Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Registry policy that sets up registry permissions under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node does not work

Registry policy that sets up registry permissions under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node does not work

View products that this article applies to.

Symptoms

On a computer that is running one of the following 64-bit operating systems:
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
you attemp to directly configure any registry permissions under the location HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node through group policies. You find that the group policy settings do not work.

Note: You can configure the registry permission permission under one of the location:
  • Computer Configuration\Policies\Windows Settings\Security Settings\Registry
  • Computer Configuration\Preferences\Windows Settings\Registry



↑ Back to the top

Cause

Registry permission policy application is handled by client side security policy extension. On 64-bit platforms, for each registry path defined in the security policy, the extension first uses the 64-bit routine. It directly searches for the target key under the default Software key. E.g., if you set up registry permissions for HKLM\Software\Contoso in the policy, the extension will first set the permissions on HKLM\Software\Contoso as expected. Then, the extension starts over again, but uses the 32-bit routine: It searches for “Contoso” under the virtualized 32-bit registry node (HKLM\Software\Wow6432), that is, HKLM\Software\Wow6432\Contoso. If the key exists, it sets the permissions.

Therefore, if you directly set permissions HKLM\SOFTWARE\Wow6432Node in security policy, the extension will try to find the HKLM\Software\Wow6432 registry which obviously does not exist. Then, permissions are not correctly set on the right key.


↑ Back to the top

Resolution

Directly use the normal registry path in Computer Configuration\Windows Settings\Security Settings\Registry; the client extension will automatically handle the virtualized 32-bit key node under Wow6432Node on x64 platforms.

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2565916
Revision : 1
Created on : 1/7/2017
Published on : 10/25/2011
Exists online : False
Views : 357