Vista Guest Account Has Unrestricted Access to the Registry?

I just tried it myself and regedit opened right up (no prompt). However, whenever I try to change a reg. entry I get a window saying something like 'No can do', which is what I would expect. Hmm, where you changing entries in the current user Key. I was in the local machine key. Not knowlegable enough to know if that matters, but I just had that thought. Funny that I have to go through UAC to get to regedit as an admin., but not as a guest.

Gary

OK. Wow. I thought I was losing it there for a minute. Yeah, it does give me an error message when I try to edit anything in HKey Local Machine, etc. But shouldn't it at least give a UAC prompt before entering? Is it possible they avoided this so that a guest user could make simple edits to his user profile?

I doubt that would be the reason death

I think its more likly an oversight by microsoft
However as no one ever enables or uses the guest account no one has ever enouctered it so it was never submited to microsoft to fix however i suppose if u contact them they will make a quick patch.

UAC virtualizes all read/write requests made to the entire system and saves them under user specific locations...Unless its a bug on your registry or you disabled UAC then it might allow the changes but they are not system-wide changes.

That explains it. Thanks, dmex.

seriously I don't know why anyone would disable UAC with its enormous potential to secure the most insecure system :cough: Windows...

Microsoft was 10 years behind industry security standards and other systems like Apple and Linux until they included this feature, It might not always be accurate informing you if a program needs elevation to run correctly or if a program legitimately requires it but for anyone who keeps an eye on PC security it gives them the power to deny anomaly programs (and users) the ability to make system-wide changes without the admin`s permission in a way thats perfectly balanced between user-user and user-system and thats just NOT possible under any previous Windows version...

Two good examples...The Guest user changing the registry in specific locations on XP and earlier windows can cause the entire computer to blue-screen permanently while on vista the changes crash just the guest user until they logout, the other good example is IE`s protected mode since it runs IE under a lower privileged user than your own so any exploit code ran inside the web browser can only affect the current user not the entire system.

I haven't disabled UAC. I agree as to it's potential. Only time I turn it off is while I'm setting things up and then I kill the internet connection till I'm done and restart UAC. That's also why it seemed so odd to not have it come up for a guest account to get to regedit.

Thing I use UAC for most is when I go to install something and forget to right click and run as admin, I can click cancel and not have to wait for the setup prog to get all loaded before I can cancel. Saves me some time LOL.

Gary

Same here. I only run Vista with UAC on. I don't mind the prompts. I've gotten used to them.

Yeah people make such a big deal about them and how annoying they are

I get a prompt less than once a week and i mean once a week is that a big deal?