This weeks setting is another is another oldie but a goodie that is commonly used to lock down SOEâ€™s so that users can use the registry editor. It is called â€œPrevent access to registry editing toolsâ€ which us a user setting found under User Configuration > Policies > Administrative Template > System and will work on all platforms since Windows 2000.
The affect is pretty simpleâ€¦ It stops users from running regedit.exe so they cant make registry changes to their computer or profile. This will also work even if a user take a copy of the regedit.exe command and rename it to something else.
If you select â€œNoâ€ for the â€œDisable regedit from running silently?â€ this will allow user to apply registry keys via a preconfigured .REG file using the â€œregedit.exe /sâ€ silent switch so make sure you select â€œYesâ€ unless you need to this back door for something like a logon script.