Title: 70270: MCSE Guide to Microsoft Windows XP Professional Chapter 12: Working With the Windows XP Regis
170-270 MCSE Guide to Microsoft Windows XP
Professional Chapter 12 Working With the
Windows XP Registry
2Objectives
- Understand the function and structure of the
Registry - Describe the purpose of the Registry keys and the
hive files to which some of them map - Use the Registry editor and various other
Registry tools - Work with Registry storage files and fault
tolerance
3Objectives (continued)
- Restore and protect the Registry
- Work with Registry tools in the Microsoft Windows
XP Professional Resource Kit
4Windows Registry Overview
- Registry
- Hierarchical database of information about
systems configuration - Stores information essential to Windows XP
- Information for Microsoft and third-party
applications - Information stored comparable to that stored in
initialization files - Takes the place of .ini files
- Not a text file
5Windows Registry Overview (continued)
- Changes made to system configurations through
Control Panel applets are applied to Registry
database - Some settings can be established or changed only
by editing the Registry directly - Must use Registry editor to edit Registry
- Designed for programming ease and speed of
interaction for processes
6Windows Registry Components
- Key
- Subkey
- Value entry
- Value
7Windows Registry Components (continued)
- Data types
- Binary
- DWORD
- String
- Multiple String
- Expandable String
8Hierarchical Registry Structure
9Windows Registry
- Not a complete collection of configuration
settings - Holds only exceptions to defaults
- Must know exact syntax, spelling, location, and
valid values to add new entry - Always edit with extreme care
10Windows Registry (continued)
- Loaded into memory from files on system startup
- Written from memory back to the files on shutdown
11Important Registry Structures and Keys
- Keys and subkeys control Windows behavior
12HKEY_LOCAL_MACHINE
- Controls local computer
- Includes information about
- Hardware devices
- Applications
- Device drivers
- Kernel services
- Physical settings
13HKEY_LOCAL_MACHINE
- Subkeys
- HARDWARE
- SAM
- SECURITY
- SOFTWARE
- SYSTEM
14HKEY_LOCAL_MACHINE\HARDWARE
- Data related directly to physical devices
installed on a computer - Configuration data
- Device driver settings
- Mappings and linkages
- Relationships between kernel-mode and user-mode
hardware calls - IRQ hooks
15HKEY_LOCAL_MACHINE\HARDWARE (continued)
- Re-created each time the system starts
- Not saved when the system shuts down
- Does not map to a specific hive file
- Subkeys
- DESCRIPTION
- DEVICEMAP
- RESOURCEMAP
- ACPI (not always present)
16HKEY_LOCAL_MACHINE\HARDWARE (continued)
- Contents should not be manipulated
- Contains data read from state of physical devices
and associated device drivers
17HKEY_LOCAL_MACHINE\SAM
- Contains data related to security
- Security Accounts Manager (SAM) database
- Local user accounts and group memberships are
defined - Entire security structure of Windows XP system
- You should not normally attempt to modify this
subkey
18HKEY_LOCAL_MACHINE\SECURITY
- Container for the local security policy
- Defines control parameters, such as
- Password policy
- User rights
- Account lockout
- Audit policy
- General security options for the local machine
- Maps to hive file named SECURITY
19HKEY_LOCAL_MACHINE\SOFTWARE
- Container for data about installed software and
mapped file extensions - Applies to all local users
- Maps to hive file named SECURITY
20HKEY_LOCAL_MACHINE\SYSTEM
- Stores data about
- Startup parameters
- Loading order for device drivers
- Service startup credentials (settings and
parameters) - Basic operating system behavior
- Essential to start process of Windows XP
- Contains subkeys called control sets
- Include complete information about start process
for system
21HKEY_LOCAL_MACHINE\SYSTEM (continued)
- Contains additional subkeys with settings for
- Storage devices
- Control set boot status
- Control set subkeys
- Control
- Enum
- Hardware Profiles
- Service
22HKEY_LOCAL_MACHINE\SYSTEM\Select Subkey
- Value entries used to define how Windows XP uses
its control - Value entries
- Default
- Current
- LastKnownGood
- Failed
23HKEY_CLASSES_ROOT
- Container for information pertaining to
application associations based on file extensions
and COM object data - Copied from the HKEY_LOCAL_MACHINE\
- SOFTWARE\Classes subkey
- Maintained for backward compatibility
- Do not edit the contents of this key
24HKEY_CURRENT_CONFIG
- Container for data that pertain to whatever
hardware profile is currently in use - Link to the HKEY_LOCAL_MACHINE\
- SYSTEM\CurrentControlSet\HardwareProfiles\
- Current subkey
- Maintained for backward compatibility
- Not strictly required by Windows XP
25HKEY_CURRENT_CONFIG (continued)
26HKEY_CURRENT_USER
- Container for profile for whichever user is
currently logged on - Contents are built each time a user logs on
- Copy of appropriate subkey from the HKEY_USERS
key - Should not be edited directly
- Modify users profile through conventional
profile management techniques
27HKEY_CURRENT_USER (continued)
28HKEY_USERS
- Contains profiles for all users who have ever
logged onto system - Contains default user profile
- Built each time the system boots
- Loads the default file and locally stored copies
of Ntuser.dat or Ntuser.man from user profiles - To remove user profile from this key
- Use the User Profiles tab of System applet in
Control Panel
29HKEY_DYN_DATA
- Appears only on machines with Windows 95 or
Windows 98 applications - Use older versions of Plug and Play
30Registry Editors
- Special tools are required to operate on the
Registry directly - Regedit.exe
- Reg.exe
31Regedit.exe
- Offers
- Global searching
- Security manipulation
- Combines all of the keys into single display
32Reg.exe
- Console Registry tool for Windows
- Command-line utility
- Permits users, batch files, or programs to
operate on the Registry - No graphical user interface
- Not as convenient or friendly as Regedit.exe
33Reg.exe (continued)
34Changing the Registry
- Back up all important data on the computer before
editing Registry - Make a distinct backup of all or part of Registry
- Saving each key or subkey individually is
recommended - Restart machine before editing Registry
- Perform only a single Registry modification at a
time
35Changing the Registry (continued)
- Test results before proceeding.
- Restart immediately after each change
- Force full system compliance with new settings in
Registry - Test changes on nonproduction system before
deploying on production systems
36Registry Storage Files
- Static images of the Registry are stored
- systemroot\system32\config
- systemroot\repair
- Located in boot partition
- Files do not match one-to-one with top-level keys
37Registry Storage Files (continued)
38Registry Storage Files (continued)
39Registry Storage Files (continued)
- Only two of HKEY_LOCAL_MACHINE subkeys are stored
in files - Default subkey of HKEY_USERS key
- HKEY_CURRENT_USER key
- Other subkeys are built on the fly or copied
from subkeys of HKEY_LOCAL_MACHINE
40Registry Storage File Extensions
- No extension
- .alt
- .log
- .sav
41Registry Fault Tolerance
- Registry becomes corrupted or destroyed
- Windows XP cannot function or even start
- Fault tolerance of Registry is sustained by
- Its structure
- Memory residence
- Transaction logs
- Flush
- Transaction logs
42Restoring the Registry
- Last Known Good Configuration (LKGC)
- Boot option is accessed by pressing F8.
- If LKGC fails
- Use backup software to restore Registry files
- Reinstall Windows XP, either fully or as an
upgrade
43Protecting the Registry
- Registry should only be edited by a qualified
person - Permissions can be assigned to the hives and keys
within the Registry - Almost identical to assigning permissions and
protecting files and folders on an NTFS partition - Only privileged groups and users should be
allowed to edit and view the Registry
44Windows XP Professional Resource Kit Registry
Tools
- Tools that can be used to manipulate the Registry
- Separate from Windows XP Professional operating
system - Purchase from
- Microsoft
- Most software or book vendors
45Windows XP Professional Resource Kit Registry
Tools (continued)
- Key utilities
- Regdump.exe
- Regfind.exe
- Compreg.exe
- Regini.exe
- Regback.exe
- Regrest.exe
- Scanreg.exe
46Summary
- The Windows XP Registry is a complex structure
consisting of keys, subkeys, values, and value
entries - The Registry should only be edited with extreme
caution - Changes to the Registry can cause the Windows XP
system not to boot - The Registry is divided into five main keys
47Summary
- Windows XP includes two Registry editors, the
graphical Regedit.exe and the command-line
Reg.exe utility - As part of your normal system maintenance and
administration, you should create copies of the
Registry