Windows IT Pro
Windows IT Library
  - Advertise        
Windows IT Pro Logo

  Home  |   Books  |   Chapters  |   Topics  |   Authors  |   Book Reviews  |   Whitepapers  |   About Us  |   Contact Us

search for  on    power search   help
 






Understanding and Using the NT Registry
View the book table of contents
Author: Beth Sheresh
Doug Sheresh
Robert Cowart
Published: April 1999
Copyright: 1999
Publisher: IDG Books
 


Note: If the key that you’re editing is a volatile key (not stored in a registry database file), Registry Editor may tell you and prevent you from editing its value entry.
  1. If you want to edit additional value entries within the same key, go to step 3.
  2. If you want to edit additional value entries within other keys, go to step 2.
  3. When you’re done editing value entries, click to select Read Only Mode on the Options menu.
Adding Registry Keys
In rare cases, you might need to add a key to the registry. For example, if you must install a device driver that doesn’t have its own installation program (ouch!), the manufacturer may instruct you to add a registry key in a specific location within the registry hierarchy, then add value entries that the driver expects. (If this happens to you, complain loudly to the device manufacturer, request that they write an installation program, and then read on.)

Here’s how to add a key to the registry:
  1. On the Options menu, click to clear Read Only Mode, which allows you to add a key to the registry.
  2. Navigate to the key under which you want to add the new key. Select it and click Add Key on the Edit menu.
    Alternatively, you can press the INSERT key to quickly bring up the Add Key dialog box.
  3. In the Key Name field, type the name of the new key. Leave the Class field blank, as shown in Figure 11-14.
Caution: The name that you assign to the new key can’t contain any backslash (\) characters and must be unique, relative to other key names at the same level in the hierarchy. You can’t create two keys at the same level with the same name.
  1. Click OK. The new key is now visible in the left-hand window. If you need to add more new keys, go to step 2.
  2. When you’re done adding keys, click to select Read Only Mode on the Options menu.
The key that you’ve successfully added to the registry is empty. You can now add additional subkeys within it by following the same instructions that you just completed in this section. You can also add value entries within the key by completing the steps in the next section.

Adding Value Entries
If you’ve added a new key to the registry, or you need to follow instructions that require adding a value to an existing registry key, here’s how to do it:
  1. On the Options menu, click to clear Read Only Mode, which allows you to add a value to the registry.
  2. Navigate to the key to which you want to add a value entry. Select it and click Add Value on the Edit menu.
  3. Figure 11-15 shows the Add Value dialog box. In the Value Name field, type the name of the value entry. In the Data Type list, select the data type that you want to use for this value entry.
  4. Click OK. Depending on the data type that you selected, you’ll see an appropriate Editor dialog box. Follow the instructions in steps 4 and 5 of the section called “Editing Registry Value Entries,” earlier in this chapter.
  5. If you want to add more value entries, go to step 2.
  6. When you’re done adding value entries, click to select Read Only Mode on the Options menu.
Deleting Keys and Value Entries
If you must resort to this approach, you’ll lose all of the configuration changes made since you last started the computer. So, make sure to pay attention to what you’re deleting and make sure that you have the Confirm on Delete command checked on the Options menu before proceeding.

Caution: Deleting items from the registry is very risky business. Once you delete a key or a value entry, there’s no “undo” function to get it back. The only way to retrieve it is by rebooting the computer using the Last Known Good configuration (assuming the key or value that you need to restore wasn’t created since the computer was last started).

Cross-Reference: See Chapter 3 for details.

Here’s how to delete an existing key or value entry from the registry:
  1. On the Options menu, click to clear Read Only Mode, which allows you to delete a key or value from the registry.
  2. Navigate to the key or value that you want to delete and select it.
Caution: If you want to delete only a value, be sure that you’ve selected the value in the right half of the window. Otherwise, you’ll delete the entire key that contains the value.

If you elect to delete a key, you’ll also delete all subkeys and value entries under that key. In other words, if the key that you select represents a subtree of the registry, you’re deleting that entire subtree.
  1. Press DELETE.
  2. If you are 110 percent sure that you’ve selected the correct key or value entry for deletion, click Yes to confirm.
    Unfortunately, the confirmation dialog box doesn’t show you what you’re deleting. If there’s any doubt in your mind, click No and go back to verify that you’ve selected what you want to delete.
  3. When you’re done deleting keys or value entries, click to select Read Only Mode on the Options menu.

MANAGING THE REGISTRY OF A REMOTE COMPUTER

One of the very cool (and extremely dangerous) features of Registry Editor is its–ability to reach into registry databases on other NT computers and view or modify their configurations remotely. This can be handy if a user has rendered a–computer unusable in some way, but the operating system is still running. For example, I may accidentally change all of my screen colors to bright green, and now I can’t see anything at all. You can come to the rescue by reaching into my registry and readjusting my screen colors to something usable. (Don’t relate this example to your users. They might try it, and then you’ll have lots of extra work to do cleaning up after them.)

Here’s how to use Registry Editor to edit another NT computer’s registry:
  1. On the Registry menu, click Select Computer. In the Select Computer dialog box, type or select the name of the computer that you want to manage. Then click OK.
  2. You may see a warning indicating that the AutoRefresh feature isn’t available remotely and will be disabled. Click OK.
    This means that changes made to the registry won’t automatically be reflected on the display. Refreshing is disabled to avoid unnecessary network traffic. If you want to refresh the contents of the Registry Editor windows, you must manually click Refresh All on the View menu.
  3. You’ll see new windows in the Registry Editor for the HKEY_LOCAL_MACHINE and HKEY_USERS subtrees of the remote computer, as shown in Figure 11-16.
    If you have the appropriate access rights, you can view and modify keys and value entries in the remote registry using the instructions presented earlier in this chapter. If you have administrator privileges on the remote computer, you’ll be able to perform these operations.
Note: You see only two subtree views of a remote computer compared to the five subtrees that you see when editing the local registry. Recall from earlier in this chapter that the remaining three subtrees are really just pointers to locations within the HKEY_LOCAL_MACHINE and HKEY_USERS subtrees. So, with a little mental translation, you can still get to everything in the remote registry. See the section called “Understanding Registry Subtrees” earlier in this chapter.


MANAGING REGISTRY SECURITY

As I’ve stressed in this chapter, monkeying around with the Windows NT registry can be dangerous business. In inexperienced or malicious hands, Registry Editor can wreak havoc on your NT computers, if you don’t take some security precautions. Here are some guidelines to add to your security plan, if you haven’t already included them:
  • Never add users to the Administrators group unless they’re responsible for administering the network. Even granting temporary access opens up a window on all NT computers’ registries.
  • Never leave Registry Editor running on your computer unattended.
  • Use Registry Editor to restrict permissions to specific user accounts, as described later in this section.
  • Use Registry Editor to audit changes made to registry databases, as described later in this section. Review the audit logs periodically so you know who’s doing what to registries.
  • Consider removing REGEDT32.EXE from all NT computers that don’t need to manage registry databases. You may want to designate one or two physically secured server computers as central points for all registry administration.
Note: Removing the REGEDT32 utility won’t thwart the malicious user, who’ll find a way to get his or her hands on the Registry Editor program. It will, however, eliminate the problem of curious users running all the programs on their computers just to “see what they do.”
  • Use NTFS for your boot partition (where the NT SystemRoot tree is stored, including the registry database files). If you don’t use NTFS, you won’t be able to secure the individual database files.
Note: Loaded registry database files are held open by the operating system while it’s running, so they can’t be deleted. However, database files that aren’t loaded (user profiles, for example) aren’t held open and can be deleted by users if they’re not protected by NTFS file permissions.

You can assign permissions to an individual key within a registry database, audit events that involve a specific key or subtree below a key, and take ownership of a key. These functions work just as they do for files, as described in detail in Chapter 9. Figure 11-17 shows the Registry Key Permissions dialog box that appears when you select a key and click Security Permissions. Figure 11-18 shows the Registry Key Auditing dialog box that appears sure when you click Auditing on the Security menu.

Cross-Reference: See Chapter 9 for details on how to work with permissions and auditing objects.

Caution: Restricting permissions on registry keys can cause components of the operating system that manipulate those keys to fail. Always be sure to provide full access for the Administrators group and System. This will allow the computer to boot and enable administrators to change the permissions, if they’re too restrictive.


SUMMARY

Well, did I warn you enough about the perils of registry editing? I hope that you’ll treat registry editing at least as gingerly as building your house of cards. As I mentioned earlier, there’s no getting around the need to know how to do it. In this chapter, you’ve picked up the basic knowledge and skills that will allow you to perform these tasks when necessary. You’ve learned how to examine and modify the registry using NT’s powerful and dangerous Registry Editor. Hopefully, you’ve been warned enough that it really is hazardous.

In Chapter 12, you’ll have a chance to exercise your registry-editing skills. Some of the tips and tricks that you’ll find there will require making changes to your NT Server’s registry. This will get you primed for other registry-editing situations that you may encounter in your NT network administration career.



Page: 1, 2, 3, 4



Windows IT Pro Marketplace
Measuring the ROI of Monitoring Software
Are you getting the most bang for your buck? Find out now.
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
FREE Download – New Diskeeper® 2007
Your fastest computers can run even faster—try now & see for yourself!
VeriSign SSL Encryption
VeriSign SSL Certificates secure e-commerce transactions.
Featured Links
Become a Scripting Pro!
Scripting Pro VIP is committed to being your primary source for tools, techniques and downloadable code! Sign up today!
The Essential Guide to Infrastructure Consolidation
Learn the essentials about how consolidation and selected technology updates build an infrastructure that can handle change effectively.
February Special Offer
Save over $20 off Windows IT Pro magazine!
Spam Fighting and Email Security for the 21st Century
This free eBook gives you the knowledge required to understand the real threat that email-borne attacks pose, and how to address those attacks in a way that reduces risk while ensuring users aren't impacted.
Make Your Mark On The IT Community!
Nominate yourself or a peer to be the next "IT Pro of the Month." You could win over $600 in IT resources!
Beyond the Buzzword - Demystifying Virtualization TCO Improvements
Ben Smith explains how your organization can use virtualization technology to measurably improve the total cost of ownership (TCO) for servers and clients.

Windows IT Pro   |   SQL Magazine   |   Microsoft Training and Certification   |   Connected Home   |   JSI FAQ   |   IT Library/eBooks   |   Supersite for Windows   |   Windows FAQ
WinInfo News   |   Windows IT Pro Europe   |   IT Community Research   |   MSD2D   |   Windows Excavator

Subscribe / Register   |   About Us   |   Contact Us / Customer Service   |   Affiliates / Licensing   |   Press Room   |   Media Kit

Copyright © 2007 Penton Media, Inc., All rights reserved. Legal | Terms and Conditions