JSI Tip 9533. After upgrading Windows 2000 Server to Windows Server 2003, you cannot access the Remote Registry Service from a remote computer?

The subject behavior occurs because the Local Service account does NOT have Read permission on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg key.

NOTE: Under Windows 2000 Server, the Remote Registry Service ran under the Local System account context.

To resolve this issue:

1. Download the corrected version of SubInACL.exe.

2. Open a CMD.EXE window.

3. Type the following command and press Enter:

subinaCL /keyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg /grant=Builtin\Administrators=F /grant="Local Service"=R
4. Shutdown and restart Windows Server 2003.

NOTE: See tip 7519 » What Windows Server 2003 services no longer use the Local System account?

NOTE: See tip 7518 » What services are turned off by default in Windows Server 2003, and how does this compare with Windows 2000 and Windows XP Professional?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.