I have been (re)building my home servers and decided to combine two of my servers functions into a single Win2K dual-Pentium box and scrap my old faithful NT-based proxy server.

Being naturally paranoid, I hardened the box after building. That's when my troubles began. I needed to install the Routing and Remote Access service (RRAS). RRAS would start but the menus for configuring were greyed out and not accessible. There were no error messages on screen or in the logs.

I tried uninstalling/reinstalling, re-running service packs - all the usual stuff, to no avail.

Then I stumbled on a Microsoft Knowledgebase article KB254192 (thanks to the KBAlertz website) detailing how RRAS won't run without the Remote Registry service running. As part of my server hardening process I disable the Remote Registry service.

To quote the evil empire "Any situation that requires the Routing and Remote Access service to access configuration data, such as restarting the service or rebooting the system, causes the Routing and Remote Access service to stop functioning when the Remote Registry service is disabled."

So basically we have a service that facilitates remote user access and requires that the registry be remotely manipulatable as well. Seems counter-intuitive from a security standpoint to me.