If you are an administrator in a company and want to block user access from the registry editor see how you can do it from the group policy or from the registry itself.
In both Windows 10 and Windows 11, you can block user access to the registry editor thus avoiding any mistakes or intentional actions by malicious users.
The registry is a very sensitive Windows file and anyone who knows how to manipulate it can gain access to the core of the operating system. On the other hand, a single wrong setting can destroy the operating environment and render the computer unusable. It is a valuable tool for any professional or experienced Windows user, but also a backdoor.
But you can easily deny access to the registry editor either by setting through the registry itself, or by group policy.
Let's see the ways:
Table of Contents
Through the political group
You must have Windows Pro to be able to open the Group Policy Editor.
Step 1: Press Win + R keys simultaneously to open the run window and there type “gpedit.msc” and press Enter.
Step 2: In the left pane navigate to User Settings > Administrative Templates > System.
Step 3: In the right pane, double-click “Do not allow access to registry editing tools”
Step 4: Select the Enabled option and press the OK button to save the policy changes.
Step 5: Close the Group Policy window and restart your computer
After restarting the computer, the policy change will automatically disable Registry Editor. If someone tries to open the registry editor, the user will get the error message “Registry editing has been disabled by your administrator”.
Through the registry
You can block access to the registry through the registry!!
Step 1: Press Win + R keys at the same time to open the run window and there type “regedit” and press enter.
Step 2: In the left pane navigate to the following key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
There create a Dword 32bit value named DisableRegistryTools and give it the value 2
The values it can accept are:
- 0 – Enabled Registry Editor
- 1 – Registry Editor only works in "quiet mode" using the /s switch on the command line
- 2 – Registry Editor is disabled, cannot start normally or silently
Step 3: If you have Windows 10 go to the next step and do not do step 3. If you have Windows 11 do exactly the same thing as step 2 and in the location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
Step 4: After running the command, close the terminal window and restart your computer.
Reverse process
If you want to re-enable the ability to edit the registry, then through group policy set the setting “Do not allow access to registry editing tools” to disabled.
If you don't have Windows Pro, then you can't go into the registry to enable access to the registry !!!
For Windows 10:
Create a .reg file with notepad and put the following in it:
Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
Run the file from a Command Prompt with administrator rights.
For Windows 11
Open Windows Terminal with administrator rights and run the following commands:
PowerShell Remove-ItemProperty -Path
HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name DisableRegistryTools -Force;PowerShell Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name DisableRegistryTools -Force
And don't forget that you may need to restart your computer.