About Registry Security

Windows CE 3.0

In Windows CE versions 1.0 through 2.1x, it was possible for any application to write to any portion of the registry. Effective with version 3.0, a new registry architecture prevents "untrusted" applications from altering certain registry keys that potentially could damage the Windows CE device.

In this "trusted application model," only certain applications that are specified by the OEM have open access to the entire registry. An attempt by an untrusted application to write or change a portion of the restricted registry by calling the RegSetValueEx, RegCreateKeyEx, RegDeleteKey or RegDeleteValue function will fail with the ERROR_ACCESS_DENIED error. Note that any application, whether it is trusted or not, still can view all of the registry entries.

The restricted portion of the registry is limited to the following branches of the HKEY_LOCAL_MACHINE tree:


A "branch" begins at the root of HKEY_LOCAL_MACHINE and covers all of the keys and values that extend from this key.