Softpanorama
(slightly skeptical)
Open Source Software Educational Society
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
Softpanorama |
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs.
Guided Help to export registry keys and to back up the registry Requirements to install and to use this Guided Help Manual steps to back up the registry Manual steps to export registry subkeysManual steps to back up the whole registry
Manual steps to edit the registry
Use the Windows user interfaceManual steps to use Registry Editor
Locating a subtree, key, subkey, or valueManual steps to rename a key or value
Use a Registration Entries (.reg) file Use Console Registry Tool for Windows Restore the whole registry
Safekeeping the Windows XP Registry
| This article
is largely excerpted from my book,
Microsoft Windows XP Registry Guide (Microsoft Press, 2002).
I've condensed a 12,000 word chapter into this column, so we're
only scratching the surface here. If you want to learn more about
safekeeping the Windows XP registry, take a look at Chapter 3, "Backing
up the Registry." For an introduction to working with the Windows XP registry, see my column, Customizing Your PC with the Windows XP Registry, and the Knowledge Base article, Description of the Microsoft Windows Registry. This column is geared to advanced users of Windows XP. Although even advanced users should be aware that if you use Registry Editor incorrectly, you can cause serious problems that may require you to reinstall your operating system. Microsoft recommends that before you edit the registry, you back up the registry and understand how to restore it if a problem occurs. In this column, I'll explain how to back up the registry and restore it if things go awry. You'll learn how to use System Restore, which ensures that you can roll back the configuration of Windows XP to an earlier snapshot that the operating system makes automatically. Also, I like to save keys to hive files before making big changes to the registry so that I can restore those hive files if I make a mess of things. Both of these tools require preparation in advance. In other words, after something goes wrong is not the best time for backing up the registry—back up the registry first. |
***** How the Registry Is Architected
***** Backing Up and Securing the Registry and Manipulating Hives and Keys by Darren Mar-Elia
**** Registry Scripting by Darren Mar-Elia
***** Viewing and Manipulating the Registry by Darren Mar-Elia
***** Monitoring and Troubleshooting the Registry by Darren Mar-Elia
Because Registry problems are not always easy to spot (e.g., a security permission issue on one key in the Registry can cause seemingly unrelated problems on an application), I begin with a discussion of tools and techniques for monitoring Registry activity — including WinDiff, Reg.exe’s compare option, RegMon, Event Log, and Sysdiff. With the advent of the Security Configuration tools with Group Policy and the ability to centrally distribute Registry security changes to hundreds or thousands of workstations, security issues are likely to become more commonplace as organizations seek to enhance system security at all levels. I review how theWindows Installer logs Registry activity and discuss the best way to recover the Registry when you have problems.
The best defense against Registry problems is to keep a backup of as current a copy of your Registry as is feasible. As I discussed in "Viewing and Manipulating the Registry," the third installment in this series, you have several ways to back up Registry hives on your Windows 2000 system. However, for those cases in which you don’t have a recent backup or need a faster solution, this chapter offers some techniques for identifying and addressing Registry corruption.
Finally, I present some common Registry troubles and the solutions you need to get your system back up and running quickly. In "Registry Scripting," the final installment in this series, I discuss how to combine segments of information that you learned about in the preceding chapters into scripted solutions for use either on your workstation or across an enterprise.
Tools for Monitoring the Registry
Numerous tools exist for determining how an application or system component is affecting your system and, importantly, how it is affecting the Registry. Once you know how the Registry is affected, you can often get closer to pinpointing problems. In this section, I review the most useful tools that I have found and talk about how you can use them to see what’s going on in the Registry. To begin with, I consider some common Resource Kit utilities that can be useful for monitoring Registry activity. Then, I review RegMon — a great freeware tool for monitoring Registry activity in real time. Finally, I evaluate the usefulness of Win2K’s native event logging tool for monitoring Registry activity.
WinDiff
WinDiff is a Resource Kit utility that compares files and directories before and after changes. How is this tool useful for Registry monitoring? You can use WinDiff with Regedt32 or Regedit to compare before and after results from Registry settings. Both Regedt32 and Regedit have ways of dumping the contents of keys or values to text files. In Regedt32, it is done using the Save Subtree As feature. In Regedit, you can use the Export Registry File feature to create a text .reg file. (From the command line, you can also use Regdmp from the Resource Kit, and the Regedit /e option to do basically the same thing as Regedt32 and Regedit.)
The process is pretty straightforward. Create a text file dump of the keys you want to monitor before you make a system change, using one of the methods above. Then make your system change. You may be installing a new application or adding a new service. Any change that affects the Registry (which will be most things!) can be tracked in this way. After you make the change, rerun the dump method on the keys of interest and use WinDiff to compare the difference.
For example, I want to find out what changes are made to HKLM\Software\Microsoft\ during the installation of the Win2K Resource Kit. I could use Regedt32 to perform a Save Subtree As operation on this whole key, then perform the Resource Kit install, then save the subtree again after the install. I use WinDiff’s Compare Files feature to load both the before and after text files and WinDiff shows me what has changed. Figure 1 illustrates just such an operation and some of the differences that WinDiff revealed.
Note that in Figure 1, the !> symbol indicates that a new key or value was found in the second file (the post-Resource Kit snapshot) that wasn’t in the first file. WinDiff also points out when something has changed between the first file and the second (Figure 2).
When you use WinDiff, there are a few things that you should know. First, it is a Resource Kit utility, for which Microsoft offers limited support. Under certain circumstances, it is not the most robust of tools. For example, if you choose to create a save file that is too large (e.g., if you try to dump all of HKEY_CLASSES_ROOT), WinDiff cannot load both the before and after files; it simply hangs.
Tip: How large a save file is too large for WinDiff? I find that two 2 MB files have no problem loading. I have tried loading two 9 MB files, however, and WinDiff essentially hangs. Because the system you work with is one factor in the loading equation, you may have to experiment with your system. For doing small-scale Registry comparisons on a focused set of keys or values, WinDiff is a great way to see everything that has changed.
Reg’s Compare Option
WinDiff is great if you want to compare dumps of two Registry trees. However, if you need to compare keys or values in real time against a running system’s Registry, you should familiarize yourself with the reg utility’s compare option. I first introduced reg in "Viewing and Manipulating the Registry," the third installment in this series. Reg is the Swiss Army knife of Registry tools. The reg compare option replaces the CompReg utility that was available in NT 4.0’s Resource Kit and lets you compare the contents of keys or values on local and remote machines.
As an example of how you can use reg’s compare option to compare two keys on the same machine, I compare the contents of HKEY_CURRENT_USER\Control Panel\Desktop and HKEY_USERSÊ\.Default\Control Panel\Desktop. The command syntax for such a comparison follows:
reg compare "HKU\.Default\Control Panel\Desktop" "HKCU\Control Panel\Desktop" /s /od
The /s option tells CompReg to check subkeys and values that exist under each key specified. The /od option instructs reg to show only the differences between the two keys.
The Registry and the Active Directory
Windows NT and Windows 2000 - Inside the Registry By Mark Russinovich
Article from Windows NT MagazineThe Registry is the centralized configuration database for Windows NT and Windows 2000, as well as for applications. The Registry stores information about tuning parameters, device configuration, and user preferences. Many books and articles can help you learn about the logical layout of the Registry. These resources describe where the Registry stores specific configuration settings, which values the settings can store, and what happens when you change the settings.
However, these resources don't describe how NT physically manages the Registry. In other words, how do NT and Windows 2000 organize the Registry on disk, how do these OSs locate and retrieve configuration information when an application requests this information, and what measures do they employ to protect this database that's so crucial to their operation?
This month, I'll show you how the Configuration Manager—the kernel subsystem that implements the Registry—organizes the Registry's on-disk files. I'll discuss how the Configuration Manager manages the Registry as applications and other OS components read and change Registry keys and values. Finally, I'll discuss the mechanisms by which the Configuration Manager tries to ensure that the Registry is always in a recoverable state, even if the system crashes while you're modifying the Registry. To get the most from this column, you need to be familiar with the Registry's logical organization, including the concepts of root key, subkey, and values. If you don't have such knowledge, I recommend that you first read "Inside the Windows NT Registry," April 1997.
On This Page
Hives Hive Structure Cell Maps The Registry Namespace and Operation Stable Storage Registry Optimizations The End of the Tour
Annoyances.org - Introduction to the Registry
There are six main branches (five in Windows 2000 and Windows XP), each containing a specific portion of the information stored in the Registry. They are as follows:
- HKEY_CLASSES_ROOT - this branch contains all of your file types as well as OLE information for all your OLE-aware applications.
- HKEY_CURRENT_USER - this branch points to the part of HKEY_USERS appropriate for the current user.
- HKEY_LOCAL_MACHINE - this branch contains information about all of the hardware and software installed on your computer. Since you can specify multiple hardware configurations, the current hardware configuration is specified in HKEY_CURRENT_CONFIG.
- HKEY_USERS - this branch contains certain preferences (such as colors and control panel settings) for each of the users of the computer. In Windows 95/98/Me, the default branch here contains the currently-logged in user. In Windows 2000/XP, the default branch here contains a template to be used for newly-added users.
- HKEY_CURRENT_CONFIG - this branch points to the part of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
- HKEY_DYN_DATA (Windows 95/98/Me only) - this branch points to the part of HKEY_LOCAL_MACHINE, for use with Windows' Plug-&-Play subsystem.
322756 - How to back up, edit, and restore the registry in Windows XP and Windows Server 2003 For a Microsoft Windows NT 4.0 version of this article, see 323170.
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
O'reilly/Managing the Windows 2000 Registry
Chapter 5 of Microsoft Windows XP Registry Guide. It also provides detailed information about disk "cloning" using Sysprep.
Mystery Behind Windows Registry - A Guide available for download as a zip file
Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
Last modified: August 10, 2009
