Using a registry editor such as regedit32.exe, a local administrator can restrict a specific user from editing the registry on a machine running Windows XP Professional or Windows 2000. On the user's machine, log on under a Local Administrator account and follow these steps:
- Under the Start menu, click Run and type regedt32.exe to open the registry editor.
- Highlight HKEY_USERS, then select Registry. Select Load Hive from the Registry menu.
- Go to the Users Profile directory of the user you want to restrict. Select Ntuser.dat.
- When prompted for the Key Name, enter the username of the person you want to restrict, then click OK.
- Navigate to HKEY_USERS\<username>\Software\Microsoft\Windows\CurrentVersion\Policies, where <username> is the person's username. Add the System subkey if it doesn't already exist.
- Under the System subkey, add the value DisableRegistryTools.
- Make the value a REG-DWORD type, and set the value to 1.
- Select Unload Hive from the Registry menu.
- Close the registry editor, and restart the system.
- To make sure the restriction works, log on with the person's username (which must be restricted). Under the Start menu, click Run and type regedt32.exe. You should see the following error message: editing registry has been disabled by administrator.
Note that editing the registry is risky, so make sure that you have a backup of the registry before making any changes to it.
—Rajesh Mehta
rajesh_101@hotmail.com