Access to remote registry after 2003 SP1

Jan Nielsen
07-09-2005, 11:52 PM
Yesterday I installed SP1 on two 2003 domain controllers.
On these machines I have a third party surveillance utility. Among other
things it monitors DFS, FRS and it's replication status. After installing
SP1 one of the checks it makes has started to fail. According to the vendor
it connects to the other machines registry. And true, if I manually connect
to remote registry using the surveillance utilitys service account I'm not
able to open HKLM. The error msg. is: Cannot open HKEY_LOCAL_MACHINE:
Error while opening key.

However the service account is able to open HKEY_USERS. The service account
is member of Service Operators.
Connecting to remote registry and HKLM with a user that is member of
Administrators works ok.

I've checked the ACL of HKLM and among other Everyone has read access. The
service account can open HKLM without problems on the local machine. I think
this is very strange. It's not a problem connecting to remote registry
(HKEY_USERS) and it's a problem accessing HKLM locally. The problem occurs
when trying to do both at the same time...

Besides ACLs on the keys, what is controlling access to remote registry?
And has this changed with SP1?

Btw. file replication in between the DC's works fine. It's just the
surveillance tool that has lost a part of its access rights.

Kind regards,
Jan Nielsen

Access to remote registry after 2003 SP1