Back

Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary.


CONTROL ID
01823
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Windows Registry is a database that controls how every item on your computer functions. Remote registry allows that database to be seen by the rest of the network. Because of the importance of the system registry, this service should be Disabled. The permissions on this service should also be Admini… (§ 4.1.10, The Center for Internet Security Windows 2000 Professional Benchmark, 2.2.1)
  • The Windows Registry determines how everything behaves on the computer. It is Enabled by default on all Windows computers. This should be Disabled to prevent remote access to the system registry. (§ 4.1.10, The Center for Internet Security Windows 2000 Server Benchmark, 2.2.1)
  • The organization must only enable Remote Registry Service if absolutely necessary. By disabling this service, you are cutting any ability for support personnel or domain administrators to remotely manage your computer unless there is another application already installed on your computer to allow th… (§ 4.1.1.14, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
  • Table F-1: For Windows 2000 Server, the organization must configure the permissions for Remote Registry Service to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. Table F-2: For Windows 2003 Server, the organization must configure the permissions for Remote Registry S… (Table F-1, Table F-2, Table F-3, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Remote Registry Service should be defined by organizational policy. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • For all Windows XP environments, this service is Not Defined. (§ 6.5, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)