.gif)
.gif)
.gif)
Cross-Reference Recall from
Chapter 8 that user profiles contain environment
information (such as desktop settings) specific
to an individual user
account. | This subtree also contains a
default user profile (appropriately called
“.DEFAULT”) that’s summoned when a new user logs
on for the first time. Then, when the first-time
user logs off, his or her profile information is
saved in HKEY_USERS under the SID (security ID)
assigned to that user account.
The HKEY_CURRENT_USER
Subtree The HKEY_CURRENT_USER subtree
contains the user profile information associated
with the user who’s currently logged on to the
local computer. The contents of this subtree
change, depending on which account is used to log
on to the computer.
This subtree is
actually a pointer into the HKEY_USERS subtree. As
you can see in Figure
11-6, each user profile on the computer is
stored under its own unique SID within the
HKEY_USERS subtree. HKEY_CURRENT_USER points to
the SID associated with the user who’s currently
logged on. Notice that the SIDs under HKEY_USERS
always start with an S and are very long, unique
numbers. Since there are two SIDs listed, you can
tell that only two accounts have logged on to this
computer, so they’re the only ones with
established profiles. Changes made in
HKEY_CURRENT_USER are immediately reflected in
HKEY_USERS, since they occupy the same space.
Understanding
Control Sets The
HKEY_LOCAL_MACHINE\SYSTEM subtree is intimately
involved in the NT boot process. It contains all
of the information required to start the operating
system (other than the basic hardware data that’s
provided automatically in the
HKEY_LOCAL_MACHINE\HARDWARE subtree). Thus, most
of the modifications that you make to troubleshoot
the boot process will be made in the SYSTEM
registry database file. Figure
11-7 shows what’s stored under SYSTEM.
The Setup and DISK keys are used
exclusively by the operating system, so I won’t
discuss their contents. I discuss the roles of the
Select, CurrentControlSet, ControlSet001,
ControlSet002, and Clone keys in the boot process.
Note: You may see a different
combination of numbered control sets. Typically,
only two control sets are stored in the SYSTEM
subtree, but there can be up to four. The
numbers may or may not be sequential. For
example, on another computer in my office, the
SYSTEM subtree contains ControlSet001 and
ControlSet003. For the sake of discussion, I’ll
use ControlSet001 and ControlSet002 in the
examples. | The ControlSet001,
ControlSet002, and Clone keys all contain complete
copies of the required boot information in what
are called control sets. One of the numbered
control sets is used by default to boot the
computer (in this case, ControlSet001), and the
other contains the Last Known Good configuration
(in this case, ControlSet002).
Cross-Reference: See the
section called “Using the Last Known Good
Configuration” in Chapter 3 for more
information. | How does Windows NT know which
control set is the current one and which is the
Last Known Good configuration? The Select key
keeps track of this information, as shown in Figure
11-8. The Current value (0x1) indicates that
ControlSet001 was used to boot the computer this
time and that CurrentControlSet points to it. The
Default value (0x1) indicates that ControlSet001
is used by default to start the computer. The
Failed value indicates which control set last
failed to boot, requiring use of the Last Known
Good configuration. A value of zero indicates that
none of the configurations have failed. The
LastKnownGood value (0x2) indicates that
ControlSet002 contains the Last Known Good
configuration, which you can select during the
boot process.
For administrative
convenience, CurrentControlSet is a pointer to
whichever control set was used to boot the
computer. In this case, CurrentControlSet points
to ControlSet001, as shown in Figure
11-8. So, by editing CurrentControlSet, you’re
assured that the changes are made to whichever
control set is currently in force. There’s no need
to look under the Select key to figure out which
control set is the current one.
What about
the Clone key, and why is it grayed out? Each time
that the computer starts, the control set used to
boot the system is copied to the Clone key. If the
startup is successful, the Clone contents are
copied to another control set key, which is used
as the Last Known Good configuration during the
next boot process. The previous Last Known Good
configuration is discarded.
Note: Conceptually, this is
similar to saving multiple copies of CONFIG.SYS
under DOS, including a backup copy that’s known
to boot the computer correctly. The good news is
that NT takes care of saving the latest working
configuration and allows you to revert to it
during the boot
process. |
MANAGING THE WINDOWS NT
REGISTRY
Most of the work that you
do on the registry will be through Control Panel
applications, User Manager for Domains, or other
graphical interfaces provided with NT Server.
You’ll also see instructions in various places
(including Chapter 12) that require editing the
registry directly with Registry Editor.
The goal of the following sections is to
provide you with the skills needed to carry out
those instructions and to avoid registry problems.
I can’t provide you with the details of the
contents of the registry. Microsoft’s Windows
NT Resource Guide, which is part of the
Windows NT Resource Kit, devotes over 220 pages to
describing all of the registry keys and their
values. The kit also includes REGENTRY.HLP, an
online Help version of the registry key
descriptions.
Cross-Reference: See Appendix
C for details on the NT Resource
Kit. | Finding
Registry Keys One of the biggest
headaches in working with the registry is
remembering where a particular key is stored so
that you can view or modify its value entries.
Fortunately, Registry Editor supplies a simple
search function. Here’s how to find a needle in a
haystack—er, a key within the registry:
- Click the Registry Editor window containing
the subtree that you want to search. Navigate to
the highest point in the subtree where you want
the search to begin.
- On the View menu, click Find Key. You’ll see
the Find dialog box, as shown in Figure
11-9.
- Type the name of the key that you want to
find. If you’re sure of its capitalization,
click to select the Match case checkbox. If
you’ve specified the entire key name, click to
select the Match whole word only checkbox.
You can search for the partial name of a key
by clicking to clear the Match whole word only
check box. In this example, Direction is set
to Down, since we’re searching from the highest
point in the subtree. You can search up the tree
as well by clicking Up.
- Click Find Next. If it finds a match to the
key for which you’re looking, Registry Editor
positions you to that key in the database. If it
finds the key that you want, click Cancel. If
you want to continue the search, repeat step 4
until you’ve found the key that you
want.
Tip: Unfortunately, you can’t
search for a value entry name, so get into the
habit of thinking (and remembering) the names of
keys, so that you’ll be able to search for them
easily if you forget where a key is
located. | Fortunately, some enterprising
software developers have created third-party tools
that can simplify your search in the registry. For
example, the Somarsoft DumpReg utility dumps the
NT registry as text, making it easy to find keys
and values matching a particular string. Entries
can be sorted according to the time that they were
last modified, letting you see changes made by
recently installed software. You can download an
evaluation copy, which has printing and Clipboard
functions disabled, from http://www.somarsoft.com.
A fully functional version costs $10. The Opalis
Grep_Reg utility recursively searches for a string
in the registry. It’s available free from
http://www.opalis.com/goodies.html.
Editing Registry Value
Entries Once you’ve found the key whose
value(s) you want to edit, here’s what to do:
- On the Options menu, click to clear Read
Only Mode, so that you can alter a value in the
registry.
- In the left-hand window, navigate to the key
whose value(s) you want to edit. Make sure that
the value entry that you want to edit is visible
in the right-hand window.
- Double-click the value entry that you want
to edit.
- An Editor dialog box appears, appropriate to
the data type that you’re editing. Type your new
value.
Caution: This is the moment of
truth. Once you click OK in this dialog box,
you’ve changed the registry. Before you click
OK, you can still change your mind by clicking
Cancel. Remember that Registry Editor won’t
check the validity of your data, so if you make
an error, you won’t know until later when
something doesn’t work or the computer doesn’t
boot. Be careful! | Figure
11-10 shows an example of the String Editor
dialog box, which is used for editing REG_SZ and
REG_EXPAND_SZ data types. REG_MULTI_SZ strings are
edited with the Multi-String Editor dialog box, as
shown in Figure
11-11. In this case, type or edit each string,
pressing ENTER after each one.
Figure
11-12 shows an example of the DWORD Editor
dialog box. Under Radix, you can click Binary,
Decimal, or Hex, depending on how you want to
enter the value. This doesn’t affect how the value
will be displayed after you’ve edited it—it will
still show up in hexadecimal.
Figure
11-13 shows an example of the Binary Editor
dialog box. Under Data Format, you can click
Binary or Hex, depending on how you want to enter
the data. This doesn’t affect how the data will be
displayed after you’ve edited it—it will still be
in hexadecimal.
- Click OK. The value entry displayed by
Registry Editor immediately reflects your
change.
|
Page: 1,
2,
3, 4 |
next page  | |
| |
|