CA ControlMinder lets you protect entries in the Windows registry.
You provide protection to a registry key by assigning a resource of class REGKEY to the key. You can then specify access authorities on the key, as with other resources.
Specifying access rights on a key does not affect access to subkeys of the key, except for enumeration (listing) of subkeys, which requires read access to the key.
CA ControlMinder only supports the REGVAL resource in the AC environment on Windows Server 2003 and subsequent Windows systems. On these systems, CA ControlMinder protects registry values with the REGVAL class, and the REGKEY access authorization does not affect access to the key's values.
On earlier systems, CA ControlMinder does not support the REGVAL resource in the AC environment and the access authorization applied on a REGKEY record does affect access to the key's values.
REGKEY and REGVAL records have identical structures. Each record contains the following access control lists:
REGVAL and REGKEY records both allow the same access types, which are as follows:
Note: CA ControlMinder registry protection does not protect the registry operations of loading and unloading a hive. On Windows Server 2008 and subsequent systems, CA ControlMinder returns a value of REG_NONE if an accessor tries to access a protected registry value with access NONE. A value of REG_NONE confirms that a value is present but does not specify what the value is.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|