A. A. Access to a remote registry is controlled by the ACL on the key winreg.

  1. Start the registry editor (regedt32.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
  3. Check for a key called winreg. If it does not exist create it (Edit -Add Key)
  4. Select the winreg key (by clicking on it)
  5. From the Security menu select permissions
  6. Click the Add button and give the user you want read access
  7. Once added, click on the user and select "Special Access"
  8. Double click on the user and you can select which actions the user can perform
  9. Click OK when finished

It is possible to set up certain keys to be accessible even if the user does not have access by editing the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\Machine (use regedt32). You can add paths to this list.