COMMAND

    some registry permissions

SYSTEMS AFFECTED

    Win NT

PROBLEM

    Kirill V. Ermakov posted following.   Some keys of the Windows  NT
    registry have  not strong  secure permissions.   Namely many  keys
    under HKLM\Software\Microsoft have ACE for the Everyone group with
    Set Value and  Delete access rights.  So every authenticated  user
    can delete, for example, the following subkeys: Computer  Browser,
    DHCPServer, LanmanServer, LanmanWorkstation,  and so on...   After
    this  the  system  remains  fully  functional  but  becomes almost
    nonconfigurable.

    To check this you  may do the following  (ONLY on a TEST  system).
    Log on  as an  ordinary user.  Start Regedt32  and delete  all the
    subkeys of HKLM\Software\Microsoft key  that you are permitted  to
    delete (almost all of them). Then log off, log on as administrator
    and start Network application from the Control Panel. You will see
    the  empty  lists  on  the  Services,  Protocols and Bindings tabs
    although  network  protocols  are  loaded  and  services are still
    running.

SOLUTION

    Microsoft recommends to change Everyone group permissions to  Read
    for some subkeys of HKLM\Software key but doesn't mention anything
    about the above listed.  URL is:

        http://www.microsoft.com/ntserver/info/secure_NT_con.htm