Group Policy Setting of the Week 14 – Prevent access to registry editing tools

This weeks setting is another is another oldie but a goodie that is commonly used to lock down SOE’s so that users can use the registry editor. It is called “Prevent access to registry editing tools” which us a user setting found under User Configuration > Policies > Administrative Template > System and will work on all platforms since Windows 2000.


The affect is pretty simple… It stops users from running regedit.exe so they cant make registry changes to their computer or profile. This will also work even if a user take a copy of the regedit.exe command and rename it to something else.


If you select “No” for the “Disable regedit from running silently?” this will allow user to apply registry keys via a preconfigured .REG file using the “regedit.exe /s” silent switch so make sure you select “Yes” unless you need to this back door for something like a logon script.

Author: Alan Burchill

Microsoft MVP (Group Policy)

4 thoughts on “Group Policy Setting of the Week 14 – Prevent access to registry editing tools

  1. 1. Go to the Group Policy Editor
    2. In That go to the User Configuration >> Administrative Templates >> System >> Prevent Access to Registry Editing Tools
    3. Then Click on the Disabled.
    4. Registry Editor will be Enabled and its cant Give the message “Registry Editing has been disabled by your Administrator”.
    5. Now you Disable Prevent Access to Registry Editing tools To your computers user.

    Or Simply Download the Application Called REGISTRY EDITOR HANDLER

Leave a Reply