You are here: Compliance Check Types > Windows Configuration > Custom Items > REGISTRY_PERMISSIONS

REGISTRY_PERMISSIONS

This policy item checks if the registry key ACL is correct. The check is performed by calling the function RegGetKeySecurity on the registry key handle.

Note: This check requires remote registry access for the remote Windows system to function properly.

Usage

<custom_item>

type: REGISTRY_PERMISSIONS

description: ["description"]

value_type: [value_type]

value_data: [value]

(optional) check_type: [value]

reg_key: ["regkeyname"]

(optional) acl_option: [acl_option]

</custom_item>

The allowed type is:

value_type: REG_ACL

value_data: "ACLname"

reg_key: "RegistryKeyName"

The following predefined paths can be used for the reg_key field:

HKLM (HKEY_LOCAL_MACHINE)

HKU (HKEY_USERS)

HKCR (HKEY_CLASS_ROOT)

When using this audit, please note the following:

  • The reg_key field must include the full path to the file registry key.
  • The value_data field is the name of an ACL defined in the policy file.
  • The acl_option field can be set to CAN_BE_NULL or CAN_NOT_BE_NULL to force a success/error if the key does not exist.

Example

<registry_acl: "ACL2">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This key and subkeys"

acl_allow: "Full Control"

</user>

 

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This key and subkeys"

acl_allow: "Full Control"

</user>

 

</acl>

 

<custom_item>

type: REGISTRY_PERMISSIONS

description: "Permissions for HKLM\SOFTWARE\Microsoft"

value_type: REG_ACL

value_data: "ACL2"

reg_key: "HKLM\SOFTWARE\Microsoft"

</custom_item>

When the above check is executed, the compliance module will check if the permissions defined for HKLM\SOFTWARE\Microsoft match the ones described in registry_acl ACL2.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.