If you want to restrict user access to the registry editor, the easiest method is to use a group policy object in your active directory environment. This will allow you to restrict access to the registry editor to many users in just a few clicks.
To disable access to the registry editor using group policy, logon to a domain controller or a computer with RSAT installed. Next, navigate to our Group Policy Management inside of Administrative Tools.
Next, navigate to
Users Configuration > Policies > Administrative Templates > System. Once inside of the System folder, right-click on the policy titled Prevent access to registry editor tools. Once inside, Enable the policy.
A new option will appear in the options section. To disable registry editor from running, select “Yes” in the drop-down. If the option is “
Click Apply and OK. Last, apply the policy to the desired organizational unit.
To verify that it has applied the policy, logon to a computer using an account that has the group policy object applied. If the policy is being applied a message saying, “Registry editing has
To apply the new setting to the computer, restart the machine or run