Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
From: Thorsten Kampe <thorsten AT thorstenkampe DOT de>
Subject:  Re: AllVersions: Running Cygwin X w/ Registy Entries
Date:  Fri, 28 Oct 2005 08:33:31 +0100
Lines: 43
Message-ID:  <17we2d2wr0hxk.1qkecqkwgo8z2$.dlg@40tude.net>
References:  <SERRANOzxTs53iVdGJ500000268 AT SERRANO DOT CAM DOT ARTIMI DOT COM> <4360A51E DOT 9030106 AT equate DOT dyndns DOT org>
Mime-Version:  1.0
Content-Type:  text/plain; charset="us-ascii"
Content-Transfer-Encoding:  7bit
User-Agent: 40tude_Dialog/2.0.15.1
X-IsSubscribed: yes

Dave,
Chris,

* Chris Taylor (2005-10-27 10:59 +0100)
> Dave Korn wrote:
>> Thorsten Kampe wrote:
>>>* Chris Taylor (2005-10-26 17:38 +0100)
>>>>Problem with that is that if the sysadmin knows what he's doing, it only
>>>>takes about 4 seconds to block off almost all possible ways of actually
>>>>editing the registry...
>>>
>>>Definitely not. 
>> 
>>   Oh yes it does.  Start->Run->regedit.  Right-click the user's tree under
>> HKEY_USERS, choose Permissions, remove their write access leaving them a
>> read-only per-user registry tree.  Easily done in 4 seconds by an experienced
>> BOFH, and can't be reversed without admin rights!
> 
> Thankyou for proving my point Dave.
> Does anyone else feel Thorsten should let this go now, before we all 
> lose any semblance of respect for him as a person? (Or did that already 
> happen to the rest of you?)

You and Dave actually tried that, didn't you?! Of course you did -
because, as Dave pointed out in [1]: "There's an important point here.
Before claiming that a piece of software does or does not exhibit a
certain behaviour, DON'T JUST GUESS - TEST IT AND SEE!"

The bad news is that your whole scenario is absolutely pointless. The
registry key under HKEY_USERS is only dynamically loaded from the
user's ntuser.dat while he's *logged on*[2].

So an experienced BOFH couldn't just "Right-click the user's tree
under HKEY_USERS, choose Permissions, remove their write access
leaving them a read-only per-user registry tree" BECAUSE THERE IS NO
SUCH KEY UNDER HKEY_USERS!!

It's easy to verify that if you look at [3].

T.
[1] http://permalink.gmane.org/gmane.os.cygwin/70828%3E
[2] except systemprofile, LocalService and NetworkService which are always loaded
[3] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/