Remote Registry Service
|
Service Name |
RemoteRegistry |
Process Name |
svchost.exe -k LocalService |
|
Default Settings |
XP Home
: Not Available |
XP Pro
: Automatic |
|
Microsoft Service
Description |
Enables remote users to modify registry settings on this
computer. If this service is stopped, the registry can be
modified only by users on this computer. If this service is
disabled, any services that explicitly depend on it will
fail to start. |
|
Dependencies |
Remote Procedure Call (RPC) |
|
|
Real World Description |
Do -you- want someone editing -your- registry remotely? I
didn't think so. Disabled. |
|
Is this service needed? |
Possibly
|
Recommended Setting: |
Disabled
|
|
Note |
Updated to reflect SP2
changes. 1/26/2004 - I've received a
number of e-mails from readers saying I should reconsider
the "Absolutely Not" rating I originally posted for this
service. The 1/26/2004 from Patrick, shown below, is typical
of the ones I've received, so for the time being I'm
changing the recommendation to "Possibly" and will continue
to monitor the e-mail for additional responses on whether it
should be downgraded again.
06/29/2005 - I have once
again changed the Recommended Setting to Disabled and
suggest you scroll down and read the notes sent in by TEG
site visitors. I'm going to leave the "Possibly" in place
rather than change it to an "Absolutely Not" scenario, but
in 99% of the situations most are likely to encounter, the
dangers of having it enabled far outweigh the benefits.
|
[ Back ] [ Up ] [ Next ]
Last Updated:
08/19/2008
1/15/2003 - A note from Christopher
N. regarding Remote Registry service.
I have
found one program that requires that the Remote Registry Service to be active
and that is StatScanner, just thought I'd let you know as I've never seen any
other program that required it.
09/01/2003 - A note from Leif B.
regarding Remote Registry service.
I was browsing
MicroForge's products, and ran across one that requires the
Remote Registry Service to be running.
It's a tool for a network
administrator to allow them to remotely audit the
company's client machines. Not a reason for the average home user
to
enable Remote Registry Service, but a corporation might want to
have the
service set to Automatic.
Leif
01/26/2004 - A note from Patrick regarding Remote Registry
service.
Hello. I have been using your guide on services to
cut down on the number of services XP loads. My only comment is
that you should change whether the remote registry service is needed
from "absolutely not" to "maybe possibly". The reason is that if
you turn that service off you can no longer remotely access the
registry. I know you think this is a good thing, but truthfully, it
is not. If someone were to ask a professional or friend for remote
assistance, the person accessing the computer would not be able to
access important registry settings. In my case, I sometimes daily
will remote desktop into my computer at home from work, and I have
found myself often accessing my registry for whatever reasons.
So, I think you should throw this one in the
category of remote desktop/remote assistance users.
By the way, the only people that can access this you
have to set up with user/pass. So I think it is pretty safe. but
maybe not for the typical end user.
Regards,
Patrick
06/23/2005 - A note from Alex regarding Remote
Registry service.
I had trouble with locating this as a thread in
the forums, so I will resort to email in the hopes my commentary
will still be useful to others. This is in reference to comments on
the remote registry service in more recent versions of windows. I'm
sure others have probably responded to this in numbers, but
hopefully some of these points will be new to you.
In regards to the comments of "Patrick" [ see
previous entry - Jim/TEG ] in your article, I
am pretty sure that the Remote Registry Service is NOT used by the
RDP/Terminal Services Client subsystem. Commands run in an RDP
session are treated as local to the machine you are connected to.
You can run regedit from within an RDP session, and this is probably
a much better idea as you can still do this with the Remote Registry
Service disabled.
The Remote Registry Service is generally only used by applications
that need to directly access the registry via RPC. It is not really
an end user interface, it's for programmers and admins. This is a
really dangerous service and should only be allowed if it is
absolutely needed. There have been numerous security issues with
this system, and the underlying RPC/DCOM subsystems make privilege
exploitation attacks likely in the future.
Considering there is not an adequate default security and
permissions infrastructure in place in the registry to limit access
from remote users, disabling this by default is probably a better
policy. Otherwise you may give out access to allot more than you
expected, including the local systems username and password data and
other sensitive information.
If memory serves, in many versions of windows this allows
essentially unrestricted anonymous access to the registry across the
network. Recent versions have (hopefully) improved this a bit, but
it's still a high risk service.
If someone knows enough to program RPC safely they should be able to
figure out how to enable this service as needed (assuming they have
legitimate access rights in the first place).
At the end of the day it's your site of course. (and a good one
IMHO). I'm not sure if you hold a "never recommend to disable if it
could break ANYTHING" policy. If you don't want to change the
recommendation to disable, a clear warning about it's dangers is
certainly in order, which you seem to have covered.
-Alex
I was just reading this
http://www.theeldergeek.com/remote_registry.htm
and in doing some additional research, I think you might add to your
site that Symantec Antivirus seems to need this service running. See
Error: "501- Remote registry access denied. Scan not performed" when
attempting to scan a client or do a search for Remote
Registry Service on Symantec's web site.
|
