Microsoft Windows Security - Use Group Policy To Set Permissions For Registry Keys


You can use Group Policy to define access permissions and audit settings for individual registry keys, and you can also take or assign ownership of keys. Open the appropriate Group Policy Object (for example, the Default Domain Policy) in the GPO Editor and expand the Computer Configuration node, then Windows Settings, then Security Settings. Click on Registry. Note that the Registry setting is missing from the local computer GPO. By default, administrators and the system have full control permissions for all keys, users have read-only permission, and the creator/owner can assign ownership of the key.

Go back