5.21 Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Enables remote users to modify registry settings on this computer.

The recommended state for this setting is: 'Disabled'.

Rationale:
In a high security environment, exposing the registry to remote access is an increased security risk.

Solution

To establish the recommended configuration via GP, set the following UI path to: 'Disabled'.


Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Remote Registry


Impact:
The registry can be modified only by users on the computer.

Note: Many remote administration tools, such as System Center Configuration Manager (SCCM), require the Remote Registry service to be operational for remote management.

In addition, many vulnerability scanners use this service to access the registry remotely.

See Also

https://workbench.cisecurity.org/files/1929

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: Windows

Control ID: b9f672dd3e4aa3bb2e2cf4ae3706e3349e76d0cd5c3b64b644ecc18e7c5ee856