CSA 5.2 Read registry on remote Hosts with CSA

Unanswered Question
Jan 29th, 2008

I wish to be able to check registry settings on remote computers on my LAN. All the tools that I've checked so far, trigger a rule in the System Hardening Module: "Attempts to write registry sets All Registry Keys [V5.2 r238] by processes in application class <Remote Clients> will be denied." I have no idea why the CSA detects write attempts here, but that's what it does.

Before I start looking into agent-based tools, I thought I'd use the CSA itself. When I run the diagnostics, there's a choice selection of registry keys in the resulting zip file. Is there any way I can read out more or even all registry keys, preferably from the management center?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Mon, 02/04/2008 - 10:31

With CSA management center you can read the registry settings and only write access is blocked by default. This is also mentioned in the error you are getting that the attempt to write to registry was denied.

tsteger1 Tue, 02/05/2008 - 13:31

Hi Oliver,

Bradley Spencer of Priveon Labs has an excellent article about running CSA diagnostics from the MC here:


I don't know of a way to configure CSA to read and report registry values other than the ones available with diag.exe (anyone else know of a way? chime in...).

You may be able to configure the rules so your tools can work. You'll need to create registry write allow rules because the tools modify the registry.

It may be that the registry is logging the remote registry access and/or it's updating another key.

What tools do you use?

You may be able to use the events to create the exception.



This Discussion