.gif)
.gif)
.gif)
Note: If the key that you’re
editing is a volatile key (not stored in a
registry database file), Registry Editor may
tell you and prevent you from editing its value
entry. |
- If you want to edit additional value entries
within the same key, go to step 3.
- If you want to edit additional value entries
within other keys, go to step 2.
- When you’re done editing value entries,
click to select Read Only Mode on the Options
menu.
Adding
Registry Keys In rare cases, you might
need to add a key to the registry. For example, if
you must install a device driver that doesn’t have
its own installation program (ouch!), the
manufacturer may instruct you to add a registry
key in a specific location within the registry
hierarchy, then add value entries that the driver
expects. (If this happens to you, complain loudly
to the device manufacturer, request that they
write an installation program, and then read on.)
Here’s how to add a key to the registry:
- On the Options menu, click to clear Read
Only Mode, which allows you to add a key to the
registry.
- Navigate to the key under which you want to
add the new key. Select it and click Add Key on
the Edit menu.
Alternatively, you can press
the INSERT key to quickly bring up the Add Key
dialog box.
- In the Key Name field, type the name of the
new key. Leave the Class field blank, as shown
in Figure
11-14.
Caution: The name that you
assign to the new key can’t contain any
backslash (\) characters and must be unique,
relative to other key names at the same level in
the hierarchy. You can’t create two keys at the
same level with the same
name. |
- Click OK. The new key is now visible in the
left-hand window. If you need to add more new
keys, go to step 2.
- When you’re done adding keys, click to
select Read Only Mode on the Options
menu.
The key that you’ve successfully
added to the registry is empty. You can now add
additional subkeys within it by following the same
instructions that you just completed in this
section. You can also add value entries within the
key by completing the steps in the next section.
Adding Value
Entries If you’ve added a new key to
the registry, or you need to follow instructions
that require adding a value to an existing
registry key, here’s how to do it:
- On the Options menu, click to clear Read
Only Mode, which allows you to add a value to
the registry.
- Navigate to the key to which you want to add
a value entry. Select it and click Add Value on
the Edit menu.
- Figure
11-15 shows the Add Value dialog box. In the
Value Name field, type the name of the value
entry. In the Data Type list, select the data
type that you want to use for this value entry.
- Click OK. Depending on the data type that
you selected, you’ll see an appropriate Editor
dialog box. Follow the instructions in steps 4
and 5 of the section called “Editing Registry
Value Entries,” earlier in this chapter.
- If you want to add more value entries, go to
step 2.
- When you’re done adding value entries, click
to select Read Only Mode on the Options
menu.
Deleting
Keys and Value Entries If you must
resort to this approach, you’ll lose all of the
configuration changes made since you last started
the computer. So, make sure to pay attention to
what you’re deleting and make sure that you have
the Confirm on Delete command checked on the
Options menu before proceeding.
Caution: Deleting items from
the registry is very risky business. Once you
delete a key or a value entry, there’s no “undo”
function to get it back. The only way to
retrieve it is by rebooting the computer using
the Last Known Good configuration (assuming the
key or value that you need to restore wasn’t
created since the computer was last started).
|
Cross-Reference: See Chapter 3
for details. | Here’s how to delete an existing key
or value entry from the registry:
- On the Options menu, click to clear Read
Only Mode, which allows you to delete a key or
value from the registry.
- Navigate to the key or value that you want
to delete and select it.
Caution: If you want to delete
only a value, be sure that you’ve selected the
value in the right half of the window.
Otherwise, you’ll delete the entire key that
contains the value.
If you elect to
delete a key, you’ll also delete all subkeys and
value entries under that key. In other words, if
the key that you select represents a subtree of
the registry, you’re deleting that entire
subtree. |
- Press DELETE.
- If you are 110 percent sure that you’ve
selected the correct key or value entry for
deletion, click Yes to confirm.
Unfortunately, the confirmation dialog box
doesn’t show you what you’re deleting. If
there’s any doubt in your mind, click No and go
back to verify that you’ve selected what you
want to delete.
- When you’re done deleting keys or value
entries, click to select Read Only Mode on the
Options menu.
MANAGING THE REGISTRY OF A REMOTE
COMPUTER
One of the very cool (and
extremely dangerous) features of Registry Editor
is its–ability to reach into registry databases on
other NT computers and view or modify their
configurations remotely. This can be handy if a
user has rendered a–computer unusable in some way,
but the operating system is still running. For
example, I may accidentally change all of my
screen colors to bright green, and now I can’t see
anything at all. You can come to the rescue by
reaching into my registry and readjusting my
screen colors to something usable. (Don’t relate
this example to your users. They might try it, and
then you’ll have lots of extra work to do cleaning
up after them.)
Here’s how to use Registry
Editor to edit another NT computer’s registry:
- On the Registry menu, click Select Computer.
In the Select Computer dialog box, type or
select the name of the computer that you want to
manage. Then click OK.
- You may see a warning indicating that the
AutoRefresh feature isn’t available remotely and
will be disabled. Click OK.
This means that
changes made to the registry won’t automatically
be reflected on the display. Refreshing is
disabled to avoid unnecessary network traffic.
If you want to refresh the contents of the
Registry Editor windows, you must manually click
Refresh All on the View menu.
- You’ll see new windows in the Registry
Editor for the HKEY_LOCAL_MACHINE and HKEY_USERS
subtrees of the remote computer, as shown in Figure
11-16.
If you have the appropriate
access rights, you can view and modify keys and
value entries in the remote registry using the
instructions presented earlier in this chapter.
If you have administrator privileges on the
remote computer, you’ll be able to perform these
operations.
Note: You see only two subtree
views of a remote computer compared to the five
subtrees that you see when editing the local
registry. Recall from earlier in this chapter
that the remaining three subtrees are really
just pointers to locations within the
HKEY_LOCAL_MACHINE and HKEY_USERS subtrees. So,
with a little mental translation, you can still
get to everything in the remote registry. See
the section called “Understanding Registry
Subtrees” earlier in this
chapter. |
MANAGING REGISTRY SECURITY
As I’ve stressed in this chapter,
monkeying around with the Windows NT registry can
be dangerous business. In inexperienced or
malicious hands, Registry Editor can wreak havoc
on your NT computers, if you don’t take some
security precautions. Here are some guidelines to
add to your security plan, if you haven’t already
included them:
- Never add users to the Administrators group
unless they’re responsible for administering the
network. Even granting temporary access opens up
a window on all NT computers’ registries.
- Never leave Registry Editor running on your
computer unattended.
- Use Registry Editor to restrict permissions
to specific user accounts, as described later in
this section.
- Use Registry Editor to audit changes made to
registry databases, as described later in this
section. Review the audit logs periodically so
you know who’s doing what to registries.
- Consider removing REGEDT32.EXE from all NT
computers that don’t need to manage registry
databases. You may want to designate one or two
physically secured server computers as central
points for all registry
administration.
Note: Removing the REGEDT32
utility won’t thwart the malicious user, who’ll
find a way to get his or her hands on the
Registry Editor program. It will, however,
eliminate the problem of curious users running
all the programs on their computers just to “see
what they do.” |
- Use NTFS for your boot partition (where the
NT SystemRoot tree is stored, including the
registry database files). If you don’t use NTFS,
you won’t be able to secure the individual
database files.
Note: Loaded registry database
files are held open by the operating system
while it’s running, so they can’t be deleted.
However, database files that aren’t loaded (user
profiles, for example) aren’t held open and can
be deleted by users if they’re not protected by
NTFS file
permissions. | You can assign permissions to an
individual key within a registry database, audit
events that involve a specific key or subtree
below a key, and take ownership of a
key. These functions work just as they do for
files, as described in detail in Chapter 9. Figure
11-17 shows the Registry Key Permissions
dialog box that appears when you select a key and
click Security
Permissions. Figure
11-18 shows the Registry Key Auditing dialog
box that appears sure when you click Auditing on
the Security menu.
Cross-Reference: See Chapter 9
for details on how to work with permissions and
auditing objects. |
Caution: Restricting
permissions on registry keys can cause
components of the operating system that
manipulate those keys to fail. Always be sure to
provide full access for the Administrators group
and System. This will allow the computer to boot
and enable administrators to change the
permissions, if they’re too
restrictive. |
SUMMARY
Well, did
I warn you enough about the perils of registry
editing? I hope that you’ll treat registry editing
at least as gingerly as building your house of
cards. As I mentioned earlier, there’s no getting
around the need to know how to do it. In this
chapter, you’ve picked up the basic knowledge and
skills that will allow you to perform these tasks
when necessary. You’ve learned how to examine and
modify the registry using NT’s powerful and
dangerous Registry Editor. Hopefully, you’ve been
warned enough that it really is hazardous.
In Chapter 12, you’ll have a chance to
exercise your registry-editing skills. Some of the
tips and tricks that you’ll find there will
require making changes to your NT Server’s
registry. This will get you primed for other
registry-editing situations that you may encounter
in your NT network administration career.
|
Page: 1,
2,
3,
4 | |
| |
|