Why run the RemoteRegistry Service?


In a recent post of mine, Uses for the TaskList Command Line app in Windows XP SP2, someone (didn’t leave a name) sort of challenged me regarding why the RemoteRegistry service would be running on my desktop PC. Here is why, and what it is:

 

Disabling the RemoteRegistry service will break most patch management solutions including the Software Update Service and Windows Automated Update. If you disable this service, you will have to perform patch management manually. See Windows XP Security Guide: Chapter 3: Security Settings for Windows XP Clients for more information. I happen to enjoy receiving patches automatically from Windows Update, so I am going to leave the RemoteRegistry service running on my PC.

 

A few related articles regarding the RemoteRegistry service and security are:

  1. System Services for the Windows Server 2003 Family and Windows XP Operating Systems: Services on the Windows Operating System Platforms – this is an excellent article if you want to learn more about the services I listed in my originally blog about the TaskList.  
  2. The RemoteRegistry service is on by default and would be disabled if the High Security Policy Template were applied, along with other System Services. See Securing Windows XP: Security Settings for Windows XP Clients for more information.
  3. And for Windows Server 2003, see Securing a Windows 2003 Server: Hardening Windows Server 2003 Bastion Hosts.

 

Comments (5)

  1. Eusebio Rufian-Zilbermann says:

    A question begging to be asked: Why the description text doesn’t mention this important and nonobvious side effect?

    (you may want to route this question to somebody who can get this issue fixed ‘:)

    Very interesting info. Thank you.

  2. Kevin says:

    Windows Update won’t work locally unless this service is running? That doesn’t make sense from the description of the service.

  3. Chris Haas says:

    I completely agree with the posts above. Forward this on to someone that can change the description of the service because I would never have known this. This was one of the services that I sometimes killed off on some machines because I thought it was an unnecessary security risk.

  4. Mark says:

    I don’t think it’s entirely true either. I’d have to do testing, but IME the Remote Registry has nothing to do with Windows Update. Now, if you’re running something like Shavlik’s HFNetChk to push out updates, that would need remote registry.

    Can somebody test it out and let us know?

  5. Brian Groth says:

    Looks like I misunderstoond the TechNet article. Someone else within Microsoft recently sent me this:

    …I have the remote reg service disabled on all of my machines, and the machines I’ve built for others… and Windows Updates works fine for me.

    And

    …recently setup a new Win 2003 Enterprise server. The remote registry service is set to manual and it is not currently running. Yet auto update has alerted me that there are new updates ready to install.