A. A. Access to a remote registry is controlled by the ACL on the key winreg.
- Start the registry editor (regedt32.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
- Check for a key called winreg. If it does not exist create it (Edit -Add Key)
- Select the winreg key (by clicking on it)
- From the Security menu select permissions
- Click the Add button and give the user you want read access
- Once added, click on the user and select "Special Access"
- Double click on the user and you can select which actions the user can perform
- Click OK when finished
It is possible to set up certain keys to be accessible even if the user does not have access by editing the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\Machine (use regedt32). You can add paths to this list.