Block Write Access To Run and RunOnce Registry Entries.

by [Published on 1 Oct. 2008 / Last Updated on 3 Oct. 2008]

Blocking write access to Run and RunOnce registry entries for malware or other unwanted programs running in the system.

Your system becomes unstable because of the malware programs running in the background. You identify these programs and kill them in the Task Manager but these programs will re-appear in the Task Manager after you reboot the system. This is because these programs will run again from the below mentioned registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

To run only allowed programs, you need to modify the permissions on the Run and RunOnce registry keys.


  • 1. Remove all the unwanted programs from Run and RunOnce registry keys using Registry Editor.
  • 2. Remove any other account from the Security Tab except SYSTEM Account and grant this accound only the "Read Only" permission.
  • 3. Reboot your system.


See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links