LES! Posted December 8, 2007 Share Posted December 8, 2007 I believe that most security guides recomemend thatHKU\.Default\Software\Microsoft\SystemCertificates\Root\ProtectedRoots have these permissions. Administrators-Full, System-Full, Users-read. As the system boots and WinDefender loads, I believe the MsMpENG.exe resets the permissions on this key to Everyone_Read, System-Full. Is there a method to change this behavior?I am using Windows XP pro that is updated through November 2007. By testing, I know the key permission is not reset on boot, if Windows Defender is not loaded on boot. The NSA Guide (C44-026-02) pg 71 (pdf pg 86)shows settings.NSA GuideThank you. Link to comment Share on other sites More sharing options...
cluberti Posted December 8, 2007 Share Posted December 8, 2007 Why would Administrators need anything other than read access to this key? You should only be adding things here if you specifically need to lock down the CA chain for your users, and even then, you can (and should) start regedit from a command prompt running as the SYSTEM account anyway. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now