Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

About System Registry Control

Prev Next

Through EPM Windows, you can create policies to control access to the Windows Registry by defining users and/or groups and their permissions.

The Windows Registry is the database that stores all settings of the operating system, drivers, and applications. Having control over it is critical, because many threats attempt to modify registry keys to gain persistence or disable defenses.

Functionalities

  • Write and modify restriction: Allows the creation of rules that prevent users (even those with temporary elevated privileges) or suspicious processes from modifying specific registry keys.
  • Protection of critical keys: Protects keys that control system boot, security settings, group policy (GPO), and network configurations.
  • Malware persistence prevention: Many types of malware install themselves in the “Run” or “RunOnce” keys. EPM can block changes in these areas.
  • Audit logging: Logs any attempts at unauthorized access or modification, enabling security teams to see who tried to change what in the registry.

More information about precedence rules in Permissioning.

Permission types

You can manage registry access by assigning users or groups and their corresponding access levels. See the permission options:

Permission Description
Full Control Grants full access to the key (read, write, delete, rename). Does not propagate: subkeys created after synchronization do not inherit.
Read Grants read access to values and listing of subkeys. Does not propagate.
Special Permissions Grants full access to the key. Automatically propagates via Windows: both existing and future subkeys inherit without needing a new sync.
Info

For dynamically created subkeys, we recommend using Special Permissions, which ensures subkeys created after synchronization also receive the permissions.

Policy scope

You can define the scope of policies based on your infrastructure needs. Management lets you select from the isolated key, full structure, or only lower levels. See the scope options:

Scope option Description
Only this key Only the configured key is affected by the policy.
This key and subkeys The configured key and all subkeys existing at time of synchronization are affected.
Only subkeys Only the subkeys existing at the time of synchronization are affected. The parent key is unchanged.
Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
Connect With Us
SEGURA
LEARN
EXPLORE
Copyright © Segura. All Rights Reserved