- slide 1 of 3
Windows Registry, as the name suggests, is a small but very important organized register and information book that keeps data regarding the operating system, its users, system policies, and other key values. This data may often need changed in different situations, by either the users or the administrator of the system. In order to make changes to the already stored values, an editing tool by the name of “Registry Editor" has been provided in all versions of Windows since its inception, i.e. from version 3.x until now. The executables that enable editing registry values in a system are known as regedit.exe or regedit32.exe.
One should always be very cautious while playing with the registry values. Since Registry Editor (RE) provides an interface to the internal mechanics of the system, meddling with the registry entries can prove to be disastrous if done by an inexperienced user as an unbootable system could result.
- slide 2 of 3
Disabling Registry Editor
In order to make sure that Registry is not accessible when necessary, all versions of the Windows OS including XP, Vista, Server 2003 or 2008, and others allow the administrator to disable Registry Editor.
Following are the different methods for disabling the registry editor, choose either of these:
1. To disable access to the user currently logged in, do the following:
a. Go to RUN, type in “regedit" (for Windows Vista and 7, type "regedit" in Start Search instead). Click on OK.
c. Right-click on the empty space, choose Key in New and then name it System.
d. At the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System, right-click, choose DWORD Value in New and name it DisableRegistryTools.
e. Finally, set the value for DisableRegistryTools to 1 to disable the RE.
2. For disabling access to all user accounts in the system, follow this:
Repeat all of the above 5 steps while replacing HKEY_CURRENT_USER to HKEY_LOCAL_MACHINE.
3. Using Local Group Policy Editor
Before, we use the Group Policy Editor, we need to download and run a file, which will add some extra options in the GPE. To download the file, go to this website, scroll down to the bottom and choose the appropriate file (you will see three files, one for Windows XP, one for Windows 2000, and the other one for Windows 2003).
Now, go to RUN, type in “gpedit.msc" to open The Local Group Policy Editor. Navigate to User Configuration then Administrative Templates then System and locate Prevent access to registry editing tools. Double-click on this and in the new window that appears, select Enabled to disable the Registry Editor access.
4. By the intrusion of a virus
Another way in which the Registry Editor can be disabled is by the intrusion of a malware, such as W32/Brontok-C.
Now once the RE is disabled, the users of the system can not access the RE. If they try to do so, the system will show the following error message “Registry editing has been disabled by your administrator" or it won’t show any message at all.
- slide 3 of 3
Enabling Registry Editor
Want to learn how to enable regedit ? Well when the Windows Registry Editor is inaccessible, it is always possible to deal with theregistry values directly and remove the policy that blocks the RE. This has to be done by an expert user of the system – one who knows how to manipulate registry values directly. Here is what you can do to enable Windows Registery Editor.
1. Using Local Group Policy Editor
For administrative users of the system, there is a provision to make changes to the registry values using the Local Group Policy Editor. Given below are the steps that can be followed by the administrator of the system to enable the RE.
a. Go to RUN.
b. Enter gpedit.msc then click OK.
c. Navigate to User configuration then Administrative Templates then System.
d. In Settings pane, find Prevent access to registry editing tools. Double-click it to open the settings dialog.
e. Select Not Configured or Disabled. Click OK .
f. Now try to execute the file Regedit.exe. You can try restarting Windows if it still doesn’t work.
2. Using Visual Basic Script:
A .vbs script file has been written by Doug Knox entitled ‘regtools.vbs’. Click here to download the file.
Executing this file enables any user, general users and administrators, to toggle between enabling and disabling the RE. The code inside this file runs to check whether the RE is enabled or not. If it is enabled, the code disables the RE and does the opposite in case the RE is found to be in the opposite state. When the change has been made, the user is asked to restart the system. All the changes are made in the following registry entry:
3. Using UnHookExec.inf by Symantec:
As we now know, the RE can also be disabled by viruses, worms or Trojans. In such cases, neither the general user nor the administrator will be able to fix the problem without help. The virus overrides the fixing code that is written in the .exe or .vbs file and users fail to enable the RE. Symantec, a renowned company that makes antivirus programs has created an .inf file called ‘UnHookExec.inf’ (click here to download it) that resets the registry values to their default settings. Once downloaded, right-click on it and select Install from the options menu. There is a downside, though, as this script file will also reset all values related to .BAT, .COM, and system files in addition to registry values. So, if a user only wishes to enable the RE, unwanted commands in the .inf file need to be deleted manually.