How to Disable Access to the Windows Registry for Standard Account?

Kevin ArrowsUpdated on March 9, 2023
Kevin is a certified Network Engineer

The Windows Registry is a database that stores low-level settings of your operating system and applications. It has keys and values that are similar to the folder and files. However, doing a wrong configuration in the Registry Editor can cause issues in the system. Therefore, an administrator can disable the Registry Editor from standard users that have less knowledge about the registry. In this article, we will show you methods through which you can disable the Registry tools on your system.

Disabling Registry Editor

Disabling Access of Registry through the Local Group Policy Editor

The Local Group Policy Editor allows users to configure and manage the setting for the operating system. The setting for disabling the Registry tools can be found in the user configuration category of the Local Group Policy Editor. You can configure this setting in the standard account’s Group Policy.

However, GPO isn’t available in the Windows Home versions. If you are using the Home version of Windows, then skip this method.

  1. Press the Windows + R key combination to open a Run dialog and then type “gpedit.msc” in it. Press the Enter key to open the Local Group Policy Editor and choose the Yes option when prompted by UAC (User Account Control).
    Opening Local Group Policy Editor
  2. In the User Configuration category, navigate to this path:
    User Configuration\ Administrative Templates\ System\
    Navigating to the setting
  3. Double-click on the setting named “Prevent access to registry editing tools” and it will open in another window. Now change the toggle option from Not Configured to Enabled and choose the Yes option for running silently option.
    Note: Choosing No from the list will allow users to apply registry keys via a preconfigured .REG file.

    Enabling the setting
  4. Click the Apply/Ok button to save the changes. This will disable the Registry for that user account.
  5. To enable it back, you will need to change the toggle option back to Not Configured or Disabled in step 3.

Disabling Access of Registry through the Registry Editor

The Registry Editor can also be disabled in the Registry Editor itself. The user will be required to create the missing key and value for this specific setting. However, make sure you are using this method for a standard account. That is because, you will need an administrator account to enable it back, otherwise you will just lock yourself up.

Important: Make sure you are applying the below steps for a standard account and not an administrator account.

  1. Press the Windows + R key combination to open a Run dialog and then type “regedit” in it. Press the Enter key to open the Registry Editor and choose the Yes option when prompted by UAC (User Account Control).
    Opening the Registry Editor
  2. In the Current User Hive, navigate to the following key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  3. If the System key is missing under Policies, then create it by right-clicking on the Policies key and choosing the New > Key option. Then name that key as “System“.
    Creating the missing key
  4. In the System key, right-click on the right pane and choose the New > DWORD (32-bit) Value option. Now name this value as “DisableRegistryTools“.
    Creating a new value for the setting
  5. Double-click on the newly created value, change the value data to 2, and Base to Decimal. This will enable the value and choose the Yes option for running silently.
    Note: If you want to choose No option for running silently, then change the value data to 1 (Decimal).

    Enabling the value
  6. Finally, make sure to restart your system to apply the changes that you just made.
  7. To enable the Registry Editor for that standard account, you will need to log on to another administrator account. Then open the same value, change the value data to 0 or simply delete the value.

Disabling Access of Registry through Third-Party Application

There are also some third-party applications that allow users to restrict folders and files on their system. There are several different applications with different features and reliability for this purpose. You can use the one that you are familiar with. In this method, we will be using the Protect My Folder application to demonstrate the idea of disabling access to the Registry on your system. Follow the below steps to see how it works:

  1. Open your browser and download the Protect My Folders application. Install it by following the instructions provided.
    Downloading the application
  2. Open it up and click on the Add/Lock button.
    Adding a new program to lock
  3. Now navigate to the path of the regedit.exe, select it, and click on the Add button. Once added, click on the Ok button.
    C:\Windows\regedit.exe
    Selecting regedit.exe and locking it
  4. This will lock the regedit.exe from running on the system. The users will be unable to run it anymore.
  5. You can enable Registry back by opening the application, selecting the regedit.exe, and clicking on the Unlock button.
Tags
Kevin ArrowsUpdated on March 9, 2023
Kevin is a certified Network Engineer
ABOUT THE AUTHOR
Photo of Kevin Arrows

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.