Block registry changes


  • Hi,

    I am looking for a way to block registry changes unless I choose to allow them to be made. So basically if an application tries to make a change my program would display a dialog with information of the change and I can either click Allow Change or Disallow Change.


    Only thing is I am not sure how I go about stopping a registry change before it happens.

    Can anyone give me any pointers on how to go about this?



    Tuesday, November 07, 2006 9:40 AM


All replies

  • This would be very much a non-trivial task. I'm not sure what (if any) APIs would allow you to to this. Why do you want to do this? Typically, you set the ACL on the registry key so that only the users who are supposed to be able to change the registry are allowed to do so...

    Best regards,
    Johan Stenberg

    Tuesday, November 07, 2006 9:02 PM
  • Download spybot search and destroy and have it install tea timer. This application gives you the ability to either allow or deny registry changes.
    • Proposed as answer by Maxs_Owner Friday, April 03, 2009 3:30 PM
    Thursday, November 30, 2006 3:39 PM
  • I agree with Johan. This is more of an OS/permission thing and not something that can be easily achieved in .NET. perhaps some API's exist but even then...would be tricky.
    Thursday, November 30, 2006 3:43 PM
  • This can also be done in .net by setting up a filesystem watcher for the appropriate registry file(s)...when a change to the file is detected open the registry and check for a change on your specified key...if a change has been made ...undo it

    Thursday, November 30, 2006 4:40 PM
  • The Spybot applet handles this very well. It identifies the attempted change, identifies the (current) original value and lets you choose which to enable. This diminishes the concern about blocking installations you are purposefully installing as they are identified in process and you get to confirm them. It also provides notification of unexpected attempts to change the registry and lets you veto them. However, there is room in the marketplace for an application that consumes less memory. It appears Spybot loads the registry in memory to provide the hyper quick response it delivers. I would prefer less of a memory hog that intercepted any registry change attempt and suspended processing while it took a while longer to identify the current value. I believe the latter approach would reduce the memory load Spybot requries.
    Friday, April 03, 2009 3:36 PM