Check or Attack Name: Writeable HKEY_CLASSES - everyone

HKEY_CLASSES_ROOT is writable by everyone. This setting allows any user to change file associations. If this issue is found under Windows NT 4.0, it may be a sign of tampering.

Restrict registry access or reset permissions (or both).

To restrict registry access, follow these steps:

1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
2. Go to the HKEY_CLASSES_ROOT key.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Restrict access to all users, or set the permissions to only permit access to approved users.