap] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Hardware\DeviceMap\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Hardware\ResourceMap] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_LOCAL_MACHINE\Hardware\ResourceMap\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_USERS\.DEFAULT] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ [HKEY_USERS\.DEFAULT\*] BUILTIN\Administrators = FULL BUILTIN\Administrators = INHERIT, FULL SYSTEM = FULL SYSTEM = INHERIT, FULL BUILTIN\Users = READ BUILTIN\Users = INHERIT, READ Anonymous = READ Anonymous = INHERIT, READ