Windows Registry / Recommended P

This article is largely excerpted from my book, Microsoft Windows XP Registry Guide (Microsoft Press, 2002). I've condensed a 12,000 word chapter into this column, so we're only scratching the surface here. If you want to learn more about safekeeping the Windows XP registry, take a look at Chapter 3, "Backing up the Registry."

For an introduction to working with the Windows XP registry, see my column, Customizing Your PC with the Windows XP Registry, and the Knowledge Base article, Description of the Microsoft Windows Registry.

This column is geared to advanced users of Windows XP. Although even advanced users should be aware that if you use Registry Editor incorrectly, you can cause serious problems that may require you to reinstall your operating system. Microsoft recommends that before you edit the registry, you back up the registry and understand how to restore it if a problem occurs.

In this column, I'll explain how to back up the registry and restore it if things go awry. You'll learn how to use System Restore, which ensures that you can roll back the configuration of Windows XP to an earlier snapshot that the operating system makes automatically. Also, I like to save keys to hive files before making big changes to the registry so that I can restore those hive files if I make a mess of things. Both of these tools require preparation in advance. In other words, after something goes wrong is not the best time for backing up the registry—back up the registry first.

Recommended Links

In case of broken links please try to use Google search. If you find the page please notify us about new location

Index of Windows Registry Guide A good basic overview of Windows registry, compiled by Shrishail Rana.

"Some Useful Registry Tips" An index of tips, presented by PC Improvements.

"Optimizing the Windows Registry" Articles from Windows IT Library, a member of the Windows & .Net Magazine Network.

NT Registry Tips Windows NT registry information, compiled by Wayne Maples.

"Windows Registry: Everything You Need to Know" Basic information about accessing, backing up, searching and editing the Windows registry, from Gammadyne Software LLC.

Darren Mar-Elia

Because Registry problems are not always easy to spot (e.g., a security permission issue on one key in the Registry can cause seemingly unrelated problems on an application), I begin with a discussion of tools and techniques for monitoring Registry activity — including WinDiff, Reg.exe’s compare option, RegMon, Event Log, and Sysdiff. With the advent of the Security Configuration tools with Group Policy and the ability to centrally distribute Registry security changes to hundreds or thousands of workstations, security issues are likely to become more commonplace as organizations seek to enhance system security at all levels. I review how the

Windows Installer logs Registry activity and discuss the best way to recover the Registry when you have problems.

The best defense against Registry problems is to keep a backup of as current a copy of your Registry as is feasible. As I discussed in "Viewing and Manipulating the Registry," the third installment in this series, you have several ways to back up Registry hives on your Windows 2000 system. However, for those cases in which you don’t have a recent backup or need a faster solution, this chapter offers some techniques for identifying and addressing Registry corruption.

Finally, I present some common Registry troubles and the solutions you need to get your system back up and running quickly. In "Registry Scripting," the final installment in this series, I discuss how to combine segments of information that you learned about in the preceding chapters into scripted solutions for use either on your workstation or across an enterprise.

Tools for Monitoring the Registry
Numerous tools exist for determining how an application or system component is affecting your system and, importantly, how it is affecting the Registry. Once you know how the Registry is affected, you can often get closer to pinpointing problems. In this section, I review the most useful tools that I have found and talk about how you can use them to see what’s going on in the Registry. To begin with, I consider some common Resource Kit utilities that can be useful for monitoring Registry activity. Then, I review RegMon — a great freeware tool for monitoring Registry activity in real time. Finally, I evaluate the usefulness of Win2K’s native event logging tool for monitoring Registry activity.

WinDiff
WinDiff is a Resource Kit utility that compares files and directories before and after changes. How is this tool useful for Registry monitoring? You can use WinDiff with Regedt32 or Regedit to compare before and after results from Registry settings. Both Regedt32 and Regedit have ways of dumping the contents of keys or values to text files. In Regedt32, it is done using the Save Subtree As feature. In Regedit, you can use the Export Registry File feature to create a text .reg file. (From the command line, you can also use Regdmp from the Resource Kit, and the Regedit /e option to do basically the same thing as Regedt32 and Regedit.)

The process is pretty straightforward. Create a text file dump of the keys you want to monitor before you make a system change, using one of the methods above. Then make your system change. You may be installing a new application or adding a new service. Any change that affects the Registry (which will be most things!) can be tracked in this way. After you make the change, rerun the dump method on the keys of interest and use WinDiff to compare the difference.

For example, I want to find out what changes are made to HKLM\Software\Microsoft\ during the installation of the Win2K Resource Kit. I could use Regedt32 to perform a Save Subtree As operation on this whole key, then perform the Resource Kit install, then save the subtree again after the install. I use WinDiff’s Compare Files feature to load both the before and after text files and WinDiff shows me what has changed. Figure 1 illustrates just such an operation and some of the differences that WinDiff revealed.

Note that in Figure 1, the !> symbol indicates that a new key or value was found in the second file (the post-Resource Kit snapshot) that wasn’t in the first file. WinDiff also points out when something has changed between the first file and the second (Figure 2).

When you use WinDiff, there are a few things that you should know. First, it is a Resource Kit utility, for which Microsoft offers limited support. Under certain circumstances, it is not the most robust of tools. For example, if you choose to create a save file that is too large (e.g., if you try to dump all of HKEY_CLASSES_ROOT), WinDiff cannot load both the before and after files; it simply hangs.

Tip: How large a save file is too large for WinDiff? I find that two 2 MB files have no problem loading. I have tried loading two 9 MB files, however, and WinDiff essentially hangs. Because the system you work with is one factor in the loading equation, you may have to experiment with your system. For doing small-scale Registry comparisons on a focused set of keys or values, WinDiff is a great way to see everything that has changed.

Reg’s Compare Option
WinDiff is great if you want to compare dumps of two Registry trees. However, if you need to compare keys or values in real time against a running system’s Registry, you should familiarize yourself with the reg utility’s compare option. I first introduced reg in "Viewing and Manipulating the Registry," the third installment in this series. Reg is the Swiss Army knife of Registry tools. The reg compare option replaces the CompReg utility that was available in NT 4.0’s Resource Kit and lets you compare the contents of keys or values on local and remote machines.

As an example of how you can use reg’s compare option to compare two keys on the same machine, I compare the contents of HKEY_CURRENT_USER\Control Panel\Desktop and HKEY_USERSÊ\.Default\Control Panel\Desktop. The command syntax for such a comparison follows:

reg compare "HKU\.Default\Control Panel\Desktop" "HKCU\Control Panel\Desktop" /s /od

The /s option tells CompReg to check subkeys and values that exist under each key specified. The /od option instructs reg to show only the differences between the two keys.

Mark Russinovich

Article from Windows NT Magazine

The Registry is the centralized configuration database for Windows NT and Windows 2000, as well as for applications. The Registry stores information about tuning parameters, device configuration, and user preferences. Many books and articles can help you learn about the logical layout of the Registry. These resources describe where the Registry stores specific configuration settings, which values the settings can store, and what happens when you change the settings.

However, these resources don't describe how NT physically manages the Registry. In other words, how do NT and Windows 2000 organize the Registry on disk, how do these OSs locate and retrieve configuration information when an application requests this information, and what measures do they employ to protect this database that's so crucial to their operation?

This month, I'll show you how the Configuration Manager—the kernel subsystem that implements the Registry—organizes the Registry's on-disk files. I'll discuss how the Configuration Manager manages the Registry as applications and other OS components read and change Registry keys and values. Finally, I'll discuss the mechanisms by which the Configuration Manager tries to ensure that the Registry is always in a recoverable state, even if the system crashes while you're modifying the Registry. To get the most from this column, you need to be familiar with the Registry's logical organization, including the concepts of root key, subkey, and values. If you don't have such knowledge, I recommend that you first read "Inside the Windows NT Registry," April 1997.

HKEY_CLASSES_ROOT - this branch contains all of your file types as well as OLE information for all your OLE-aware applications.
HKEY_CURRENT_USER - this branch points to the part of HKEY_USERS appropriate for the current user.
HKEY_LOCAL_MACHINE - this branch contains information about all of the hardware and software installed on your computer. Since you can specify multiple hardware configurations, the current hardware configuration is specified in HKEY_CURRENT_CONFIG.
HKEY_USERS - this branch contains certain preferences (such as colors and control panel settings) for each of the users of the computer. In Windows 95/98/Me, the default branch here contains the currently-logged in user. In Windows 2000/XP, the default branch here contains a template to be used for newly-added users.
HKEY_CURRENT_CONFIG - this branch points to the part of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
HKEY_DYN_DATA (Windows 95/98/Me only) - this branch points to the part of HKEY_LOCAL_MACHINE, for use with Windows' Plug-&-Play subsystem.

Etc

Microsoft Windows 98: The Windows Registry This article explains the Registry's function and what files the Registry contains, plus info on some important tools to include in your troubleshooting arsenal.

Registry Information and Articles Links to registry resources compiled by an About.com guide.

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose
In no way this site is associated with or endorse cybersquatters using the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with bad faith intent to profit from the goodwill belonging to someone else.

Last modified: June 05, 2008

News	See also	Recommended Links	Microsoft Articles and Techpapers	Online chapters and Books	Mark Russinovich	Darren Mar-Elia
Microsoft Registry Tools	Tweaking	Monitoring	Snapshots	Backups	Registry cleaning	Etc

	Hives
	Hive Structure
	Cell Maps
	The Registry Namespace and Operation
	Stable Storage
	Registry Optimizations
	The End of the Tour

Windows Registry / Recommended Papers

[Feb 24, 2007] How to back up, edit, and restore the registry in Windows XP and Windows Server 2003

[Oct 3, 2005] Monitoring and Troubleshooting the Registry by Darren Mar-Elia

Recommended Links

Darren Mar-Elia

Mark Russinovich

On This Page

Microsoft Articles and Techpapers

Online Chapters and Books

Etc