Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Assigning Minimum Remote Registry Permissions

Administrative user accounts have access to the remote registry by default. Non-administrative user accounts do not have access to the remote registry. You must configure access.

  1. On the target Windows computer, create or designate a Local or Global User (example, "QVM_scan_user") and assign read-only Registry access to the non-administrative user account.
  2. Log on to your Windows computer by using an account that has administrator privileges. Click Start >Run.
  3. Type regedit.
  4. Click OK.
  5. Go to the key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers \winreg.

    The permissions that are associated with this registry key control which users or group can access the registry remotely from the network.

  6. Highlight the winreg key and do one of the following steps:
    • On Windows XP or later, click Edit >Permissions.

    • On Windows 2000, click Security >Permissions.

  7. Give read-only access to the designated "QVM_scan_user" account.

    On Windows XP, the ForceGuest setting is enabled by default when in workgroup mode. This setting might cause access problems for WMI connections and shares access, other DCOM services, and RPC services. You cannot disable the ForceGuest setting on Windows XP Home computers.