Block access to Windows 10 and 11 Registry Editor

If you are an admin in a company and want to block it to the users from theworker see how you can do it from the group policy or from the registry itself.

registry, regedit, gpedit

So much for 10 as well as in Windows 11, you can block user access to the registry editor thus avoiding any mistakes or intentional actions by malicious users.

The registry is a very sensitive Windows file and anyone who knows how to manipulate it can gain access to the core of the operating system. On the other hand, a single wrong setting can destroy the operating environment and render the computer unusable. It is a valuable tool for any professional or experienced Windows user, but also a backdoor.

But you can easily deny access to the registry editor either by setting through the registry itself, or by group policy.
Let's see the ways:

Through the political group

You must have Windows Pro to be able to open the Group Policy Editor.

Step 1: Press Win + R keys simultaneously to open the run window and there type “gpedit.msc” and press Enter.

Step 2: In the left pane navigate to User Settings > Administrative Templates > System.

Step 3: In the right pane, double-click “Do not allow access to registry editing tools”

regedit gpedit group policy

Step 4: Select the Enabled option and press the OK button to save the policy changes.

Step 5: Close the Group Policy window and restart your computer

After restarting the computer, the policy change will automatically disable Registry Editor. If someone tries to open the registry editor, the user will get the error message “Registry editing has been disabled by your administrator”.

regedit gpedit group policy 2


Through the registry

You can block access to the registry through the registry!!

Step 1: Press Win + R keys at the same time to open the run window and there type “regedit” and press enter.

Step 2: In the left pane navigate to the following key:
There create a Dword 32bit value named DisableRegistryTools and give it the value 2

The values ​​it can accept are:

  • 0 – Enabled Registry Editor
  • 1 – Registry Editor only works in "quiet mode" using the /s switch on the command line
  • 2 – Registry Editor is disabled, cannot start normally or silently

Step 3: If you have Windows 10 go to the next step and do not do step 3. If you have Windows 11 do exactly the same thing as step 2 and in the location:

Step 4: After running the command, close the terminal window and restart your computer.

Reverse process

If you want to re-enable the ability to edit the registry, then through group policy set the setting “Do not allow access to registry editing tools” to disabled.

If you don't have Windows Pro, then you can't go into the registry to enable access to the registry !!!

For Windows 10:
Create a .reg file with notepad and put the following in it:

Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000

Run the file from a Command Prompt with administrator rights.

For Windows 11
Open Windows Terminal with administrator rights and run the following commands:

PowerShell Remove-ItemProperty -Path
HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name DisableRegistryTools -Force;PowerShell Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name DisableRegistryTools -Force​

And don't forget that you may need to restart your computer. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

registry, regedit, gpedit

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).