Hi
Elevate registry and allow changes only to particular section in registry HKEY_LOCAL_MACHINE\SOFTWARE\xxx and nothing else. So we know we can elevate any .reg files but we need to control because anyone can add anything into the reg file and do changes in registry. So is there any way to do this?
+4
I believe you could block the usage of 'regedit' and allow the input of registry keys only by PowerShell or CMD with the following command line: REG ADD HKCU\Software\MyNewAppKey /v EnableFeature /t REG_DWORD /d 1 /f.
Then you create the rule allowing only that specific command line, as long as you know the command line and have te .reg allowed you would have a fully granular controll of the register key.
To me, it seems the most compatible way you could do it.
I believe you could block the usage of 'regedit' and allow the input of registry keys only by PowerShell or CMD with the following command line: REG ADD HKCU\Software\MyNewAppKey /v EnableFeature /t REG_DWORD /d 1 /f.
Then you create the rule allowing only that specific command line, as long as you know the command line and have te .reg allowed you would have a fully granular controll of the register key.
To me, it seems the most compatible way you could do it.
actually the reg file that needs to run elevated, has couple of entries for different applications that the app team needs to use. so it will be difficult for the app team to run each line as a command
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\xxxxx\yyy1]
"name_df"="RED" → similar to this , the reg file has 20 entries in it..
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
