355 lines
8.6 KiB
INI
355 lines
8.6 KiB
INI
; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
|
;
|
|
; Registry ACL definition file
|
|
;
|
|
; Use this file to set the registry key ACL's to the desired
|
|
; security. The format of each entry is:
|
|
;
|
|
; [RegistryKey]
|
|
; Domain\Account = [INHERIT,] access [, access]...
|
|
;
|
|
; where:
|
|
;
|
|
; RegistryKey is the key path of the key to set. This is in the
|
|
; format of:
|
|
;
|
|
; PREDEFINED_KEY\[path | *]
|
|
; where:
|
|
;
|
|
; PREDEFINED_KEY is one of:
|
|
; HKEY_LOCAL_MACHINE
|
|
; HKEY_USERS
|
|
; HKEY_CURRENT_USER
|
|
; HKEY_CLASSES_ROOT
|
|
;
|
|
; and
|
|
; path is the path to the key. The path may end in a "*"
|
|
; character in which case, all sub-keys of the specified
|
|
; path will be set to the specified security
|
|
;
|
|
; for example:
|
|
;
|
|
; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*]
|
|
;
|
|
; would assign the security description of that section
|
|
; to all keys UNDER the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
|
|
; key but NOT to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
|
|
; key itself. To assign security to that key, an entry
|
|
; such as the following would be needed:
|
|
;
|
|
; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]
|
|
;
|
|
;
|
|
; Domain\Account
|
|
; specifies the account to recieve the specified access for that
|
|
; key. Account may be an account or a group. For Example to give
|
|
; permissions to all administrator accounts, the:
|
|
;
|
|
; BUILTIN\Administrators
|
|
;
|
|
; would be the correct entry.
|
|
;
|
|
; access is defined as one of the following:
|
|
;
|
|
; QV = Query Value
|
|
; SV = Set Value
|
|
; CS = Create Subkey
|
|
; ES = Enumerate Subkeys
|
|
; NT = Notify
|
|
; CL = Create Link
|
|
;
|
|
; DE = Delete
|
|
; RC = Read Control
|
|
; WD = Write DAC
|
|
; WO = Write Owner
|
|
;
|
|
; there are also some predefined combination access keys:
|
|
;
|
|
; NONE = no access
|
|
; FULL = QV, SV, CS, ES, NT, CL, DE, WD, WO, RC
|
|
; READ = QV, ES, NT, RC
|
|
;
|
|
; The 'INHERIT' string can be specified (in the first entry only)
|
|
; to indicate this is the access control to be assigned by default
|
|
; to created subkeys.
|
|
;
|
|
; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Description]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Description\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Power Users = READ
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Secure]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\DISK]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\DISK\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\Select]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\Select\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Hardware\Description]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Hardware\Description\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Hardware\DeviceMap]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Hardware\DeviceMap\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Hardware\ResourceMap]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_LOCAL_MACHINE\Hardware\ResourceMap\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|
|
[HKEY_USERS\.DEFAULT]
|
|
BUILTIN\Administrators = FULL
|
|
SYSTEM = FULL
|
|
BUILTIN\Users = READ
|
|
Anonymous = READ
|
|
|
|
[HKEY_USERS\.DEFAULT\*]
|
|
BUILTIN\Administrators = FULL
|
|
BUILTIN\Administrators = INHERIT, FULL
|
|
SYSTEM = FULL
|
|
SYSTEM = INHERIT, FULL
|
|
BUILTIN\Users = READ
|
|
BUILTIN\Users = INHERIT, READ
|
|
Anonymous = READ
|
|
Anonymous = INHERIT, READ
|
|
|