Hi Thomas,
I don't mean to block entire regitry. I only need to block access to certain keys. Blocking HKEY_CLASSES_ROOT was just my experiment.
The real scenario is that I need to block write/modify access to a set of registry entries, for each entry I would like to protect the Key and everything under it. One example of such entries is as below:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}]
@="WMSDK NamespaceFactory Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\InprocServer32]
@="C:\\WINDOWS\\system32\\wmnetmgr.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\ProgID]
@="WMSDKNamespace.NamespaceFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\TypeLib]
@="{4f15a451-b14f-4067-8b78-50e7837148d2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\VersionIndependentProgID]
@="WMSDKNamespace.NamespaceFactory"
In order to accomplish that, I setup the following settings in SEP11 registry protection:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\*
Then I open up the Regedit and try to mess up the entry. And the result is:
1) The key is completely protected from HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
2) But from HKEY_CLASSES_ROOT\CLSID, only Values are protected but NOT Keys. I can delete any Keys I want including the head {203b1eed-db9f-40fb-87bd-1990982017d2}. But I can not delete any Values under the Key.
3) Of course if you deleted the key from HKEY_CLASSES_ROOT, the entry also disapeared from HKEY_LOCAL_MACHINE
So the question is how do I get this work? I am wondering if I did something wrong here?
This issue is getting hot. So could you please take a look?
Thanks,
Hung.