Security considerations when updating settings from a remote system

14-Apr-2020 12:18

The security setting that appears on computers running Windows XP is Network access: Remotely accessible registry paths, and the setting in Windows Server 2003 is Network access: Remotely accessible registry paths and subpaths.The registry contains sensitive computer configuration information that could be used by an attacker to facilitate unauthorized activities.Remote Desktop Services uses global objects in its processes to facilitate connections and access.This policy setting is supported on versions of Windows that are designated in the Applies To list at the beginning of this topic.Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account with this user right assigned.The Act as part of the operating system policy setting determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access.To allow remote access, you must also enable the Remote Registry service.

A restart of the computer is not required for this policy setting to be effective.If you remove the default registry paths from the list of accessible ones, such remote management tools could fail.