Skip to main content

Access Errors for User Activity Monitoring Plan

Symptom

User Activity (UAVR) monitoring plan generates errors on missing access permissions:

Requested registry access is not allowed
Cannot open HKEY_Local_Machine: error while opening key
Access is denied

Causes

  • Misconfigured Remote Registry service.
  • Misconfigured permissions for the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg registry subkey on the affected client.

Resolution

  • Review the Remote Registry service configuration. Refer to the following article for additional information on configuration steps: Configure IT Infrastructure — Windows Event Logs.

  • Review the permissions to the SYSTEM\CurrentControlSet\Control\winreg registry subkey. Refer to the following steps to configure the permissions for the affected client:

    1. Run Registry Editor on the affected client.

    2. Either expand the registry nodes in the left pane to reach the subkey, or enter the following path in the corresponding path window:

      Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

    3. Right-click winreg, and click Permissions.

    4. Click Add, and enter local service in the Enter the object names to select. Click OK to save the changes.

    5. Select the LOCAL SERVICE user and check the Read — Allow checkbox under the Permissions section. Click Apply to save the changes.

    6. Restart the client.