Hi all,

Some of our teachers want to be able to look at the registry for teaching purposes. I've tried different settings in group policys, but I haven't found a way to make the registry "view only", and thought that maybe someone here could help. Any ideas is appreciated.

Regards, Per

Quote from Registry help

To assign permissions to a registry key
Open Registry Editor.
Click the key to which you want to assign permissions.
On the Edit menu, click Permissions.
Assign an access level to the selected key as follows:
To grant the user permission to read the key contents, but not save any changes made to the file, under Permissions for name, for Read, select the Allow check box.
To grant the user permission to open, edit, and take ownership of the selected key, under Permissions for name, for Full Control, select the Allow check box.
To grant the user special permission in the selected key, click Advanced.
If you are assigning permissions to a subkey and you want the inheritable permissions assigned to the parent key to apply to the subkey also, select the Inherit from parents the permission entries that apply to child objects. Include these with entries explicitly defined here check box.
Caution

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.

Why do you want let babies to toy a whole of razor-blades with?

IMHO your question is an unsolvable one.

Gcrook:

Thanks a lot, just what I'm looking for. I'm a little angry with myself that I didn't find it on my own. Once again thanks, I will look into a way to implement this.

Regards, Per

josefz:

What we're talking about here is teachers in our school environment that are having "operating system" courses. They want to be able to show the students at least what the registry "looks like", so to say.

The teachers are pretty heavily locked down as it is, and believe me, I do not want them fooling around with the registry, but this is less than a handfull of teachers, and they know what they are doing. I just want to be on the safe side with this.

I understand your concern though.

Regards, Per

I need to apologize for my gall. But there exists no way to do the trick you are looking for, absolutely and finally.
The registry editor (in its interactive using) is same the most violent, same the most dangerous tool, according to crucial importance of the Registry.
E.g. manipulating a plain text file is more safe.
"View" contra "Edit" ability, "undo" facility, "Save" contra "Cancel" button, et cetera, et cetera, all missing when manipulating the Registry.
Difficult resumption, at all events.

Gcrook's advice seems to be unserviceable: I guess you need to restrict an user from interactive changes (allowing read only view, or taking a look), whilst all other permissions need to be intact still and forever.

We all are looking for that, but... maybe there exists a third company program - registry viewer? Google it... Yes, <a target="_blank" href=http://www.winguides.com/software/display.php/28/>bingo!</a>

My advise is to save it each time every day.. I found a useful program called erunt

http://www.majorgeeks.com/download1267.html

Sometimes, even experienced user will mess it up before they know it...

Back it up!

*** Sometimes Helping is a way of Learning! ***

Take to heart, scoff at, or ignore - as you like. Just throwing out an opinion for your consideration.

In my school district I used to really worry about protecting the machines and locking everyone down. But after a few years I realized that protecting the machines from vandalous users, stupid users, careless users, and plain ignorant users was pointless. It seemed like I never made any headway.

So, I changed my security strategy. Now I focus on protecting the network and forget about the individual machine. Let the monsters trash the systems if they want. No skin off my back. But I keep my servers protected and try to bottle the users up in as small a network segment as I can. I maintain a library of hdd images - and try to keep them up to date - so when a system is FUBAR I just Ghost it. Personal files and work is stored on the file servers so it's no loss. In fact, I periodically wipe out the user files on the machines when they start to get a little lazy about saving to the local "My Documents", just to reinforce the use of the file servers.

My stress level and aggravation is much lower now. /images/forums/icons/smile.gif


Josh

<font color=red>NEW!
IMPROVED!
SOON TO BE NEGLECTED AGAIN!</font color=red>
<a target="_blank" href=http://www.jdharm.net>www.jdharm.net</a>

Thank you all for your input, I will take it into concideration - and josefz, thanks for the link to the program, from first look it seems interesting.

Josh: I see your point. We don't want to totally lock down the computer neither. There are settings that the users aren't allowed to change (naturally), but as you say, it's often much easier to wipe the whole hdd.

Regards, Per