.gif)
.gif)
.gif)
Abstract This chapter introduces you to the
dangers and benefits of working with the Windows
NT registry. You will learn how to examine and
modify the registry using the Registry Editor
utility.
Did you ever try to build a house of cards? If
so, I’ll bet you paid lots of attention to
creating the most solid foundation possible to
support the upper levels. Each card on the lower
deck essentially became a load-bearing wall of
your 52-card masterpiece. By making these cards
lean and depend on each other, you created a
structure that might even withstand a curious poke
from the paw of your cat.
Now, imagine
removing just one of the cards on the lowest
level. With a combination of luck and skill, you
can get away with it, perhaps only causing the
structure to lean a bit. However, dislodge or take
away another card, and you’ll probably play
“52-Pickup.” Because all of the cards that make up
the foundation play critical roles in supporting
the overall structure, and because many of them
depend on each other to function properly, the
whole house comes tumbling down.
Windows
NT Server is a very stable, robust operating
system. Just as any other structure, it has a
foundation—called the registry (or more
formally, the registry database or registration
database). If you start pulling individual
parts out of that foundation or replacing pieces
with inferior elements, you can make NT lose its
balance and even come crashing down. Parts of the
registry depend on each other. If you remove one
value, it can have a cascading, ill effect on many
others. For example, a seemingly innocent change
or deletion in your network adapter configuration
can cause the transport protocols, server,
redirector, and numerous other services to fall
over dead.
Most of the configuration
changes that you’ll make to the operating system
will be through Control Panel, described in
Chapter 8, and other administrative tools. These
applications offer a relatively safe way to make
changes to the registry. However, there will be
times when you must change the registry in order
to modify settings that aren’t handled by the
standard user interface, alter configurations of
remote computers, or fix a problem under the
direction of a product support specialist. Doing
so without totally destroying your computer’s
configuration requires a combination of knowledge,
practice, and contingency planning.
In
this chapter, you’ll learn about the Windows NT
Server registry, where virtually all of the
operating system and application configuration
data is stored. I’ll show you how to examine and
modify it using the Registry Editor utility.
You’ll read so many warnings about the risks of
editing your registry that you’ll begin to believe
it’s as bad as a combination of tobacco, alcohol,
fatty foods, caffeine, tornadoes, and swimming
right after eating.
Caution: Whenever possible,
use tools such as Control Panel and User Manager
for Domains, rather than the Registry Editor, to
change your computer’s configuration. Even the
most experienced Windows NT Server administrator
sometimes renders his or her computer completely
unbootable by editing the NT registry directly.
The key to success is planning to allow for
quick recovery from a registry misstep. Make
frequent backups of the registry (as discussed
in Chapter 9), update your Emergency Repair Disk
(as discussed in Chapter 8), and know how to
quickly recover a computer that won’t boot (as
discussed in Chapter
3). |
Caution: I can’t adequately
emphasize the point that making changes to the
registry can render your computer unbootable. In
the worst case, you’ll have to completely
reinstall Windows NT Server to recover. If you
plan properly, you won’t need to take this
drastic step. Perform all registry editing at
your own risk. | You’ll find that working with
the registry is a necessary evil if you want to be
an expert NT administrator. Microsoft’s own online
Help files, product support personnel, and
technical notes for sidestepping common problems
all point you to specific locations in the
registry. Without registry skills, you won’t be
able to take advantage of these important
resources. So take a few deep breaths, and let’s
get started.
INTRODUCING THE WINDOWS NT
REGISTRY
So what exactly is this
registry? It’s a hierarchical database containing
virtually all of the configuration information
that used to be CONFIG.SYS, AUTOEXEC.BAT, WIN.INI,
SYSTEM.INI, CONTROL.INI, PROTOCOL.INI, LANMAN.INI,
and other configuration files. Microsoft has
rolled all of this information under one roof and
has provided a single database editor to deal with
it. (I show you how to use the Registry Editor
utility later in this chapter.)
Note: As with many other parts
of NT 4.0, the registry approach has evolved
over time. It was first introduced with Windows
3.1, in which some information was stored in INI
files and some in the registry. Today, NT stores
everything in the registry but provides physical
manifestations of a few INI files for those
older Windows applications that need them to
run. Writing to these INI files automatically
changes the
registry. | Both Windows NT and Windows 95
use registry databases to store most of their
configuration information. Although the underlying
format of the two databases is the same, the
contents differ.
Caution: Since NT 4.0 can’t be
installed as an upgrade from Windows 95, you may
be tempted to copy the Windows 95 registry
database to NT. Don’t do it. It won’t work. Even
though there are similarities between the two
registries, there are plenty of critical
differences. If you want your Windows 95
applications to show up when running NT,
reinstall them while running
NT. | The registry database has some
fault tolerance built into it. If the computer
loses power or crashes while the registry is being
edited, log files are maintained that allow NT to
recover it to a good state by fixing any damage.
(Of course, it doesn’t recover itself from an
invalid change that you might make to the
registry. That’s up to you to avoid.)
The
structure of the registry is probably most closely
related to what you’ve seen in Windows INI files.
It contains sections that describe all of the
details of your hardware configuration, desktop
settings, application settings, your user account,
and a bunch of other things. The registry goes
beyond the INI file concept by allowing a
hierarchical structure, similar to folders and
files on disk. In fact, you refer to paths to the
elements in the registry just like folders and
files, as you’ll see later in this chapter. What’s
more, the registry itself contains multiple
versions of this information, allowing you to
recover a previous version if you make a wrong
move and render your computer unbootable.
If you’ve worked with DOS and Windows
before, you’ve probably often wished that you had
an easy way of saving copies of all your
configuration files before installing new drivers
or applications. Perhaps you’ve created an
elaborate scheme to do this, only to find that you
didn’t include all of the configuration files that
you needed. The NT registry simplifies your life,
at least in this respect.
INTRODUCING THE
REGISTRY EDITOR
The Registry Editor
is a graphical utility that enables you to view,
search, modify, and save the NT registry database.
You can think of Registry Editor as playing the
same role for the registry as Notepad plays for
text files. Notepad is an objective facilitator;
it allows you to view, search, modify, and save
text files but never examines or makes judgments
about the content of the text that you’re editing.
With Registry Editor, you can do the same for the
registry database. In addition, just as Notepad
can open and edit a file on a remote computer over
the network, Registry Editor can open and edit a
registry database on a remote computer.
To
start Registry Editor, log on with administrator
privileges and click Start
Run. Type REGEDT32 and click OK. In the Registry
Editor window, on the Options menu, click to
select Read Only Mode. Figure
11-1 shows the resulting window.
Caution: This point is very
simple but vitally important. Registry Editor
doesn’t understand, recognize, or enforce rules
on the values that you type. It blindly does
exactly what you ask it to do, as long as you
have the privileges to make the change. Be
extremely careful about what you change, since
you won’t be warned when you make a mistake. And
be prepared to restore the old registry in case
you render your computer
unbootable. |
Tip: Get into the habit of
placing Registry Editor into read-only mode
whenever you run it. Doing this will ensure that
you (or someone else who walks by and uses your
computer) won’t inadvertently make a
catastrophic change to the registry. Take it out
of read-only mode only when you are sure that
you’re ready to make a correct modification. To
do this, click to clear Read Only Mode on the
Options menu, then make your
change. | As added protection, make sure
the Confirm on Delete command is always checked on
the Options menu. Since it’s easy to delete
certain items from the registry simply by pressing
the DELETE key, requiring this confirmation avoids
accidental deletions.
When you first start
Registry Editor, you’ll see the five windows shown
in Figure
11-1, the significance of which I explain
later in this chapter. Each window represents a
view of a different part of the registry database.
Switch between the different windows by clicking
them. You can also minimize and maximize the
windows within the main Registry Editor window.
Caution: If you’ve used
Windows 3.x, you may be tempted to start REGEDIT
instead of REGEDT32. NT includes the 16-bit
REGEDIT application purely for compatibility
purposes. It allows you to edit the REG.DAT file
used by WOW (Win16 on Win32 support) and Win16
applications. However, REGEDIT won’t let you
edit the NT registry. REGEDT32 is required for
this. You can tell if you’ve inadvertently
started the 16-bit version if you see the window
shown in Figure
11-2. | The windows are split down the
middle. The left half displays the hierarchical
structure of the database including subtrees and
keys (I define these later in this chapter) and
enables you to navigate easily through it. The
right half provides a view of entries containing
actual data values. You’ll see examples of this
split later in this chapter.
Note: Folder icons are used
throughout this chapter and in the Registry
Editor interface itself to express the hierarchy
within the registry database. Although the
registry itself is actually stored in files on
disk (which I discuss later), the folder icons
represent a hierarchy organization within the
registry files. It’s helpful to think of this
database hierarchy in terms of folders, but keep
in mind that these folder icons don’t represent
actual folders on
disk. | You expand and collapse folder
icons in Registry Editor the same as you do in NT
Explorer. The only real difference is that the
plus and minus signs in Registry Editor appear on
the folder icons, as shown in Figure
11-1. A plus (+) sign indicates that there are
more items inside the folder. Double-click the +
sign to expand it, and double-click the minus (–)
sign to collapse it.
UNDERSTANDING NT
REGISTRY STRUCTURE
Much of the
terminology in the NT registry world describes the
hierarchical structure of the registry database.
The entire database is considered a tree, whose
root is at the top. The database tree is divided
into several subtrees, which I discuss in detail
in the next section.
Note: Think of the registry
database in terms of a folder structure. The
root folder represents the entire database. A
subfolder (and all of its contents) within the
root folder represents a
subtree. | A subtree is a tree in its own
right but acts as a component of the overall
database tree. Since subtrees can be nested, one
subtree can contain another subtree, just as–one
folder can contain another folder. Because this is
a database, each node (or folder) in the tree is
also called a key. Keys can have subkeys, and
subkeys can have their own subkeys. Typically, the
root of a subtree is called a key, and the nodes
below it are called subkeys.
|
Page: 1, 2,
3,
4 |
next page  | |
| |
|