IT Knowledgebase
< All Topics
Print

How to Disable Access to the Windows Registry

Messing around in the Windows Registry can cause all kinds of problems if you’re not careful. If you share your PC with others, you can prevent less experienced users from accessing and editing the Registry.

When you share a PC with other people, it can be really helpful to lock down certain aspects of Windows. For example, we’ve talked about how to prevent users from shutting down Windows and how to disable the Control Panel and settings interface. You can also disable access to the mother of all administrative tools—Registry Editor—if you’d prefer not everyone be able to get into it. Here’s how.

Home Users: Disable Access to the Registry by Editing the Registry

If you have Windows 7, 8, or 10 Home, you will have to edit the Windows Registry to make these changes. You can also do it this way if you have Windows Pro or Enterprise, but just feel more comfortable working in the Registry. (If you have Pro or Enterprise, though, we recommend using the easier Local Group Policy Editor, as described in the next section.)

Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes.

Before you get started editing the Registry, you’ll need to take two steps:

  • If the user account for which you want to restrict the Registry is a standard account, you’ll need to temporarily change it be an administrator account. This will allow you to make the changes you need to make. And we’ll remind you to change it back again after it’s done.
  • You’ll need to sign in as the user you want to make changes for, and then edit the Registry while logged in to their account.

And if you have multiple users for whom you want to make changes, you’ll have to repeat those two steps for each user.

After signing on as the user you’re making changes for, open the Registry Editor by hitting Start and typing “regedit.” Press Enter to open Registry Editor and give it permission to make changes to your PC.

In the Registry Editor, use the left sidebar to navigate to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Next, you’ll create a new value inside that System key. Right-click the System key and choose New > DWORD (32-bit) value. Name the new value “DisableRegistryTools.”

Next, double-click the DisableRegistryTools value to open its properties window. Change the value from 0 to 1 in the “Value data” box and then click “OK.”

You can now exit Registry Editor. The changes take place immediately and you can test them by simply trying to open Registry Editor again. You should get an error message. Now, you can sign out as that user, sign back on with your administrative account, and change that user’s account back to a standard account if that’s how it was before.

If you ever want to reverse the changes, you’ll need to sign back on as that user—changing the account to administrative one if it’s not already—and open up the Command Prompt with administrative privileges, since you won’t be able to access the Registry. At the prompt type the following command: reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /t Reg_dword /v DisableRegistryTools /f /d 0

This command changes the DisableRegistryTools value from 1 back to 0. Alternatively, you can use the downloadable hack we detail in the next section.

Download Our One-Click Registry Hack

If you don’t feel like diving into the Registry yourself, we’ve created two downloadable registry hacks you can use. One hack disables access to Registry Editor and the other hack enables access. To use them, you’ll need to follow these steps:

  1. Change the user account for which you want to disable the Registry to an administrator account, if it isn’t one already.
  2. Sign on with the user account for which you want to make changes.
  3. Double-click the hack you want to use and click through the prompts.
  4. Sign out and then sign in with your administrative account.
  5. Change the user account you made changes for back to a standard account if that’s how it was set up before.

Both hacks are included in the following ZIP file.

Disable Registry Hacks

In the setting’s properties window, click the “Enabled” option and also make sure the “Disable regedit from running silently” option is set to “Yes.” When it’s allowed to run silently, users can still apply preconfigured REG files by executing them from the command line with a silent option. When you disallow this option by selecting “Yes,” users will not be able to make any changes to the Registry. When you’re done, click “OK.”

You can now exit the Local Group Policy Editor. Changes should take place immediately. To test it, just sign in as one of the affected users and make sure you can’t start Registry Editor. To reverse the change later, just go back to the same “Prevent access to registry editing tools” setting and change it back to “Not Configured.”

Messenger