Академический Документы
Профессиональный Документы
Культура Документы
Introduction
Introduced with Windows 95, the Registry is a central repository for unique user and
machine configuration data. In basic terms, it is a big database that holds all of the
Windows 2003 configuration information – settings relative to user accounts, machine
hardware and applications. Everything from user preferences (such as the background
colour, screensaver, etc), to encrypted local account passwords are in there.
The registry was brought about to replace the old .INI files (that stored configuration
settings in editable txt files). INI files were good because they were short and easy to edit.
They did however have some restrictions such as size limitations and no support for
multiple users. In came the registry to rid us of these restrictions and make it easier to
recover settings after a crash, control access to and track system changes. The Registry is
fault tolerant, in that, if you are installing an application that is writing a new bunch of
keys to the registry and there is a power failure, everything remains intact and you can
start a fresh when the system is back up and running again.
Note:
Some applications still use INI files to store custom user settings or languages for the
GUI. For example, at the time of writing this article, I opened language.ini which I found
in a directory of one of my installed applications and changed some of the strings. When I
then opened my application, the GUI showed my text on it, instead of the default text.
The majority of the information in the Registry is placed there automatically by Windows
when you install the OS. The rest comes from utilities and applications via their
installation routines. It’s also possible to edit Registry data manually, allowing you to
tweak, enable or fix certain settings.
WARNING!
Any changes you make to the registry using Registry Editor are permanent, there is no
“undo” button, so be very careful what you do. Only mess around with the registry if you
know what you are doing, the consequences of your mistakes could be disastrous (i.e.: at
its worst, you will have to re-install Windows from scratch). I am not responsible for any
loss or damage as a result of your tampering with the registry. Edit at your own risk, and
as a rule of thumb always make a backup (discussed later on in this article).
Below is a screenshot showing the structure of the registry, which is made up of five
subtrees (discussed in the next section of this article). You can browse to a key from the
left and its values will be displayed in the window on the right. To open the Registry
Editor, click Start > Run… and type “regedit.exe”.
Figure 1: Regedit.exe showing the structure of the registry
Setting Permissions
You can set permissions on specific subtrees or keys so that users or applications will be
allowed or not allowed access. By default, users are allowed read access while
administrators are allowed read/write access on most keys.
While testing a .NET application recently, I found that the installation routine was not
correctly assigning permissions to a specific key, so a part of the application was failing.
Once I set the correct permissions, everything worked smoothly again. In this case, it was
the application vendor’s fault and luckily I was able to implement a temporary fix using
regedit.exe.
To set permissions, open regedit.exe, right click a key and select “Permissions…”. This
will bring up the ACL list for that key and allow you to edit permissions as you would
normally do on an NTFS file or folder.
Figure 2: The ACL list for setting permissions on the SOFTWARE key
It goes without saying, but be careful who/what you allow and deny permissions to.
SUBTREE DESCRIPTION
HKEY_CLASSES_ROOT The HKEY_CLASSES_ROOT subtree contains data that
associates file types with applications and configuration for
COM objects.
HKEY_LOCAL_USER Also known to have the common abbreviation HKCU, the
HKEY_LOCAL_USER subtree contains settings and
preferences for the user currently logged on to the system.
These settings are dynamic and unique to each user.
HKEY_LOCAL_MACHI Also known to have the common abbreviation HKLM, the
NE HKEY_LOCAL_MACHINE subtree contains information
about the hardware currently installed, and the settings for
systems running on the machine. These are normally static for
all users until a change is made.
HKEY_USERS This subtree simply contains a pointer to
HKEY_LOCAL_USER and the DEFAULT user profile (a
template used when assigning a profile to new users).
HKEY_CURRENT_CON This subtree stores configuration data for the current hardware
FIG profile and points to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ha
rdware Profiles
TIP:
Make sure that a group policy isn’t in place that disallows remote registry connections.
Open regedit.exe and from the File menu select “Connect Network Registry…”. Type the
computer name, or press [Advanced…] and search for one, and press OK. After entering
the correct credentials, the registry of the remote machine is loaded into the console, as if
it was that of the local machine.
Once you’re done making changes simply select “Disconnect Network Registry…” from
the file menu and regedit.exe will break the connection.
Once again, remember that any changes you make will be reflected on the remote
machine immediately, or in some cases after the next restart.
When you connect to a registry remotely, you will only be able to edit the
HKEY_LOCAL_MACHINE and HKEY_USERS keys.
In this example I have, from a local machine, connected to another server called
ZTABONA and am able to make the necessary changes to the above mentioned keys.
From the Backup tab, expand My Computer and select the System State check box.
Note:
On a domain controller, backing up the System State will also backup Active Directory,
Boot Files, Certificate Server (if installed), COM object class registries, and SYSVOL,
apart from the full Registry.
Browse for a location to which the backup file should be placed (ideally removable
storage or another partition) and click Start Backup. A new dialog box will appear
showing the status of the backup procedure. When backup is complete, press OK and
close.
To restore a backup file, go to the Restore and Manage Media tab and select Tools >
Catalog a backup file. Browse to the location of the backup file and select it. Choose
what you want to restore (in this case it is the entire System State) and press the Start
Restore button.
To export a registry file, select the desired key from the left pane in regedit.exe, right
click and choose Export. Select where you want the .reg file to be saved, and press Save.
Once the file has been exported, you can edit it using Notepad.exe or any text editor.
[HKEY_CURRENT_USER\Control Panel\Accessibility\MouseKeys]
"Flags"="62"
"MaximumSpeed"="80"
"TimeToMaximumSpeed"="3000"
To import a reg file, simply double click it to bring up the dialog and press Yes. The
information will then be added to the registry.
Only import information to the registry if you know exactly what the key contains.
Note:
You can also import/export a registry file using the command line tool reg.exe.
For the purpose of this explanation I will demonstrate the uses of REG SAVE and REG
RESTORE.
REG save
Use the REG save command to save root keys for future restoration. The syntax for this
command is:
Figure 6: Using the command line tool reg.exe to save registry keys
The registry files will be saved to the specified directory, as shown in the screenshot
below.
REG restore
Using the reg restore command you can restore keys you previously saved using the reg
save command. Using my example, if I wanted to restore HKEY_CLASSES_ROOT I
would run the following command at the command prompt:
Conclusion
Knowing how the registry is laid out and how to backup and restore it will prove to be
valuable knowledge for everyone. As a network administrator you will find that editing
the registry is sometimes the only answer to many problems. As much as nobody likes to
mess around with the Registry, one is sometimes left with no other choice. Don’t be
scared to make changes, just be careful and know exactly what you are about to do. The
risks are obvious – one false move and the game is over. I cannot stress it enough!