In Windows NT 4.0, only members of the Administrators group have access to the registry.
You can alter this default by editing the registry at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
If the SecurePipeServers key does not exist, add it with a Class of REG_SZ
If the winreg key does not exist, add it with a Class of REG_SZ
Add value of Description as type REG_SZ and set the String to Registry Server
Select the winreg key and choose Security / Permissions from the Regedt32 menu. Grant the users and groups Read access. I would grant Full Control to Administrators.
It is possible to bypass these access permissions. Some services such as Directory Replicator and Spooler require remote access to the Registry. You can grant access to the account that runs these services or you can edit the registry at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
Add a key of AllowedPaths with a empty Class. Select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths
and add a value name of Machine as type REG_MULTI_SZ with the following String values, one per line:
System\CurrentControlSet\Control\ProductOptions
System\CurrentControlSet\Control\Print\Printers
System\CurrentControlSet\Services\Eventlog
Software\Microsoft\Windows NT\CurrentVersion
System\CurrentControlSet\Services\Replicator
If you wish, you can grant users access to listed locations in the registry by adding a value name of Users as type REG_MULTI_SZ and listing the registry locations, one per line.
See tip 840.