SECURING THE REGISTRY

In order to secure the Registry, it may be necessary to obtain a fully encrypted file or distributed COM or the Distributed Component Object Model (DCOM, formerly Network OLE) object for which Windows NT software developers have the key. When dealing with networks, only approved administrators should have that key. But, most importantly, this access key should not rest in the users' hands. While it still may be appropriate to allow users to install certain versions of software to meet their individual needs, they should continue doing so by employing Wizards and property sheets which decrypt the Registry, but maintain the Registry's basic core intact.

Many property sheets display too much Registry information. Therefore, even a system administrator can tell you what each entry on a property sheet means. A property sheet is a good example of software that offers too many options. Each of the settings on this sheet has an associated Registry entry. Yet, hardly any of them really need be shown to users. In addition, the passwords that are displayed need to be password-protected, even if the password is for the version across the entire network. Protecting your registry is paramount to protecting your system.

In order to maintain a tight control over settings and Registry changes, Microsoft permits Windows Explorer to view a system's architecture directly. While this method will employ password protection, a user who right clicks on a plus sign would be able to access the hardware resources underlying the services...