Similar to File Monitor, Registry Monitor (Regmon.exe) is a tool available as a free download from Sysinternals at http://www.sysinternals.com/Utilities/Regmon.html. This tool monitors all registry requests and records them for your review. Again, without even running your application, you will find that Windows Vista generates a great many entries, so it is again necessary to adjust the optional filters in order to better identify any attempts to access or update registry keys to which a restricted user may not have access. Below are recommended steps and filter settings to help identify the requirements of the application being tested.
1. As a privileged user (an administrative account), launch the File Monitor utility
2. Select Filter/Highlight (CTRL-L) from under the Options menu and make the following updates:
Include: *
Exclude: SUCCESS;NOT FOUND;NO MORE ENTRIES;BUFFER OVERFLOW;BAD IMPERSONATION
Highlight: ACCESS DENIED
3. Right click on the application shortcut to be tested and choose "Run AsÂ…"
4. Specify the credentials of a restricted user account, representative of a user with non-administrative privileges on the network.
5. 5. Make use of the application, running through any provided test procedures and make note of any subkeys or values which report “Access Denied” (highlighted in red). It is these subkeys that may require security changes in order for the application to function properly in your environment.
Comments