Microsoft Windows SMB Registry : Registry HKLM_LOCAL_MACHINE Permissions
High Nessus Plugin ID 10427
SynopsisSystem settings are writable by non admin.
DescriptionThe registry key HKEY_LOCAL_MACHINE is writeable by users who are not in the admin group.
This allows these users to create a lot of keys on that machine, thus they can probably to get admin easily.
Such a configuration probably means that the system has been compromised.
Solutionuse regedt32 and set the permissions of this key to :
- admin group : Full Control
- system : Full Control
- everyone : Read