chapter twelve working with the windows xp registry

Chapter TwelveChapter Twelve

Working with the Working with the Windows XP Windows XP

RegistryRegistry

ObjectivesObjectives

Understand the function and Understand the function and structure of the Registrystructure of the Registry

Describe the purpose of each of the Describe the purpose of each of the five Registry keys and the hive files five Registry keys and the hive files to which some of them mapto which some of them map

Use the Registry editor and various Use the Registry editor and various other Registryother Registry

ObjectivesObjectives

Understand default Registry sizing Understand default Registry sizing techniques and limits on Registry techniques and limits on Registry sizesize

Understand the fault-tolerance Understand the fault-tolerance mechanisms for the Registrymechanisms for the Registry

Back up and restore the RegistryBack up and restore the Registry

Working with the Working with the Windows XP RegistryWindows XP Registry

RegistryRegistry The hierarchical database of system The hierarchical database of system

configuration data essential to the configuration data essential to the health and operation of a Windows XP health and operation of a Windows XP systemsystem

Contains most of the control and Contains most of the control and functional settings for Windows XP core functional settings for Windows XP core elements, services, and native elements, services, and native applicationsapplications

Windows Registry Windows Registry OverviewOverview

The Registry is divided into keys and The Registry is divided into keys and subkeyssubkeys Each Registry Each Registry keykey is similar to a is similar to a

bracketed heading in an .ini file and bracketed heading in an .ini file and represents a top-level container in the represents a top-level container in the Registry hierarchyRegistry hierarchy

Each key must contain at least one or Each key must contain at least one or more lower-level keys called more lower-level keys called subkeyssubkeys


Value entryValue entry Named parameter or placeholder for a Named parameter or placeholder for a

control setting or configuration datacontrol setting or configuration data ValueValue

Actual piece of data held by a value Actual piece of data held by a value entryentry


HiveHive Discrete Discrete

body of body of Registry Registry keys, keys, subkeys, subkeys, and values and values stored in a stored in a filefile

Figure 12-1: View of the hierarchical Registry structure, including five primary keys


The data type of a value entry The data type of a value entry informs the Registry how store the informs the Registry how store the valuevalue

Data typeData type Setting on a Registry value that defines Setting on a Registry value that defines

the data format of the stored the data format of the stored informationinformation


Figure 12-2: AutoAdminLogon value entries


The data types supported by The data types supported by windows 2000:windows 2000: REG_BINARYREG_BINARY REG_DWORDREG_DWORD REG_SZREG_SZ REG_MULTI_SZREG_MULTI_SZ REG_EXPAND_SZREG_EXPAND_SZ


The data types supported by The data types supported by windows 2000 (cont.):windows 2000 (cont.): REG_FULL_RESOURCE_DESCRIPTORREG_FULL_RESOURCE_DESCRIPTOR REG_DWORD_LITTLE_ENDIANREG_DWORD_LITTLE_ENDIAN REG_DWORD_BIG_ENDIANREG_DWORD_BIG_ENDIAN REG_LINKREG_LINK


Important concepts to keep in mind Important concepts to keep in mind about the Registry:about the Registry: Keys are the top-level, or root, divisions Keys are the top-level, or root, divisions

of the Registryof the Registry Keys contain one or more subkeysKeys contain one or more subkeys Any subkey can contain one or more Any subkey can contain one or more

subkeyssubkeys Any subkey can contain one or more Any subkey can contain one or more

value entriesvalue entries

HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE Contains the value entries that control the local computerContains the value entries that control the local computer

Figure 12-3: The HKEY_LOCAL_MACHINE key

HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE\HARDWAREHKEY_LOCAL_MACHINE\HARDWARE Container for data related directly to Container for data related directly to

physical devices installed on a computerphysical devices installed on a computer HKEY_LOCAL_MACHINE\SAMHKEY_LOCAL_MACHINE\SAM

Hive that contains data related to securityHive that contains data related to security The The Security Accounts Manager Security Accounts Manager

(SAM) (SAM) database is stored in this keydatabase is stored in this key

HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE\SECURITYHKEY_LOCAL_MACHINE\SECURITY Container for the local security policyContainer for the local security policy

HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SOFTWARESOFTWARE Container for data about installed Container for data about installed

software and mapped file extensionssoftware and mapped file extensions HKEY_LOCAL_MACHINE\SYSTEMHKEY_LOCAL_MACHINE\SYSTEM

Container for the information required Container for the information required to boot Windows XPto boot Windows XP

HKEY_CLASSES_ROOTHKEY_CLASSES_ROOT

Figure 12-4: HKEY_CLASSES_ROOT contains file extension and com object settings and associations

HKEY_CURRENT HKEY_CURRENT CONFIGCONFIG

Container for data pertaining to hardware profile currently in useContainer for data pertaining to hardware profile currently in use

Figure 12-5: The HKEY_CURRENT_CONFIG/ key is maintained in Windows XP for backward compatibility

HKEY_CURRENT_USERHKEY_CURRENT_USER

Figure 12-6: HKEY_CURRENT_USER contains data for whichever user is currently logged onto the system

HKEY_USERSHKEY_USERS

Figure 12-7: HKEY_USERS contain data for any user who has ever logged onto the system, plus a default user profile

HKEY_DYN_DATAHKEY_DYN_DATA

In some Registries, you may In some Registries, you may occasionally run across this other occasionally run across this other main keymain key

Appears only on machines with either:Appears only on machines with either: Windows 95Windows 95 Windows 98 applications that use older Windows 98 applications that use older

versions of Plug and Play to detect and versions of Plug and Play to detect and track hardware devices as they enter or track hardware devices as they enter or leave a systemleave a system

Registry EditorsRegistry Editors

RegeditRegedit 16-bit Registry editor16-bit Registry editor

RegReg Special command-line utility that users, Special command-line utility that users,

programs, or the operating system can programs, or the operating system can use to access, inspect, create, or modify use to access, inspect, create, or modify Registry keysRegistry keys


Figure 12-8: Regedit is the older Registry editor that suffices for most uses


Figure 12-9: Reg.exe is a command-line utility that permits users, batch files, or programs to operate on the Registry


Precautions when making changes Precautions when making changes to in the Registry:to in the Registry: Back up all important data on the Back up all important data on the

computer before editing the Registrycomputer before editing the Registry Making a distinct backup of all or part Making a distinct backup of all or part

of the Registryof the Registry Reboot the machine before editing the Reboot the machine before editing the

RegistryRegistry


Precautions when making changes Precautions when making changes to in the Registry (cont.):to in the Registry (cont.): Perform only a single Registry Perform only a single Registry

modification at a timemodification at a time Reboot immediately after each change Reboot immediately after each change

to force full system complianceto force full system compliance Always test changes on a nonproduction Always test changes on a nonproduction

system hosting noncritical services system hosting noncritical services before deploying on production systemsbefore deploying on production systems

Registry Size LimitationsRegistry Size Limitations

The Registry is stored in active The Registry is stored in active memory for quick and easy memory for quick and easy accessibility while the operating accessibility while the operating system is functioningsystem is functioning Resides in the paged pool portion of Resides in the paged pool portion of

memorymemory This means it can be swapped out to disk This means it can be swapped out to disk

when not in usewhen not in use

Registry Size LimitationsRegistry Size Limitations

As your system ages and configurations As your system ages and configurations evolve over time, many changes will evolve over time, many changes will accumulate in the Registry, causing its accumulate in the Registry, causing its size to increasesize to increase

The initial size of the Registry on a The initial size of the Registry on a Windows XP Professional system is Windows XP Professional system is around 10 MBaround 10 MB

To prevent the Registry from consuming To prevent the Registry from consuming too much memory, Windows XP imposes too much memory, Windows XP imposes the Registry Size Limit (RSL)the Registry Size Limit (RSL)

Registry Storage FilesRegistry Storage Files

Figure 12-10: Explorer listing of the …\system32\config folder shows various Registry file types and instances


Table 12-1: Registry Storage Files


Four extensions used by the Registry Four extensions used by the Registry storage files to identify the purpose or storage files to identify the purpose or function of the file:function of the file: No extensionNo extension .alt.alt .log.log .sav.sav

Registry Fault ToleranceRegistry Fault Tolerance

If the Registry becomes corrupted or If the Registry becomes corrupted or destroyed, Windows XP cannot function destroyed, Windows XP cannot function or even bootor even boot

Several mechanisms have been Several mechanisms have been established to prevent the Registry from established to prevent the Registry from becoming damaged or to repair minor becoming damaged or to repair minor problems automaticallyproblems automatically

The fault tolerance of the Registry is The fault tolerance of the Registry is sustained by its structure, memory sustained by its structure, memory residence, and transaction logsresidence, and transaction logs

Registry Fault ToleranceRegistry Fault Tolerance

FlushFlush Copy procedure to update the files on Copy procedure to update the files on

the hard drive with the new settings the hard drive with the new settings stored in the memory-resident version stored in the memory-resident version of the Registryof the Registry

Transaction logsTransaction logs Files wherein the systems records edits, Files wherein the systems records edits,

changes, and alterations to the Registrychanges, and alterations to the Registry

Ways to Create Reliable Ways to Create Reliable Registry BackupsRegistry Backups

Most Windows XP backup applications Most Windows XP backup applications include support for full Registry backupsinclude support for full Registry backups

Regedit can be used to save all or part of the Regedit can be used to save all or part of the Registry to distinct filesRegistry to distinct files

Make a copy of the %systemroot%\Make a copy of the %systemroot%\WINDOWS-\system32\config and WINDOWS-\system32\config and %systemroot%\WINDOWS-\repair directories %systemroot%\WINDOWS-\repair directories manuallymanually

Employ the Microsoft Windows XP Employ the Microsoft Windows XP Professional Resource Kit tools Reg.exe or Professional Resource Kit tools Reg.exe or Regback.exeRegback.exe

Restoring the RegistryRestoring the Registry

You have several options for restoring You have several options for restoring the Registry, depending on the method the Registry, depending on the method used to make a backupused to make a backup

Windows XP itself attempts to maintain Windows XP itself attempts to maintain a functional Registrya functional Registry

Last Known Good Configuration (LKGC)Last Known Good Configuration (LKGC) State of the Registry stored in one of the State of the Registry stored in one of the

control sets when the last successful user control sets when the last successful user logon occurredlogon occurred

Restoring the RegistryRestoring the Registry

If the LKGC fails to restore normal If the LKGC fails to restore normal system functions, you have only two system functions, you have only two options:options: Use your backup software to restore the Use your backup software to restore the

Registry filesRegistry files Reinstall Windows XP, either fully or as Reinstall Windows XP, either fully or as

an upgradean upgrade

Windows XP Professional Windows XP Professional Resource Kit Registry Resource Kit Registry

ToolsTools Some of the key utilities include:Some of the key utilities include:

Regdump.exeRegdump.exe Regfind.exeRegfind.exe Compreg.exeCompreg.exe Regini.exeRegini.exe

Windows XP Professional Windows XP Professional Resource Kit Registry Resource Kit Registry

ToolsTools Some of the key utilities include Some of the key utilities include

(cont.):(cont.): Regback.exeRegback.exe Regrest.exeRegrest.exe Scanreg.exeScanreg.exe

Chapter SummaryChapter Summary

The Windows XP Registry is a complex The Windows XP Registry is a complex structure consisting of keys, subkeys, structure consisting of keys, subkeys, values, and value entriesvalues, and value entries

The Registry should be manipulated The Registry should be manipulated with extreme cautionwith extreme caution

Windows XP maintains a functional Windows XP maintains a functional registry through several fault-tolerant registry through several fault-tolerant measuresmeasures

The Registry is divided into five main The Registry is divided into five main keyskeys

Chapter SummaryChapter Summary

Windows XP includes two Registry Windows XP includes two Registry editors:editors: The graphical Regedit.exeThe graphical Regedit.exe The command-line Reg.exe utilityThe command-line Reg.exe utility

As part of your normal system As part of your normal system maintenance and administration, you maintenance and administration, you should create copies of the registryshould create copies of the registry

chapter twelve working with the windows xp registry

Documents

registry value

registry size

registry hierarchy

registry editor

windows xp registry

value entry slide

data types

data format