You are previewing Managing The Windows 2000 Registry.
O'Reilly logo
Managing The Windows 2000 Registry

Book Description

The Windows 2000 Registry is the repository for all hardware, software, and application configuration settings, and Managing the Windows 2000 Registry is the system administrator's guide to maintaining, monitoring, and updating the Registry database. The book, which is an update of Managing the Windows NT Registry, addresses four main areas:

  • What is the Registry? Where does it live on disk? How do system services access and use it? What do you do if it's damaged or corrupted? Every 2000 administrator faces questions like this, often in a desperate attempt to fix something that's broken.

  • What tools are available? Detailed descriptions of Regedit, RegEdt32, the System Policy Editor, Group Policy Editor and selected Resource Kit utilities explain how to edit and secure the Registry both on local and on remote computers.

  • How can I access the Registry from a program? Regularly monitoring the Registry's contents is one way to preclude unpleasant surprises. Using examples in C++, Visual Basic, and Perl, Managing the Windows 2000 Registry demonstrates how to create Registry-aware tools and scripts.

  • What's in the Registry? Not all Registry keys are adequately documented by Microsoft or by the other vendors who store configuration data in the Registry. Managing the Windows 2000 Registry offers a guided tour of some of these undocumented keys.

  • This book is a "must have" for every 2000 system manager or administrator.

    Table of Contents

    1. Managing the Windows 2000 Registry
      1. Preface
        1. Keys and Values and Classes, Oh My!
        2. Who’s This Book For?
        3. How This Book Is Organized
        4. Conventions Used in This Book
        5. Comments and Questions
        6. Acknowledgments
      2. 1. A Gentle Introduction to the Registry
        1. A Brief History of the Registry
          1. Windows 3.0
          2. The First Registry: Windows 3.1
          3. Windows NT 3.1, 3.5, and 3.51
          4. Windows 95 and 98
          5. Windows NT 4.0
          6. Windows 2000
        2. What Does the Registry Do?
          1. It Holds Lots of Important Stuff
            1. Hardware configuration data
            2. Driver parameters and settings
            3. Dynamic data
            4. User profiles and user-specific settings
            5. System and group policies
            6. OLE, ActiveX, and COM
            7. Application settings
        3. Advantages Offered by the Registry
          1. It Keeps Everything Tidy
          2. It Provides Security
          3. It Allows Remote Management
        4. Registry Zen
      3. 2. Registry Nuts and Bolts
        1. How the Registry Is Structured
          1. The Basics
            1. Root keys
            2. Subkeys
            3. Values
            4. Hives
            5. Links
            6. Registry road map
          2. The Big Six
            1. HKEY_LOCAL_MACHINE
            2. HKEY_USERS
            3. HKEY_CURRENT_USER
            4. HKEY_CLASSES_ROOT
            5. HKEY_PERFORMANCE_DATA
            6. HKEY_CURRENT_CONFIG
          3. Hives and Files
          4. Access Controls and Security
            1. Control via Registry APIs
            2. Remote-access control
            3. OS-level security controls
            4. System Key Security (SYSKEY)
          5. Major Datatypes
            1. REG_DWORD
            2. REG_SZ
            3. REG_MULTI_SZ
            4. REG_EXPAND_SZ
            5. REG_BINARY
            6. REG_LINK
            7. REG_QWORD
          6. Minor Datatypes
            1. REG_NONE
            2. REG_DWORD_BIG_ENDIAN
            3. REG_FULL_RESOURCE_DESCRIPTOR
            4. REG_RESOURCE_LIST
        2. What Goes in the Registry
          1. Major Subkeys of HKLM
            1. HARDWARE
            2. SECURITY
            3. SOFTWARE
              1. SOFTWARE\Policies
            4. SYSTEM
              1. SYSTEM\CurrentControlSet
          2. Major Subkeys of HKCU
            1. AppEvents
            2. Console
            3. Control Panel
            4. Environment
            5. Identities
            6. Keyboard Layout
            7. Printers
            8. Remote Access
            9. Software
            10. SYSTEM
            11. Other
          3. Major Subkeys of HKCC
          4. What About the Other Root Keys?
        3. Getting Data In and Out
      4. 3. In Case of Emergency
        1. Don’t Panic!
        2. Safety Strategies
          1. Make Backups
          2. Be Prudent
        3. All About Emergency Repair Disks
          1. What Is an ERD?
          2. What ERDs Can and Can’t Do
          3. How to Make an ERD
            1. Using Windows 2000 Backup
            2. Using NT’s RDISK utility
          4. How to Repair Your Registry with an ERD
            1. Using the Windows 2000 setup utility
            2. Using the Windows 2000 recovery console
            3. Using RegEdt32
            4. Using NT ’s setup application
        4. Backing Up the Registry
          1. But What Needs Backing Up?
          2. The Old-Fashioned Way
          3. Using Windows 2000 Backup
          4. Using Windows NT Backup
          5. Using REGBACK
          6. Using RegEdt32
          7. Using Text Files
            1. Using RegEdt32
            2. Using REGDUMP
            3. Using RegEdit
        5. Restoring a Backed-up Registry
          1. The Old-Fashioned Way
          2. Using Windows 2000 Backup
          3. Using REGREST
          4. Using RegEdt32 and RegEdit
            1. Loading hives
            2. Reloading saved keys
            3. Using RegEdit files
      5. 4. Using RegEdit
        1. Know Your Limitations
        2. Learning the RegEdit Interface
          1. Don’t I Know You from Somewhere?
          2. Interface Trivia
        3. “Just Browsing, Thanks”
          1. Navigating with the Keyboard
          2. Using the Context Menu
        4. Connecting to Other Machines’ Registries
        5. Searching for Keys and Values
        6. Printing Registry Contents
        7. Working with Keys and Values
          1. A Word About the Clipboard
          2. Modifying Values
            1. Modifying a string value
            2. Modifying a DWORD value
            3. Modifying a binary value
          3. Adding New Keys or Values
          4. Deleting Keys or Values
          5. Renaming Keys or Values
          6. What Were They Thinking, or, the Favorites Menu
        8. Exporting and Importing Data
          1. What’s in a .REG File?
          2. Exporting Registry Data
          3. Importing Registry Data
          4. Creating Your Own .REG Files
            1. A concrete example
            2. Safely experimenting with .REG files
        9. RegEdit Command-Line Options
          1. Exporting Data
          2. Importing Data
      6. 5. Using RegEdt32
        1. How RegEdt32 and RegEdit Differ
        2. Learning the RegEdt32 Interface
          1. Manipulating Windows
          2. Controlling What You See
          3. Setting Session Options
        3. Browsing with RegEdt32
          1. Navigating with the Keyboard
        4. Remote Registry Editing
          1. Connecting to Remote Computers
        5. Searching for Keys
        6. Saving and Loading Registry Keys
          1. Saving Keys
          2. Restoring Keys
          3. Loading Saved Keys as Hives
          4. Saving as Text
          5. Providing an Improvised Clipboard
          6. A True Story
        7. Printing Registry Contents
        8. Editing Keys and Values
          1. Viewing Values as Binary Data
          2. Modifying Values
            1. Modifying a string value
            2. Modifying a DWORD value
            3. Modifying a multiple-string value
            4. Modifying a binary value
            5. Modifying a value of a different type
          3. Adding New Keys or Values
            1. Adding new keys
            2. Adding new values
          4. Deleting Keys and Values
        9. Registry Security Fundamentals
          1. Basic Registry Permissions
          2. Applying ACLs
        10. Securing Registry Keys in Windows 2000
          1. Setting Permissions
            1. Adding, removing, and changing ACE entries
            2. Seeing and controlling permission inheritance
          2. Auditing Registry Activity
            1. Adding, removing, and changing auditing entries
            2. Seeing and controlling audit control inheritance
          3. Changing Key Ownership
        11. Securing Registry Keys in Windows NT
          1. Setting Permissions
          2. Auditing Registry Key Activity
            1. Enabling auditing on an NT machine
            2. Telling RegEdt32 what to audit
            3. Reviewing the audit records
          3. Changing Key Ownership
      7. 6. Using the System Policy Editor
        1. All About System Policies
          1. Why Is This in a Windows 2000 Book?
          2. What’s a Policy?
            1. Categories contain one or more policies
            2. Policies are made of parts
            3. How are policies defined?
            4. User versus machine policies
          3. How Are Policies Stored?
          4. How Are Policies Applied?
            1. The default policy
            2. Applying computer and user policies
            3. Applying group policies
        2. Introducing the System Policy Editor
          1. Learning the System Policy Editor Interface
            1. Controlling what you see
            2. Navigating in the policy window
        3. Managing Policies with POLEDIT
          1. Attaching Policy Templates
          2. Creating Policies
            1. Creating a new policy file
            2. Creating a new user policy
            3. Creating a new computer policy
            4. Creating a new group policy
          3. Editing Policies
            1. Setting user, group, and computer policy options
            2. Removing user policies
            3. Policies and the clipboard
            4. Setting group policy priorities
          4. Saving and Loading Policies
          5. Creating Your Own Policy Templates
        4. Distributing Policies
          1. Applying Policies to One Machine at a Time
            1. Setting policies on the local machine
            2. Setting policies on other computers
          2. Applying Policies to Many Machines
            1. Enabling automatic policy updates
            2. Windows NT policies
            3. Windows 95/98 policies
            4. Windows 2000 policies
            5. Supporting multiple domain controllers
          3. Preventing Policy Problems
            1. Make sure the files are in the right place
            2. Is automatic updating on?
            3. Implement policies in all domains or none
            4. Check group membership and names
            5. Verify which policies are in effect
        5. What’s in the Standard Policy Templates
          1. WINNT.ADM
          2. COMMON.ADM
          3. WINDOWS.ADM
        6. Picking the Right Policies
          1. Policies for Anybody
          2. Policies for a Lab Network
          3. Policies for an “Ordinary” Office
      8. 7. Using Group Policies
        1. What Are Group Policies?
          1. Elements of a Group Policy
          2. User Versus Machine Policies
          3. Defining Group Policy Objects
            1. The local GPO
            2. Policies and the Active Directory
          4. How Are Policies Stored?
            1. The structure of the Group Policy Template
          5. How Are Policies Applied?
            1. Applying computer and user policies
            2. Order of policy file application
        2. Introducing the Group Policy Snap-in
          1. Adding the Group Policy Snap-in
          2. Learning the Group Policy Snap-in Interface
            1. Controlling what you see
            2. Navigating the console tree
            3. Viewing policy properties
        3. Managing Policies
          1. What Is an Administrative Template?
          2. Adding Administrative Templates
          3. Editing Policies
          4. Creating Your Own Administrative Templates
        4. Distributing Policies
          1. Understanding How Effective Policies Are Calculated
          2. Policy Inheritance
          3. Managing Dispersal Through Group Policy Policies
          4. Setting Single Computer Group Policies
          5. Setting Nonlocal Group Policies
        5. What’s in the Standard Policy Templates?
      9. 8. Programming with the Registry
        1. The Registry API
          1. API Concepts and Conventions
            1. Input and output parameters
            2. Registry error codes
            3. Why some calls have names ending in “Ex”
            4. “Happy families are all alike”
            5. New and exciting datatypes
            6. New routines = new datatypes
            7. User-specific keys
            8. An extremely brief example
          2. Opening and Closing Keys
            1. Opening keys
            2. Opening a key while impersonating another user
            3. Opening the user’s class data
            4. Closing keys
          3. Creating Keys
          4. Getting Information About Keys
          5. Enumerating Keys and Values
            1. Enumeration strategies
            2. Enumerating keys
            3. Enumerating values
          6. Getting Registry Data
            1. Getting a single value
            2. Getting multiple values
          7. Adding and Modifying Values
          8. Deleting Keys and Values
            1. Deleting a key
            2. Deleting a value
          9. Using Registry Security Information
            1. Setting an item’s security information
          10. Connecting to Remote Computers
          11. Moving Keys to and from Hives
            1. Saving keys
            2. Loading keys
            3. Replacing a loaded key
            4. Unloading a key
          12. Getting Notification When Something Changes
          13. Flushing Registry Changes
        2. The Shell Utility API Routines
          1. Working with File Associations
            1. Getting a file association key from the Registry
            2. Getting a pointer to the IQueryAssociations interface
          2. Copying and Deleting Keys and Values
          3. Getting Key and Value Information
            1. Querying keys and values
            2. Getting and setting values
          4. Enumerating Keys and Values
          5. Working with User-Specific Keys
            1. Creating and removing keys
            2. Opening and closing keys
            3. Getting key and value information
            4. Reading values
            5. Writing and deleting values
          6. Leftovers
        3. Programming with C/C++
          1. Example: Watching a Key for Changes
            1. How the code works
            2. Possible enhancements
          2. Example: A Stack-Based Wrapper Class
            1. How the code works
            2. Possible enhancements
          3. Example: Loading a Control with a Set of Values
        4. Programming with Perl
          1. The Win32API::RegXXX Functions
            1. When to use them
          2. The Win32::TieRegistry Module
            1. A few Perl-isms
            2. The code in detail
            3. Opening and closing keys and retrieving values
            4. Creating, adding, and modifying keys and values
            5. Enumerating keys and values
            6. Deleting keys and values
            7. Saving and loading keys
            8. Mixing Win32API::Registry and Win32::TieRegistry
          3. Example: Walking the Registry
        5. Programming with Visual Basic
          1. Talking with the Outside World in VB
            1. DLL interfaces
            2. A few more subtleties
          2. Using the Registry with VB
            1. The VBA functions
            2. Using WINREG.BAS
          3. Example: A RegEdit Clone
            1. Creating the initial tree
            2. Expanding the tree
            3. Displaying values
      10. 9. Administering the Registry
        1. Setting Defaults for New User Accounts
          1. Under Windows 2000
          2. Under Windows NT
        2. Using Initialization File Mapping
          1. How Does Mapping Work?
          2. Setting Up Your Own Mappings
            1. Adding the mapping key
            2. Mapping key tricks
            3. A mapping sample
        3. Limiting Remote Registry Access
          1. Turning Off Remote Access Entirely
          2. Limiting Access to Authorized Users
            1. Creating the restriction key
            2. Setting permissions on the restriction key
            3. Allowing exceptions
        4. Fixing Registry Security ACLs in Windows NT
        5. Adding Registry ACLs to Group Policy Objects
        6. Encrypting HKLM\SAM with SYSKEY
          1. What SYSKEY Does
          2. Before You Enable SYSKEY on Windows NT
            1. “What I tell you three times is true”
            2. Upgrading domain controllers
          3. Turning On SYSKEY Protection
          4. Changing the Key Storage Method
          5. Restoring a SYSKEY-Protected NT Registry
            1. Restore SYSTEM and SAM hives
            2. Get the right system components
            3. Which ERD should I use?
        7. Miscellaneous Good Stuff
          1. Changing the Registry Size
          2. Auditing Registry Access
            1. Making sense of the audit log
            2. Tracking software installations or reinstallations
            3. Guarding against Trojan horses
        8. Using the Resource Kit Registry Utilities
          1. The Windows 2000 Resource Kit
          2. The Windows NT Resource Kit
        9. reg: The One-Size-Fits-All Registry Tool
          1. Using the Windows 2000 Version of reg
            1. Querying keys
            2. Adding keys and values
            3. Deleting keys and values
            4. Copying keys and values
            5. Saving and restoring keys
            6. Loading and unloading hives
            7. Comparing keys and values
            8. Exporting and importing Registry data
          2. Using the Windows NT Version of reg
            1. Querying keys
            2. Adding new keys
            3. Updating existing keys
            4. Removing a key
            5. Copying keys and values
            6. Saving and restoring keys
            7. Loading and unloading hives
          3. Comparing Keys and Values with COMPREG
          4. Searching for Keys with regfind
        10. Spying on the Registry with RegMon
          1. Learning the RegMon Interface
            1. Controlling what you see
            2. Some other useful Edit menu commands
          2. Capturing and Filtering
            1. Turning capture on and off
            2. Using capture filters
            3. Saving your captured data
            4. Logging boot-to-boot activity
      11. 10. Registry Tweaks
        1. User Interface Tweaks
          1. Add Your Own “Tip of the Day”
          2. Disable Window Animations
          3. Speed Up the Taskbar
          4. Enable Tab for Filename Completion
          5. Run a Different Screen Saver While Waiting for a Logon
          6. Enable X Window-Style “Auto Raise”
          7. Enable “Snap to Default Button”
          8. Suppress Error Messages During Boot and Logon
          9. Set NUMLOCK Key During Startup
          10. Display Version Number
        2. Filesystem Tweaks
          1. Change Low Disk Space Warning Threshold
          2. Use Longer File Extensions
          3. Turn Off CD-ROM AutoRun
          4. Suppress “Last Access” Timestamp on NTFS Volumes
        3. Security Tweaks
          1. Clear the System Pagefile at Shutdown
          2. Prevent Caching of Logon Credentials
          3. Turn Off “Save Password” Option in Dial-Up Networking
          4. Prevent Users from Changing Network Drive Mappings
          5. Control Who Can See Performance Monitor Data
          6. Control Which Drives Are Visible Throughout the System
          7. Change When the Password Expiration Warning Appears
          8. Allow Members of the Printer Operators Group to Add Printers
          9. Set the Number of Authentication Retries for Dial-Up Connections
          10. Keep Users from Changing Video Resolutions
          11. Set the Authentication Timeout for Dial-Up Connections
          12. Keep Remote Users from Sharing a Mounted CD-ROM or Floppy
          13. Keep Users from Customizing “My Computer”
        4. Performance Tweaks
          1. Automatically Delete Cached User Profiles
          2. Enable Automatic Reboot After a Crash
          3. Record Evidence of a Crash
          4. Enabling Automatic Logon After Boot
          5. Power Off at Shutdown
          6. Force Hung Tasks to End When Logging Off
          7. Set a Time Limit for Shutting Down Tasks
          8. Speed Up System Shutdowns
          9. Automatically Try to Detect Slow Network Connections
          10. Don’t Automatically Create 8.3 Names on NTFS Volumes
          11. Disable the Printer Browse Thread
          12. Forcibly Recover a Crashed PDC
          13. Hiding Servers from Network Computers
        5. Network Tweaks
          1. Create a Shared Favorites Folder for All Network Users
          2. Automatically Use Dial-Up Networking to Log On
          3. Enable the WINS Proxy Agent
          4. Set the Number of Rings for Answering Incoming Dial-Up Networking Calls
          5. Turn On Logging for Dial-Up Networking
          6. Keep a Dial-Up Networking Connection up After You Log Out
          7. Set the Dial-Up Networking Automatic Disconnect Timer
        6. Printing Tweaks
          1. Keep the Print Spool Service from Popping Up Dialogs
          2. Change the Print Spool Directory
          3. Stop Print Job Logging in Event Log
      12. 11. The Registry Documented
        1. What’s Here and What’s Not
        2. HKLM\HARDWARE
          1. HARDWARE\DESCRIPTION
          2. HARDWARE\DEVICEMAP
          3. HARDWARE\RESOURCEMAP
        3. HKLM\SOFTWARE
          1. SOFTWARE\Classes\CLSID
          2. SOFTWARE\Microsoft
            1. Microsoft\ActiveSetup
            2. Microsoft\Cryptography
            3. Microsoft\ NtBackup
            4. Microsoft\RAS
          3. SOFTWARE\Microsoft\Windows NT
            1. CurrentVersion\ AeDebug
            2. Multimedia driver stuff
            3. CurrentVersion\Network Cards
            4. CurrentVersion\ ProfileList
            5. CurrentVersion\ Shutdown
            6. CurrentVersion\Winlogon
        4. HKLM\SYSTEM
          1. SYSTEM\CurrentControlSet\Hardware Profiles
          2. SYSTEM\CurrentControlSet\Control
            1. Control\BackupRestore
            2. Control\BootVerificationProgram
            3. Control\Class
            4. Control\CrashControl
            5. Control\Enum
            6. Control\FileSystem
            7. Control\Hivelist
            8. Control\LSA
            9. Control\Print
            10. Control\SecurePipeServers
            11. Control\Session Manager
            12. Control\Session Manager\ Memory Management
          3. SYSTEM\CurrentControlSet\Services
            1. Services\Browser
            2. Services\DHCPServer
            3. Services\EventLog
            4. Services\LanmanServer
            5. Services\NetBt
            6. Services\Netlogon
            7. Services\RasMan
            8. Services\Replicator
            9. Services\Tcpip
        5. HKU
          1. HKU\.DEFAULT
          2. HKU\sid
        6. HKCR
          1. HKCR\ext
          2. HKCR\ fileType
          3. HKCR\CLSID
        7. HKCU
          1. HKCU\ AppEvents
          2. HKCU\Console
          3. HKCU\Control Panel Items
          4. HKCU\Environment
          5. HKCU\Printers
          6. HKCU\Software\Microsoft
            1. Microsoft\ NtBackup
            2. Microsoft\ RAS Autodial
            3. Microsoft\RAS Monitor
            4. Microsoft\RAS Phonebook
            5. Microsoft\Windows\CurrentVersion
            6. Microsoft\Windows NT\CurrentVersion
          7. HKCU\Microsoft\Windows NT\CurrentVersion
        8. HKCC
        9. HKDD
      13. A. User Configuration Group Policy Objects
        1. Administrative Templates
          1. Windows Components
            1. NetMeeting
            2. Internet Explorer
              1. Internet Control Panel
              2. Offline Pages
              3. Browser Menus
              4. Toolbars
              5. Persistance Behavior
              6. Administrator Approved Controls
            3. Windows Explorer
              1. Common Open File Dialog
            4. Microsoft Management Console
              1. Restricted/Permitted snap-ins
            5. Task Scheduler
            6. Windows Installer
          2. Start Menu & Taskbar
          3. Desktop
            1. Active Directory
            2. Active Desktop
          4. Control Panel
            1. Add/Remove Programs
            2. Display
            3. Printers
            4. Regional Options
          5. Network
            1. Offline Files
            2. Network and Dial-up Connections
          6. System
            1. Logon/Logoff
            2. Group Policy
      14. B. Computer Configuration Group Policy Objects
        1. Windows Settings
          1. Security Settings
            1. Restricted Groups
            2. System Services
            3. Registry
            4. File System
            5. Account Policies
              1. Password Policies
              2. Account Lockout Policy
              3. Kerberos Policy
            6. Local Policies
              1. Audit Policy
              2. User Rights Assignment
              3. Security Options
            7. Event Log
              1. Settings for Event Logs
        2. Administrative Templates
          1. Windows Components
            1. NetMeeting
            2. Internet Explorer
            3. Task Scheduler
            4. Windows Installer
          2. System
            1. Logon
            2. Disk Quotas
            3. DNS Client
            4. Group Policy
            5. Windows File Protection
          3. Network
            1. Offline Files
            2. Network & Dial-Up Connections
          4. Printers
      15. Index
      16. Colophon