Why run the RemoteRegistry Service?

In a recent post of mine, Uses for the TaskList Command Line app in Windows XP SP2, someone (didn’t leave a name) sort of challenged me regarding why the RemoteRegistry service would be running on my desktop PC. Here is why, and what it is:

Disabling the RemoteRegistry service will break most patch management solutions including the Software Update Service and Windows Automated Update. If you disable this service, you will have to perform patch management manually. See Windows XP Security Guide: Chapter 3: Security Settings for Windows XP Clients for more information. I happen to enjoy receiving patches automatically from Windows Update, so I am going to leave the RemoteRegistry service running on my PC.

A few related articles regarding the RemoteRegistry service and security are:

1. System Services for the Windows Server 2003 Family and Windows XP Operating Systems: Services on the Windows Operating System Platforms – this is an excellent article if you want to learn more about the services I listed in my originally blog about the TaskList.
2. The RemoteRegistry service is on by default and would be disabled if the High Security Policy Template were applied, along with other System Services. See Securing Windows XP: Security Settings for Windows XP Clients for more information.
3. And for Windows Server 2003, see Securing a Windows 2003 Server: Hardening Windows Server 2003 Bastion Hosts.