Monday, September 27, 2010

Ways to Modify (or Destory) the Registry

Invoke regedit.exe with .REG file
Interfaces:          GUI, script
Access:                 Local or Remote
Benefits:              Simple
Caveats:               Exposes data in .REG file

WMI StdRegProv class
Interfaces:          Script, Application
Access:                 Local or Remote
Benefits:              Cloak/Obfuscate data, run hidden
Caveats:               Firewalls and Remote Registry services (remote), scripting knowledge

WSH RegRead, RegWrite, RegDelete methods
Interfaces:          Script, Application
Access:                 Local
Benefits:              Cloak/Obfuscate data, run hidden
Caveats:               No remote access

Wise/InstallShield Compiled EXE
Interfaces:          GUI or hidden, Script, Application
Access:                 Local
Benefits:              Cloak/Obfuscate data, run hidden
Caveats:               Requires Wise Package Studio or AdminStudio and some scripting knowledge

REG.exe command
Interfaces:          GUI, script (shell)
Access:                 Local or Remote
Benefits:              Simple and consistent
Caveats:               Exposes data in stream

Proprietary Utility
Interfaces:          GUI (usually), cmd shell (sometimes), API call (rarely)
Access:                 Local or Remote
Benefits:              Easy GUI layout and options (typically)
Caveats:               Vendor lock-in, updates, etc., may require .NET or JRE also

Manual (REGEDIT.exe)
Interfaces:          GUI
Access:                 Local
Benefits:              Familiar
Caveats:               Does not scale well

Group Policy Preferences
Interfaces:          GUI (GPMC MMC console)
Access:                 Active Directory via client-side processing
Benefits:              Simple to configure and mass-deploy
Caveats:               Requires Active Directory environment.  Connected clients (receive policy changes)

I’m sure there are others I overlooked, but who cares.  Isn’t this enough? I mean, come on. Really?!

Posted by
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)