In certain circumstances, it may make sense for the administrator to prevent Windows users from accessing the Windows registry . Microsoft has specially introduced a group policy that prevents this type of access to the registry.
You can find this group policy in the group policy editor under the following GPO branch.
User Configuration / Administrative Templates / System
There are numerous subgroups and GPOs in this branch. The decisive group guideline is called
Prevent access to registry editing programs
We have shown this to you below.
Microsoft has released the following information about this GPO.
Deactivates the Windows registry editor “Regedit.exe”.
If you enable this policy setting and the user tries to start Regedit.exe, a message appears stating that the action cannot be performed due to a policy setting.
If you disable or do not configure this policy setting, users can run Regedit.exe regularly.
Use the ” Run only allowed Windows applications ” policy setting to prevent users from using additional management tools.
If you now activate this GPO, users will no longer have access to the registry . If you nevertheless try to start the registry editor “regedit.exe”, the following message appears.
The exact message is then:
The administrator has deactivated the editing of the registry
This means that Windows users can no longer make any changes to the registry . However, this also applies to administrators, who are not excluded from this setting.
Finally, we have listed other ways for you to restrict certain rights of users .
– Prevent installation of USB removable devices via GPO in Windows 10
– Prevent involuntary moving of folders or files
– Prevent access to “Programs and Features” – Prevent
changing the screen saver in Windows
– Prevent Microsoft Edge from loading automatically every time Windows starts
– Task -Manager lock or deactivate and prevent call
– Prevent execution of the MS-DOS command prompt (CMD)
– Prevent driver update via Windows updates in Windows 10
