Network access to the windows xp registry. Disabling the Remote Registry service in Windows XP

Task 9. Registration information

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon to the logon.reg file and analyze the information it contains about the username and registration domain.

Task 10. Network connections

Create a named network connection (network drive). To do this, in the context menu of the icon My Network Neighborhood run the command Map network drive... Check the box Recover at login... Select a free letter for naming a network drive and a connection path (as instructed by your teacher).

Export the key from the registry HKEY_CURRENT_USER \ Network to the net.reg file and analyze the information it contains about persistent network connections to network resources.

Task 11. Shared Computer Resources

Export the key from the registry HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Shares to the shares.reg file and analyze the information it contains about the shared folders on your computer.

Task 12. Completion of work

Save the resulting REG files on a floppy disk (removable disk). To prevent accidental import of these files into the registry and to work with them as text information, rename the file extensions to type .TXT. To do this through Start | Run enter the command (example for a floppy disk):

command / c ren a: *. reg * .txt

Delete files .REG from the hard drive.

Remove the registry shortcut on your desktop

Present the results of the work to the teacher.

The report on the work should contain the export files (REG files) printed as instructed by the teacher, given in the assignment.

Lab 3. Sharing and securing Windows network resources in a Microsoft peer-to-peer network.

Goals

After completing this lab, you will be able to register in a peer-to-peer network with the client for Microsoft networks, view and search for resources on the network, get acquainted with the composition of network services and their dependencies, be able to share resources on your workstation, learn to work offline with network resources , master the installation of a network printer.

The necessary conditions

· Performance of work on the discipline "Informatics", laboratory work 1 and 2 of this cycle

Windows Networked Workstation with components:
- network adapter driver;
- TCP / IP protocol;
- a network client for Microsoft networks.

Attention!

All described network settings are available only to users who are members of the Administrators group. Therefore, registration on a computer should be carried out with a name and password as instructed by the teacher.

Configuring a Windows Workstation for Microsoft Peer-to-Peer Networking.

Task 1. Preparing the computer for work and identifying it

1.1. Run: Start | Control Panel | Network Connections.

1.2. Next, in the window of the same name, call the context menu LAN connection and select the menu item Properties... In the window Local Area Connection - Properties make sure you have the following components:

· Network adapter.

· Client for Microsoft networks.

· TCP / IP protocol.

· Service of access to files and printers of the Microsoft network.

To check the status of the network adapter, click Tune and in the adapter properties window make sure the device is working normally. Otherwise in the list Device application choose This device is in use (enabled) | OK. Thus, the network adapter connects to the system through its driver.

Check the boxes for the listed network components. If the checkbox is not checked, the network component is excluded from the configuration. Check the boxes for the required components.

1.3. Verify that the computer is identified and peer-to-peer on the Microsoft network. On the desktop, right-click on the icon My computer and select the item Properties ( otherwise: Start | Control Panel | System; otherwise: in the window Network Connections | Advanced | Network Identity)... In the window System properties select tab Computer name. Click the button Change.

1.4. Check the installation Is a member of a domain / workgroup.

If the computer is a member of a domain, set the radio button to the workgroup position, enter the workgroup name that matches the laboratory number, for example, 210, click OK three times and reboot the system. This disables domain registration and the computer joins the peer-to-peer network.

If the computer is a member of a workgroup and its name does not match the lab number, change the workgroup name to match the lab number, for example, 210, click OK three times and reboot the system.

If the computer is a member of a workgroup and its name matches the lab number, click Cancellation twice.

Task 2. Change the network configuration.

2.1. Stop the server service of your computer.

2.2. Check: are network resources available to you? To do this, in the command line, run the command to browse computers in your group.

Net view

Which computers are visible in the group, which ones are not, and why?

2.3. Start browser service

Net start browser

This will also start the server service. Check the functioning of these services.

2.5. Close the MS-DOS session window with the command EXIT.

Good day!. Last time we talked about the wonderful Remote Desktop Connection Manager utility, which should be in the toolkit of any system administrator, in the future I plan to make a separate article about this kind of toolkit. Today I want to show you another live hack that will help you in your practice to get out of a number of unpleasant situations, and the speech will go about remote windows registry and connection to it at.

For which you may need to remotely connect to the Windows registry of another computer

Before I show how our task is realized, I would like to highlight in what situations this knowledge can be useful to you. Earlier I told you how to start the registry in Windows, I told you that all the settings in a graphical form that you see and do actually change the registry keys in the background, so the registry is the Windows management system.

I recently told you a situation that I needed to remotely enable the Remote Desktop service on one Windows Server 2019 server so that I could connect to it via RDP, and thanks to changing the keys via a remote connection to the server registry (Network Registry), the task was completed in a couple of minutes. You may also have situations:

• You need to see if the required registry key appeared after applying the group policy that you made
• Add rights for a specific group, for example, make them administrators or allow them to connect through the Windows assistant
• Disable firewall
• Delete bad registry key
• Much more, almost any change in settings, the main thing is to know where to look

Algorithm for connecting to the remote Windows registry

Suppose that I have a domain controller in my Active Directory domain from which I will try to connect to the RDCB01 server registry, where I will look at the registry keys and fix something. What we do, we press simultaneously the key combination WIN + R.

This will open a Run window where you must enter regedit.

As a result, you will be presented with the Windows Local Registry Editor window.

Now, in order for us to connect to the registry of another computer or server, you need to select the menu file where you need to find the item ""

In the "Enter the names of the selected objects" field, specify the DNS name of your remote server, in my example this is a server running Windows Server 2019 under the name RDCB01 and click check the names, if everything is fine, an underscore will appear under the name, which means that a server with this name. Click ok and try to connect the Windows network registry.

At the time of connection, if there are network problems or a firewall on the side of the remote server, then you can see the following warning:

Unable to connect to server. Make sure the computer is plugged in, enabled for remote control, and that the remote registry service is running on both computers

If you know for sure that the remote computer should respond to network PING packets, then we will try to check its availability, to do this, open a command prompt and enter:

ping rdcb01 (Your server name)

If you see that "Request timed out", then this means that the server is not available, provided that, as I said PING packages do not lock firewall. If you see the TTL response time, then this means that the server is available over the network and you can interact with it to enable the required service remotely

As the error wrote to us above, the remote registry service must be running on both computers. On the command line, you can check the status of the given service by typing:

sc query RemoteRegistry

As you can see in my example, it has a STOPPED status.

The same can be viewed through PowerShell

Get-Service RemoteRegistry | FL

let's start the remote registry service locally.

Get-Service RemoteRegistry | Start-Service

You can also immediately check the availability of the service on the remote computer:

Get-Service -Name "RemoteRegistry" -ComputerName rdcb01

If your request is blocked by a firewall on the other side, then you will see this message, but do not rush to get upset, you can either disable it locally, or if you have administrative rights to the remote system, then we will do it remotely, more on that below.

Now let's try to start this service on the remote server RDCB01, to do this, open the Run window and enter the services.msc command in it and press Enter, you will see the service snap-in.

We click on the services and from the context menu select the item "Connect to another computer"

Specify the name of the computer and click "OK".

If the firewall does not block the connection, then you will see a successful operation, if it blocks, you will see an error:

Failed to open the Service Control Manager database on the server. Error 1722: The RPC server is unavailable

There are several reasons for the "1722: RPC Server Unavailable" error:

• Two services are not running on the remote computer " DCOM Server Process Launcher" and " Remote Procedure Call (RPC)". I want to note that these services are started automatically when the system starts.
• A firewall is blocking you, it does not allow remote control of the service. This set consists of three ministries. b:

1. Remote Service Management (RPC-EPMAP)
2. Remote Service Control (Named Pipes)
3. Remote Service Control (RPC)

Let us enable these rules remotely, I remind you that for this you have must have local administrator rights on the remote computer, it is clear that you can enable them locally, but the machine may be in another city or country. Once again, Mark Russinovich and his set of utilities sysinternals come to our aid. From this set, we need the PSTools utility, which will allow us to remotely start the service and, if necessary, add a rule to the firewall.

download PSTools from Microsoft website https://technet.microsoft.com/ru-ru/sysinternals/pstools.aspx?f=255&MSPPError=-2147217396

Download this archive with utilities, unpack it to the location you need. Now holding down the Shift key, right-click on the folder with utilities and select "Open command window" from the context menu.

Enter the following command:

PsExec.exe \\ IP address or DNS name of the computer -u domain \ login -p password cmd

My example: PsExec.exe \\ rdbc01 -u root \ Administrator -p password cmd

I can see a successful command line connection on the remote computer RDCB01, where the PsExec.exe service is currently running. Now on the remote system I can do whatever I want.

You can temporarily disable the firewall on the remote computer to configure the services:

netsh advfirewall set allprofiles state off

then turn netsh advfirewall back on set allprofiles state on (Be sure to turn it on after the settings)

There it will be like this:

Next, I advise you to enable on the firewall in the section "Allowing interaction with applications or a component in the firewall", the set of rules "Remote service management", this will allow you to cling to the "Services" snap-in on another computer

How to deny access to the registry?

Greetings, today we will talk about another setting of the windows operating system, which will not allow users who have access to our computer and laptop , change our .

There is no need to explain what a registry is. Even small changes to the registry can cause tremendous damage to the system. But even small and correct steps taken by households and colleagues cause certain inconveniences. Renaming shortcuts, creating folders, missing menu items and other external changes are not to everyone's liking ... Let's try the systems.

STRAIGHTAWAY

We will work with administrator rights.

If you have administrator rights installed on your computer, it is not difficult to deny access to the registry. For this (and not only for this) there is a utility for the Group Policy Editor. You can also deny access to the registry by adjusting the registry itself.

How to deny access to the registry? We work at GPEDIT.

To get into the utility, type in the windows search bar the command gpedit.msc.

Choose the following path:

User Configuration - Administrative Templates - System. On the right side of the program window, find

Double click on the setting and check the box in the position Turn on.

Now, with every attempt to start the registry editor, absolutely all system users, including you, will see this window:

How to get everything back, you guessed it. Follow the path you know and undo the changes you just made.

How to deny access to the registry? We work in REGEDIT and CMD

You can deny access to the registry using the registry itself. Run the editor as administrator. Well, we are looking for this parameter:

HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System

Didn't find it? Do not despair. Let's create it. This can be done again right here, in the registry editor or through the command console. Let's go the hard way - the result will be the same: a parameter will be created in the registry DisableRegistryTools with the meaning 1 .

To deny access to the registry through the console, run it through cmd:

Now we slowly enter the following command:

REG add HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System / v DisableRegistryTools / t REG_DWORD / d 1 / f

If the command is entered correctly, a message will appear in the window after a second Operation completed... Reboot.

When you try to start the editor, you will see a window again with a message stating that the administrator has prohibited the launch of the editor. Even as an administrator, all attempts to make changes to the registry structure from the console will end with this message:

To activate access to the registry, you need:

• Open command console (cmd from admin)
• Enter the command:

REG add HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System / v DisableRegistryTools / t REG_DWORD / d 0 / f

Oh yes ... Editing is prohibited ... Restart the group policy editing utility via gpedit . msc .

Follow the path indicated at the beginning of the article User Configuration - Administrative Templates - System to find Deny access to registry editing tools. Double-click the item and select Disable. You can edit the registry again. The parameter you created DisableRegistryTools will disappear from the registry.

Working with the Windows registry isn't too difficult, especially if it's your own registry and you need to make changes or fix problems for the currently logged in user. However, sometimes, you are not the only one using your computer and you need to make changes in all accounts. Moreover, you cannot rely on other users, you need to quickly fix the problem.

Do not worry, it is quite possible to work with registry files in another PC user account from the administrator account, which will save you time, relieve you of frustration and the need to save text and configuration files containing all the necessary changes, not to mention transferring these files from one account another.

We have seen earlier how important the registry is in Windows and how changes to it affect the operation of the PC. Within an enterprise, system administrators often use Group Policy to configure, deploy, manage applications, and customize personal computers.

Regedit.exe

The RegEdit tool has already been described in the previous article, so let's focus on how to use this built-in tool to edit the registry on another computer. If you are testing a specific scenario, you can always export a copy of your registry so that you can import it later if necessary.
Open a Command Prompt window (as administrator) by searching in the Start menu, or by pressing Windows + X in Windows 8 or 8.1, and enter the following command:

C: \ mkdir c: \ Temp
Regedit.exe / e c: \ temp \ yourname.reg

In order to load another registry branch into the current one, follow these steps:

• Log on to your computer as an administrator.
• Agree to the User Account Control (UAC) warning.
• Select the HKEY_LOCAL_MACHINE branch.
• From the File menu, choose Load Registry Hive.
• Locate the required registry node file and click OK.
• Give a friendly name for the loaded registry file.

After you have viewed or changed the registry settings, unload this file by choosing Unload Registry Hive from the File menu.

If you want to connect to the registry belonging to a different user account, run the regedit.exe program as before, then open NTuser.dat from the user profile you want to access. The ntuser.dat (or NTUSER.MAN) files in Windows Vista are located in the Documents and Settings folder, in Windows 7 or later, in the user folder. Basically, you will download another user's registry node file to your PC.

• Log in as an administrator.
• On the startup screen, type RegEdit and press Enter.
• Select the HKEY_USERS branch.
• From the File menu, choose Load Hive.
• Navigate to the profile folder and select ntuser.dat.
• When prompted for a key name, enter the username as a reference label.
• RegEdit will import the user's registry data.
• After you have reviewed or made changes, select the hive and from the File menu select the option to unload the hive.

To load the same hive into RegEdit, at an elevated command prompt or in the PowerShell administrative console, enter the following command, with the account name of the loaded hive:

reg.exe load HKLM \ User "c: \ users \ User \ ntuser.dat"

Attention... With RegEdit, you can only access another user's HKEY_USERS and HKEY_LOCAL_MACHINE hives.

By default, the system hides NTuser files, so to display hidden system files, you have to change the folder property settings in the file explorer.

If you don't have any third-party tools and want to compare two registries, in the PowerShell administrative console, to start another instance of RegEdit, use the following command:

Regedit.exe –m

If RegEdit is not running, you will receive an error message. After running two instances of RegEdit, if you are using Windows 7 or later, you can use the Windows Snap feature to compare the results.

If you are not already familiar with the snapping function, use the following keyboard shortcuts:
Windows + Left arrow to snap the window to the left or Windows + Right arrow to snap to the right.

Attention... The regedit.exe -m command will work on Windows XP and later operating systems, and requires at least one instance of RegEdit to be running.

Remote administration

To activate remote administration on a PC, you need to go through several steps. The first is to open the Group Policy Editor (gpedit.msc in the search box or start screen) and go to Computer Configuration ➤ Administrative Templates ➤ Network ➤ Network Connections ➤ Firewall, then depending on how you will connect and control your PC, select either a domain profile or a standard profile.

Then you need to add permission to Windows Firewall: Allow Inbound Exceptions for Remote Control. When you do this, you will be informed that additional remote computer administration tools such as Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI) are now available to you.

You will also need to open TCP ports 135 and 445 in the firewall. To do this, in the open firewall, click on the "Advanced settings" link in the left pane, or open the administration item from the control panel, where you will see Windows firewall in the list.

In the advanced settings of the firewall, in the left pane, click the "Rules for incoming connections" link, then the "New rule" item in the right pane. You can now create a new inbound rule to allow access to ports 135 and 445.

And the last step in setting up remote administration, activating the remote PC registry service. The remote registry service is located in the Windows services panel, as an alternative to services.msc in the search box or on the start screen.

To activate the service, right-click and select "Properties" in the context menu that appears. By default, the service is disabled, but in the dialog box that appears, you can enable and start it.

Attention... To enable and start the Remote Registry service from the command line, enter: sc start RemoteRegistry. You can also configure it to start automatically when the computer boots: sc config RemoteRegistry start = auto.

Connecting to a remote registry

Before trying to get information from another computer, first make sure that the remote registry service is up and running.

If the remote registry service is running and running on the local or remote PC, you can try to connect to RegEdit over the network:

• Log in as an administrator.
• Type regedit on the start screen and press Enter.
• Agree to the User Account Control warning.
• Click on the file and select the Network Registry Connection item.
• Enter the name of the computer you want to connect to. Also, you can click the "Advanced" button and the "Find" button to get a list of all computers available on the network.
• Click OK.
• Now you will see a list of PCs and two new branches will appear in regedit: HKLU and HKU.
• After viewing or making changes, select the computer icon and from the File menu select Disable Network Registry.

If you prefer to use the command line rather than the GUI tools to enable and start the remote registry service, enter the following commands, respectively:

sc config remoteregistry start = demand

net start remoteregistry

Using Group Policy Preferences

Enterprise administrators, in their organizations, can maintain thousands of computers and servers. And manually changing the settings of each PC is very time consuming and error prone. Group Policy is a feature of the popular Microsoft Active Directory Directory (AD DS) services, allowing centralized management of resources such as user, group, computer, and server accounts.

Group Policy Preferences (GPPS) were introduced back in Windows XP. They allowed an administrator to more easily and quickly deploy and modify registry settings across multiple computers and servers in an organization. Registry parameters are just one of the possible types of settings for an administrator. Let's try to get some idea of ​​using GPPS to deploy and change registry settings in our environment.

If you are logged on to the computer's domain and have an account with administrator rights, you can use Remote Server Administration Tools (rsat) to manage AD DS from your computer. Alternatively, you can open a console connection to the server (if possible) using Remote Desktop Protocol (RDP) and run AD DS tools interactively.

Attention... You can download the version you need from the Microsoft website. There are different versions of RSAT for different versions of Windows, so find the one you need.

Now using your PC or server, you can view Group Policies and see how they can be used to manage registry settings across the enterprise:

• Using a PC, with RSAT or RDP Server Console installed, open the Group Policy Management Console (gpmc).
• Right click on Group Policy Objects (gpo) and select New, then name it eg ModifySoftware.
• Right-click the ModifySoftware object and select Modify.
• Advanced computer configuration ➤ options ➤ Windows settings, double-click the registry icon.
• Right click on the registry and select "New".

There are three registry key options to choose from.

New option - Description

Registry Item- allows you to create one registry entry.
Collection Item- creates and organizes registry entries in a folder. Useful when you need to add a group of registry entries.
Registry Wizard- the master, as a reference, must use the local registry or connection to a remote computer. Allows you to create one or more records.

• Select Registry Wizard.
• Navigate to the desired location and configure the required keys and values ​​to import into GPP.
• Click the Finish button.
• Expand the registry entries and view them.
• By default, the action is set to update.

There are four options to choose from.

Available Actions - Description

Create- Creates a registry entry. Existing element is ignored
Update (default)- If the item already exists, it will be updated. If the item does not exist, it will be created
Replace- Deletes the existing item and creates a new one
Delete- Removes the item.

• Once you have checked the options, click the OK button.
• To connect, link the GPO to a subsection.
• Close the console.

Note... When you run Group Policy on the local computer, you are using a local Group Policy that does not contain preferences. Group Policy can be managed on systems with GPP client extensions. These extensions must be downloaded separately for Windows XP and Windows Server 2003, but are available as a built-in feature on client computers running Windows Vista Service Pack 1 (or later) with RSAT or Windows Server 2008 (or later).

Registry comparison

As we mentioned, almost everything that is installed or configured on a Windows PC is stored in the registry. With a standard software installation, you will be surprised at the scale of registry operations. Often tens of thousands of registry keys are added or changed during even a relatively small software installation. If you compare the computer registry before and after one of these events, you will see all the changes made in the registry.

It is convenient to use special utilities for efficient comparison of pre- and post-event registry snapshots. Another technique is to compare the registers of one machine and another reference machine. Some registry comparison tools are listed below.

File Compare (fc.exe) - included in Windows XP
InstallWatch Pro - installwatch-pro.en.lo4d.com/
Process Monitor - technet.microsoft.com/sysinternals/bb896645.aspx
(Windows Sysinternals)
Regshot - aplusfreeware.com/categories/util/registry.html
Tiny Watcher - kubicle.dcmembers.com/watcher/
Total Commander - ghisler.com/
What Changed - majorgeeks.com/files/details/what_changed.html
WinDiff - grigsoft.com/download-windiff.htm
WinMerge - winmerge.org

If you have been working with Windows XP for a long time, or any other version of Windows released in the last 10 years, then you are undoubtedly familiar with the Windows registry and you know that the registry is the heart of Windows. Almost every aspect of Windows can be controlled through the registry. If you know what you are doing, you can make Windows do amazing things.

On the other hand, if you do not know what you are doing (or do it with malicious intent), then you can destroy Windows by incorrectly modifying the registry. In almost every article on changing the Windows registry, you will find a note that says that you can break Windows and / or applications if you make the wrong changes, and that you need to make a full system backup before modifying the registry.

The fact is that the registry can be changed not only with positive intentions. Windows XP has a service that allows you to remotely modify the Windows registry without the knowledge of the user of the PC on which the changes are made. What do you say if you find out that this service is enabled by default? If you do not want anyone to have access to the registry of your Windows OS, then the Remote Registry service should be disabled.

Note: Before you rush to disable the Remote Registry service, you need to know what the consequences will be.

Since there are both advantages and disadvantages of disabling this service, it will ultimately be up to you to decide whether to do it or not. Decide what you need at work or at home. To help you with this, we will explain how the Remote Registry works, how to enable or disable this service, and the consequences of disabling the service.

Working with Remote Registry

As mentioned earlier, Remote Registry allows you to make registry changes on a remote machine. A small detail that can reassure a little - anyone can not remotely modify the Windows XP registry. To be able to modify the registry remotely, the user must be a member of the Administrators group on the remote machine.

To access the registry of a remote machine, you must first open the Registry Editor on your PC. After opening Registry Editor, select File - Connect Network Registry. This will bring up the Select: Computer dialog box. Enter the name of the computer you want to connect to and click OK. After that, the registry of the remote computer will open in the Registry Editor.

You should at least be careful when modifying the registry on the remote machine. Note that when modifying your registry, the first line of the Registry Editor is named My Computer, below are HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER, etc. When you open the registry of a remote computer, the My Computer entry remains, and its contents refer to your local computer. The registry of the remote computer is located below and is called the remote PC. It is important not to mix up and fix the correct registry.

Enabling / disabling the Remote Registry service

Now that we have an idea of ​​working with the Remote Registry, let's try to disable this service. Disabling the Remote Registry must be done directly on the computer where you want to disable remote access.

First, open the Control Panel, and select the Administrative Tools icon, then click on the Services icon.

The Service Control Manager opens and displays a list of all available services. Scroll down the list and find the Remote Registry service. Right-click on the Remote Registry row, then select Properties from the menu. In the window that appears, click the Stop button to stop the service. Now, in the Startup type drop-down menu, set the value to Disabled. Click OK, now the Remote Registry service is disabled, and no one can remotely modify the registry of your system.

If you later need to re-enable this service, open the Service Control Manager again, right-click on the Remote Registry row, then select Properties from the menu. In the Startup type drop-down menu, set to Auto, click Apply, then click Start and OK. The Remote Registry service is running again.

Note that the Remote Registry service depends on the Remote Procedure Call (RPC) service and if it is not enabled, you cannot enable the Remote Registry.

Consequences of disconnection

At the beginning of the article, I mentioned the consequences of disabling the service. In 99% of all cases, disabling the Remote Registry will not cause any problems. There are very few applications that depend on this service.

It should also be remembered that after disabling the Remote Registry service, you will lose the ability to remotely control the machine. Sometimes you have to configure computers that are at very remote distances (another city, another country). You need to realize that you will not be able to access such a computer, unless, of course, you personally go to where it is located.