GO to the azbil Global Site

The photo of a boy and his father who are looking at the screen of pc. Products Company Research In The Media Contact



Something interesting about the Windows registry

The Microsoft Windows Registry Editor is able to view five predefined and reserved keys in the registry. They are HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG, HKEY_CLASSES_ROOT, HKEY_CURRENT_USER. The HKEY_CURRENT_USER is a subkey of HKEY_USERS. It is the registry key used by a user, who is currently logging on to the system.

When you log on Windows NT/2000 locally, you can edit your personal registries in HKEY_USERS or HKEY_CURRENT_USER using the Registry Editor. At the same time, HKEY_CURRENT_USER can be accessed and modified remotely. In other words, you can edit your personal registries (HKEY_CURRENT_USER) using your account and password from a remote computer, given that you are also logging on the target computer locally.

If your account and password are stolen, it becomes a very serious security problem. Someone who knows your account and password can edit your personal registries.

RegistryBrowser is a utility which demonstrates this security issue. It can browse remote system registry using a specified user account. Please try to access HKEY_CURRENT_USER remotely when you either log on or log off locally.

(Nov. 2001)



SecurityFriday TM

(C)Azbil SecurityFriday Co., Ltd. All rights reserved.