T 3.22 Improper modification of the registry

Windows operating systems offer the possibility of restricting the user environment of an IT system or for each user individually. This is generally accomplished using the System Policy Editor gpedit.msc or the Registry Editors. On NT-based Windows versions, the registry editors regedt32.exe, regedit.exe, regini.exe as well as the command-line-based tools reg.exe and, in Windows 7 and higher, the PowerShell are used to edit the registry.

These programs should only be used by trained personnel, and must be used with care. Every registry change must be made with extreme care because it is possible to quickly place the system in a state in which it becomes impossible to work with the IT system any longer. In the worst-case scenario, it will be necessary to reinstall the operating system or reinitialise certain hardware components (by loading the corresponding drivers).

In NT-based Windows versions, the registry entries are protected by access rights. In spite of this, it is still possible for a user to modify the registry knowingly or unintentionally in an unauthorised manner by incorrectly configuring the access rights. Improper changes in this case can damage the system so that the security and/or functionality of the IT system (and in extreme cases, of the entire network) are threatened.