Windows IT Pro
Windows IT Library
  - Advertise        
Windows IT Pro Logo

  Home  |   Books  |   Chapters  |   Topics  |   Authors  |   Book Reviews  |   Whitepapers  |   About Us  |   Contact Us

search for  on    power search   help
 






Understanding and Using the NT Registry
View the book table of contents
Author: Beth Sheresh
Doug Sheresh
Robert Cowart
Published: April 1999
Copyright: 1999
Publisher: IDG Books
 


Cross-Reference Recall from Chapter 8 that user profiles contain environment information (such as desktop settings) specific to an individual user account.

This subtree also contains a default user profile (appropriately called “.DEFAULT”) that’s summoned when a new user logs on for the first time. Then, when the first-time user logs off, his or her profile information is saved in HKEY_USERS under the SID (security ID) assigned to that user account.

The HKEY_CURRENT_USER Subtree
The HKEY_CURRENT_USER subtree contains the user profile information associated with the user who’s currently logged on to the local computer. The contents of this subtree change, depending on which account is used to log on to the computer.

This subtree is actually a pointer into the HKEY_USERS subtree. As you can see in Figure 11-6, each user profile on the computer is stored under its own unique SID within the HKEY_USERS subtree. HKEY_CURRENT_USER points to the SID associated with the user who’s currently logged on. Notice that the SIDs under HKEY_USERS always start with an S and are very long, unique numbers. Since there are two SIDs listed, you can tell that only two accounts have logged on to this computer, so they’re the only ones with established profiles. Changes made in HKEY_CURRENT_USER are immediately reflected in HKEY_USERS, since they occupy the same space.

Understanding Control Sets
The HKEY_LOCAL_MACHINE\SYSTEM subtree is intimately involved in the NT boot process. It contains all of the information required to start the operating system (other than the basic hardware data that’s provided automatically in the HKEY_LOCAL_MACHINE\HARDWARE subtree). Thus, most of the modifications that you make to troubleshoot the boot process will be made in the SYSTEM registry database file. Figure 11-7 shows what’s stored under SYSTEM.

The Setup and DISK keys are used exclusively by the operating system, so I won’t discuss their contents. I discuss the roles of the Select, CurrentControlSet, ControlSet001, ControlSet002, and Clone keys in the boot process.

Note: You may see a different combination of numbered control sets. Typically, only two control sets are stored in the SYSTEM subtree, but there can be up to four. The numbers may or may not be sequential. For example, on another computer in my office, the SYSTEM subtree contains ControlSet001 and ControlSet003. For the sake of discussion, I’ll use ControlSet001 and ControlSet002 in the examples.

The ControlSet001, ControlSet002, and Clone keys all contain complete copies of the required boot information in what are called control sets. One of the numbered control sets is used by default to boot the computer (in this case, ControlSet001), and the other contains the Last Known Good configuration (in this case, ControlSet002).

Cross-Reference: See the section called “Using the Last Known Good Configuration” in Chapter 3 for more information.

How does Windows NT know which control set is the current one and which is the Last Known Good configuration? The Select key keeps track of this information, as shown in Figure 11-8. The Current value (0x1) indicates that ControlSet001 was used to boot the computer this time and that CurrentControlSet points to it. The Default value (0x1) indicates that ControlSet001 is used by default to start the computer. The Failed value indicates which control set last failed to boot, requiring use of the Last Known Good configuration. A value of zero indicates that none of the configurations have failed. The LastKnownGood value (0x2) indicates that ControlSet002 contains the Last Known Good configuration, which you can select during the boot process.

For administrative convenience, CurrentControlSet is a pointer to whichever control set was used to boot the computer. In this case, CurrentControlSet points to ControlSet001, as shown in Figure 11-8. So, by editing CurrentControlSet, you’re assured that the changes are made to whichever control set is currently in force. There’s no need to look under the Select key to figure out which control set is the current one.

What about the Clone key, and why is it grayed out? Each time that the computer starts, the control set used to boot the system is copied to the Clone key. If the startup is successful, the Clone contents are copied to another control set key, which is used as the Last Known Good configuration during the next boot process. The previous Last Known Good configuration is discarded.

Note: Conceptually, this is similar to saving multiple copies of CONFIG.SYS under DOS, including a backup copy that’s known to boot the computer correctly. The good news is that NT takes care of saving the latest working configuration and allows you to revert to it during the boot process.


MANAGING THE WINDOWS NT REGISTRY

Most of the work that you do on the registry will be through Control Panel applications, User Manager for Domains, or other graphical interfaces provided with NT Server. You’ll also see instructions in various places (including Chapter 12) that require editing the registry directly with Registry Editor.

The goal of the following sections is to provide you with the skills needed to carry out those instructions and to avoid registry problems. I can’t provide you with the details of the contents of the registry. Microsoft’s Windows NT Resource Guide, which is part of the Windows NT Resource Kit, devotes over 220 pages to describing all of the registry keys and their values. The kit also includes REGENTRY.HLP, an online Help version of the registry key descriptions.

Cross-Reference: See Appendix C for details on the NT Resource Kit.

Finding Registry Keys
One of the biggest headaches in working with the registry is remembering where a particular key is stored so that you can view or modify its value entries. Fortunately, Registry Editor supplies a simple search function. Here’s how to find a needle in a haystack—er, a key within the registry:
  1. Click the Registry Editor window containing the subtree that you want to search. Navigate to the highest point in the subtree where you want the search to begin.
  2. On the View menu, click Find Key. You’ll see the Find dialog box, as shown in Figure 11-9.
  3. Type the name of the key that you want to find. If you’re sure of its capitalization, click to select the Match case checkbox. If you’ve specified the entire key name, click to select the Match whole word only checkbox.
    You can search for the partial name of a key by clicking to clear the Match whole word only check box.
    In this example, Direction is set to Down, since we’re searching from the highest point in the subtree. You can search up the tree as well by clicking Up.
  4. Click Find Next. If it finds a match to the key for which you’re looking, Registry Editor positions you to that key in the database. If it finds the key that you want, click Cancel. If you want to continue the search, repeat step 4 until you’ve found the key that you want.
Tip: Unfortunately, you can’t search for a value entry name, so get into the habit of thinking (and remembering) the names of keys, so that you’ll be able to search for them easily if you forget where a key is located.

Fortunately, some enterprising software developers have created third-party tools that can simplify your search in the registry. For example, the Somarsoft DumpReg utility dumps the NT registry as text, making it easy to find keys and values matching a particular string. Entries can be sorted according to the time that they were last modified, letting you see changes made by recently installed software. You can download an evaluation copy, which has printing and Clipboard functions disabled, from http://www.somarsoft.com. A fully functional version costs $10. The Opalis Grep_Reg utility recursively searches for a string in the registry. It’s available free from http://www.opalis.com/goodies.html.

Editing Registry Value Entries
Once you’ve found the key whose value(s) you want to edit, here’s what to do:
  1. On the Options menu, click to clear Read Only Mode, so that you can alter a value in the registry.
  2. In the left-hand window, navigate to the key whose value(s) you want to edit. Make sure that the value entry that you want to edit is visible in the right-hand window.
  3. Double-click the value entry that you want to edit.
  4. An Editor dialog box appears, appropriate to the data type that you’re editing. Type your new value.
Caution: This is the moment of truth. Once you click OK in this dialog box, you’ve changed the registry. Before you click OK, you can still change your mind by clicking Cancel. Remember that Registry Editor won’t check the validity of your data, so if you make an error, you won’t know until later when something doesn’t work or the computer doesn’t boot. Be careful!

Figure 11-10 shows an example of the String Editor dialog box, which is used for editing REG_SZ and REG_EXPAND_SZ data types. REG_MULTI_SZ strings are edited with the Multi-String Editor dialog box, as shown in Figure 11-11. In this case, type or edit each string, pressing ENTER after each one.

Figure 11-12 shows an example of the DWORD Editor dialog box. Under Radix, you can click Binary, Decimal, or Hex, depending on how you want to enter the value. This doesn’t affect how the value will be displayed after you’ve edited it—it will still show up in hexadecimal.

Figure 11-13 shows an example of the Binary Editor dialog box. Under Data Format, you can click Binary or Hex, depending on how you want to enter the data. This doesn’t affect how the data will be displayed after you’ve edited it—it will still be in hexadecimal.
  1. Click OK. The value entry displayed by Registry Editor immediately reflects your change.


Page: 1, 2, 3, 4

next page



Windows IT Pro Marketplace
Measuring the ROI of Monitoring Software
Are you getting the most bang for your buck? Find out now.
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
FREE Download – New Diskeeper® 2007
Your fastest computers can run even faster—try now & see for yourself!
VeriSign SSL Encryption
VeriSign SSL Certificates secure e-commerce transactions.
Featured Links
Become a Scripting Pro!
Scripting Pro VIP is committed to being your primary source for tools, techniques and downloadable code! Sign up today!
The Essential Guide to Infrastructure Consolidation
Learn the essentials about how consolidation and selected technology updates build an infrastructure that can handle change effectively.
February Special Offer
Save over $20 off Windows IT Pro magazine!
Spam Fighting and Email Security for the 21st Century
This free eBook gives you the knowledge required to understand the real threat that email-borne attacks pose, and how to address those attacks in a way that reduces risk while ensuring users aren't impacted.
Make Your Mark On The IT Community!
Nominate yourself or a peer to be the next "IT Pro of the Month." You could win over $600 in IT resources!
Beyond the Buzzword - Demystifying Virtualization TCO Improvements
Ben Smith explains how your organization can use virtualization technology to measurably improve the total cost of ownership (TCO) for servers and clients.

Windows IT Pro   |   SQL Magazine   |   Microsoft Training and Certification   |   Connected Home   |   JSI FAQ   |   IT Library/eBooks   |   Supersite for Windows   |   Windows FAQ
WinInfo News   |   Windows IT Pro Europe   |   IT Community Research   |   MSD2D   |   Windows Excavator

Subscribe / Register   |   About Us   |   Contact Us / Customer Service   |   Affiliates / Licensing   |   Press Room   |   Media Kit

Copyright © 2007 Penton Media, Inc., All rights reserved. Legal | Terms and Conditions