Some controls identify the permissions that are set on a Windows registry key for different user groups and individual users. To save space, we assign each permission a letter (A,B,C,D,...) and use the letter instead of the full permission name.
This table maps each letter to the permission it represents.
Value |
Permission |
D |
Create Link |
E |
Notify |
F |
Enumerate Subkeys |
G |
Create Subkey |
H |
Set Value |
I |
Query Value |
J |
Delete |
K |
Write DAC |
L |
Write Owner |
M |
Read Control |
Registry permissions are often granted using security templates, which are logical groupings of permissions. The following table describes the security templates applicable to registry keys, and how the list of permissions for these templates will appear in your policy compliance reports.
Template |
Appears as |
Full Control |
D:E:F:G:H:I:J:K:L:M |
Read |
E:F:I:M |
The registry key "HKLM\SYSTEM" has the following permissions set:
The Administrators group has Full Control permission.
The Users group has Read permission.
User named Robert has Read Control permission.
These permissions translate to:
Administrators:D:E:F:G:H:I:J:K:L:M
Users:E:F:I:M
Robert:M
A permission translation table is provided for each registry permission control included in your compliance reports. The translation table appears below the Expected Value and Actual Value fields in the Detailed Results section of the report, and maps each letter that appears in the Actual Value field with the permission it represents.