DisableRegistryTools
Removing DisableRegistryTools policy
Submitted by soccerfiend on Mon, 2010-06-14 17:09The problem:
You try to run regedit and you get the following response:
Error "Registry Editing has been disabled by your administrator"
The answer is to use the REG.EXE CLI utility:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
In theory this solution is only for stand alone Windows XP machine, though I have personally seen this be effective on an XP machine managed by Active Directory (we did have local admin privledges).
You can also use the old "at" command from the Windows command line to launch a shell with SYSTEM privs.
at 21:01 /interactive “cmd.exe”
There is nothing here that cannot be found on the internet, specifically http://windowsxp.mvps.org/tweakuirest.htm and http://www.askstudent.com/hacking/demonstration-of-windows-xp-privilege-escalation-exploit/