Check or Attack Name: Writable HKEY_LOCAL - non-admin

HKEY_LOCAL_MACHINE was found to be writable by non-administrator users, allowing these users to change file associations. If found under Windows NT 4.0, this issue could be a sign of tampering.

Restrict registry access or reset permissions (or both).

To edit the registry, follow these steps:

1. Open Registry Editor. From the Windows NT Start Menu, select Run, type regedt32, and click OK.
2. Go to HKEY_LOCAL_MACHINE.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Restrict access to all or set permissions to allow access to approved Administrators only.