Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Registry Key Permissions for Everyone/Administrators 1

Status
Not open for further replies.
Pleonasm

Pleonasm

Technical User
May 20, 2004
121
CA
For the registry key HKEY_CLASSES_ROOT, the Everyone group has the Full Control and the Read permissions checked (enabled). For the Administrators group, however, the Full Control and Read permissions are neither checked as Allow or Deny. Operating under the assumption that Everyone is a superset of Administrators, shouldn’t the Full Control and Read permissions for the latter reflect the status of permissions granted to the former?

Stated differently, if the permission of a registry key is granted to the Everyone group, does that by definition extend the permission to encompass the Administrators group?

References to articles on the web describing the relationship between permissions granted to the Everyone group versus the Administrative group would also be appreciated.

Thank you.
 
Sort by date Sort by votes
Upvote 0 Downvote
Linney, in a non-networked environment (i.e., a local machine), I understand you to be saying that the Everyone group is inclusive of the Administrators group.

However, if that is true, then why wouldn't the permissions for the HKEY_CLASSES_ROOT registry key that are granted to the Everyone group be inherited by the Adminsitrators? In the case described in my initial post, the permissions for the Administrators group are *more* restrictive than those granted to the Everyone group.

Thank you for your assistance.
 
Upvote 0 Downvote
Everyone means everyone that uses the computer from a local user point of view, a Limited User or an Administrator.

I don't have the Everyone group in that particular key and the Administrator has Full Control.

It is easy enough to change the Permissions and have them Inherited down to lower levels.

HOW TO: Set, View, Change, or Remove File and Folder Permissions in Windows XP

How to Share and Set Permissions for Folders and Files Using Windows XP

Permissions are covered in the Help file of RegEdit as an article. Basically you just right-click on a Key and access Permissions via the drop down menu.


Viewing and Manipulating the Registry

If you experimenting in the Registry, I hope you have backed up any keys before you changed them. See Import and Export in the RegEdit Help.

This is a good program to get hold of if you playing with the Registry.

Registry Backup and Restore for Windows NT/2000/2003/XP
 
Upvote 0 Downvote
Linny, your comment is consistent with my understanding of registry key permissions: "Everyone means everyone that uses the computer from a local user point of view, a Limited User or an Administrator."

If still begs the question, however, of why the permissions displayed for the registry key HKEY_CLASSES_ROOT for the Administrative group are more restrictive than those granted to the Everyone group. If Everyone encompasses Administrators, ought not the latter inherit permissions granted to the former?

Thanks for your continued assistance.
 
Upvote 0 Downvote
ought not the latter inherit permissions granted to the former"

Administrators, Users, or other users can only inherit the settings of their matching users and not from other user groups.

All Permissions are set when XP is first installed, it must just be the Default Permissions you are seeing.


%windir%\help\secedit.chm typed in the Start Run box may be an interesting read.

Secedit.exe is useful when you have multiple computers on which security must be analyzed or configured.

How To Reset Security Settings Back to the Defaults
 
Upvote 0 Downvote
Linney, thank you for continuing to help me understand how permissions interact with groups.

Now, if the Administrators group has permission P1 enabled but not P2, and the Everyone group has permission P2 enabled but not P1, then will a user logged in as an Administrator possess permission P1, P2, or both? If the answer is “both,” then isn’t the user in this case inheriting a permission from another group (i.e., from the Everyone group)?
 
Upvote 0 Downvote
The Administrators will use whatever Permission are set for them. A Limited User will use whatever Permission is set for them too. If nothing is set then they will use the Everyone Permission, if there is no Everyone Permission then Access will be Denied.


"By default, the Everyone group has Full Control permissions on an NTFS volume. This permission might have been removed to provide additional security. Individual accounts, such as the Administrator account, may have been added. However, the Everyone group includes the System account. Removing the Everyone group without adding the System account as an individual account renders the paging file unusable".

Paging File Functionality Requires System Account Permissions and Proper Size
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Deniall
  • Locked
  • Question
AutoHotKey for a very simple task 1
Replies
5
Views
776
Deniall
Deniall
Andrzejek
  • Locked
  • Question
DVD Player - FREE (keyboard shortcuts) 1
Replies
6
Views
912
Andrzejek
Andrzejek
pjw001
  • Locked
  • Question
Windows 11 File Explorer Preview Pane for PDF files
Replies
2
Views
528
pjw001
pjw001
BloodFeastMan
  • Locked
  • Question
Running a "dir" command from "Scheduled Tasks" returns entire registry
Replies
3
Views
341
strongm
strongm
grnzbra
  • Locked
  • Question
Formatting Full Hard Drive 1
Replies
7
Views
760
austinpctech
austinpctech

Part and Inventory Search

Sponsor

Back
Top