70270: MCSE Guide to Microsoft Windows XP Professional Chapter 12: Working With the Windows XP Regis

1
70-270 MCSE Guide to Microsoft Windows XP
Professional Chapter 12 Working With the
Windows XP Registry
2
Objectives

• Understand the function and structure of the
  Registry
• Describe the purpose of the Registry keys and the
  hive files to which some of them map
• Use the Registry editor and various other
  Registry tools
• Work with Registry storage files and fault
  tolerance

3
Objectives (continued)

• Restore and protect the Registry
• Work with Registry tools in the Microsoft Windows
  XP Professional Resource Kit

4
Windows Registry Overview

• Registry
• Hierarchical database of information about
  systems configuration
• Stores information essential to Windows XP
• Information for Microsoft and third-party
  applications
• Information stored comparable to that stored in
  initialization files
• Takes the place of .ini files
• Not a text file

5
Windows Registry Overview (continued)

• Changes made to system configurations through
  Control Panel applets are applied to Registry
  database
• Some settings can be established or changed only
  by editing the Registry directly
• Must use Registry editor to edit Registry
• Designed for programming ease and speed of
  interaction for processes

6
Windows Registry Components

• Key
• Subkey
• Value entry
• Value

7
Windows Registry Components (continued)

• Data types
• Binary
• DWORD
• String
• Multiple String
• Expandable String

8
Hierarchical Registry Structure
9
Windows Registry

• Not a complete collection of configuration
  settings
• Holds only exceptions to defaults
• Must know exact syntax, spelling, location, and
  valid values to add new entry
• Always edit with extreme care

10
Windows Registry (continued)

• Loaded into memory from files on system startup
• Written from memory back to the files on shutdown

11
Important Registry Structures and Keys

• Keys and subkeys control Windows behavior

12
HKEY_LOCAL_MACHINE

• Controls local computer
• Includes information about
• Hardware devices
• Applications
• Device drivers
• Kernel services
• Physical settings

13
HKEY_LOCAL_MACHINE

• Subkeys
• HARDWARE
• SAM
• SECURITY
• SOFTWARE
• SYSTEM

14
HKEY_LOCAL_MACHINE\HARDWARE

• Data related directly to physical devices
  installed on a computer
• Configuration data
• Device driver settings
• Mappings and linkages
• Relationships between kernel-mode and user-mode
  hardware calls
• IRQ hooks

15
HKEY_LOCAL_MACHINE\HARDWARE (continued)

• Re-created each time the system starts
• Not saved when the system shuts down
• Does not map to a specific hive file
• Subkeys
• DESCRIPTION
• DEVICEMAP
• RESOURCEMAP
• ACPI (not always present)

16
HKEY_LOCAL_MACHINE\HARDWARE (continued)

• Contents should not be manipulated
• Contains data read from state of physical devices
  and associated device drivers

17
HKEY_LOCAL_MACHINE\SAM

• Contains data related to security
• Security Accounts Manager (SAM) database
• Local user accounts and group memberships are
  defined
• Entire security structure of Windows XP system
• You should not normally attempt to modify this
  subkey

18
HKEY_LOCAL_MACHINE\SECURITY

• Container for the local security policy
• Defines control parameters, such as
• Password policy
• User rights
• Account lockout
• Audit policy
• General security options for the local machine
• Maps to hive file named SECURITY

19
HKEY_LOCAL_MACHINE\SOFTWARE

• Container for data about installed software and
  mapped file extensions
• Applies to all local users
• Maps to hive file named SECURITY

20
HKEY_LOCAL_MACHINE\SYSTEM

• Stores data about
• Startup parameters
• Loading order for device drivers
• Service startup credentials (settings and
  parameters)
• Basic operating system behavior
• Essential to start process of Windows XP
• Contains subkeys called control sets
• Include complete information about start process
  for system

21
HKEY_LOCAL_MACHINE\SYSTEM (continued)

• Contains additional subkeys with settings for
• Storage devices
• Control set boot status
• Control set subkeys
• Control
• Enum
• Hardware Profiles
• Service

22
HKEY_LOCAL_MACHINE\SYSTEM\Select Subkey

• Value entries used to define how Windows XP uses
  its control
• Value entries
• Default
• Current
• LastKnownGood
• Failed

23
HKEY_CLASSES_ROOT

• Container for information pertaining to
  application associations based on file extensions
  and COM object data
• Copied from the HKEY_LOCAL_MACHINE\
• SOFTWARE\Classes subkey
• Maintained for backward compatibility
• Do not edit the contents of this key

24
HKEY_CURRENT_CONFIG

• Container for data that pertain to whatever
  hardware profile is currently in use
• Link to the HKEY_LOCAL_MACHINE\
• SYSTEM\CurrentControlSet\HardwareProfiles\
• Current subkey
• Maintained for backward compatibility
• Not strictly required by Windows XP

25
HKEY_CURRENT_CONFIG (continued)
26
HKEY_CURRENT_USER

• Container for profile for whichever user is
  currently logged on
• Contents are built each time a user logs on
• Copy of appropriate subkey from the HKEY_USERS
  key
• Should not be edited directly
• Modify users profile through conventional
  profile management techniques

27
HKEY_CURRENT_USER (continued)
28
HKEY_USERS

• Contains profiles for all users who have ever
  logged onto system
• Contains default user profile
• Built each time the system boots
• Loads the default file and locally stored copies
  of Ntuser.dat or Ntuser.man from user profiles
• To remove user profile from this key
• Use the User Profiles tab of System applet in
  Control Panel

29
HKEY_DYN_DATA

• Appears only on machines with Windows 95 or
  Windows 98 applications
• Use older versions of Plug and Play

30
Registry Editors

• Special tools are required to operate on the
  Registry directly
• Regedit.exe
• Reg.exe

31
Regedit.exe

• Offers
• Global searching
• Security manipulation
• Combines all of the keys into single display

32
Reg.exe

• Console Registry tool for Windows
• Command-line utility
• Permits users, batch files, or programs to
  operate on the Registry
• No graphical user interface
• Not as convenient or friendly as Regedit.exe

33
Reg.exe (continued)
34
Changing the Registry

• Back up all important data on the computer before
  editing Registry
• Make a distinct backup of all or part of Registry
• Saving each key or subkey individually is
  recommended
• Restart machine before editing Registry
• Perform only a single Registry modification at a
  time

35
Changing the Registry (continued)

• Test results before proceeding.
• Restart immediately after each change
• Force full system compliance with new settings in
  Registry
• Test changes on nonproduction system before
  deploying on production systems

36
Registry Storage Files

• Static images of the Registry are stored
• systemroot\system32\config
• systemroot\repair
• Located in boot partition
• Files do not match one-to-one with top-level keys

37
Registry Storage Files (continued)
38
Registry Storage Files (continued)
39
Registry Storage Files (continued)

• Only two of HKEY_LOCAL_MACHINE subkeys are stored
  in files
• Default subkey of HKEY_USERS key
• HKEY_CURRENT_USER key
• Other subkeys are built on the fly or copied
  from subkeys of HKEY_LOCAL_MACHINE

40
Registry Storage File Extensions

• No extension
• .alt
• .log
• .sav

41
Registry Fault Tolerance

• Registry becomes corrupted or destroyed
• Windows XP cannot function or even start
• Fault tolerance of Registry is sustained by
• Its structure
• Memory residence
• Transaction logs
• Flush
• Transaction logs

42
Restoring the Registry

• Last Known Good Configuration (LKGC)
• Boot option is accessed by pressing F8.
• If LKGC fails
• Use backup software to restore Registry files
• Reinstall Windows XP, either fully or as an
  upgrade

43
Protecting the Registry

• Registry should only be edited by a qualified
  person
• Permissions can be assigned to the hives and keys
  within the Registry
• Almost identical to assigning permissions and
  protecting files and folders on an NTFS partition
• Only privileged groups and users should be
  allowed to edit and view the Registry

44
Windows XP Professional Resource Kit Registry
Tools

• Tools that can be used to manipulate the Registry
• Separate from Windows XP Professional operating
  system
• Purchase from
• Microsoft
• Most software or book vendors

45
Windows XP Professional Resource Kit Registry
Tools (continued)

• Key utilities
• Regdump.exe
• Regfind.exe
• Compreg.exe
• Regini.exe
• Regback.exe
• Regrest.exe
• Scanreg.exe

46
Summary

• The Windows XP Registry is a complex structure
  consisting of keys, subkeys, values, and value
  entries
• The Registry should only be edited with extreme
  caution
• Changes to the Registry can cause the Windows XP
  system not to boot
• The Registry is divided into five main keys

47
Summary

• Windows XP includes two Registry editors, the
  graphical Regedit.exe and the command-line
  Reg.exe utility
• As part of your normal system maintenance and
  administration, you should create copies of the
  Registry