1 / 47

Objectives

70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 12: Working With the Windows XP Registry. Objectives. Understand the function and structure of the Registry Describe the purpose of the Registry keys and the hive files to which some of them map

lindley
Download Presentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-270: MCSE Guide to Microsoft Windows XP ProfessionalSecond Edition, EnhancedChapter 12: Working With the Windows XP Registry

  2. Objectives • Understand the function and structure of the Registry • Describe the purpose of the Registry keys and the hive files to which some of them map • Use the Registry editor and various other Registry tools • Work with Registry storage files and fault tolerance Guide to MCSE 70-270, Second Edition, Enhanced

  3. Objectives (continued) • Restore and protect the Registry • Work with Registry tools in the Microsoft Windows XP Professional Resource Kit Guide to MCSE 70-270, Second Edition, Enhanced

  4. Windows Registry Overview • Registry • Hierarchical database of information about system’s configuration • Stores information essential to Windows XP • Information for Microsoft and third-party applications • Information stored comparable to that stored in initialization files • Takes the place of .ini files • Not a text file Guide to MCSE 70-270, Second Edition, Enhanced

  5. Windows Registry Overview (continued) • Changes made to system configurations through Control Panel applets are applied to Registry database • Some settings can be established or changed only by editing the Registry directly • Must use Registry editor to edit Registry • Designed for programming ease and speed of interaction for processes Guide to MCSE 70-270, Second Edition, Enhanced

  6. Windows Registry Components • Key • Subkey • Value entry • Value Guide to MCSE 70-270, Second Edition, Enhanced

  7. Windows Registry Components (continued) • Data types: • Binary • DWORD • String • Multiple String • Expandable String Guide to MCSE 70-270, Second Edition, Enhanced

  8. Hierarchical Registry Structure Guide to MCSE 70-270, Second Edition, Enhanced

  9. Windows Registry • Not a complete collection of configuration settings • Holds only exceptions to defaults • Must know exact syntax, spelling, location, and valid values to add new entry • Always edit with extreme care Guide to MCSE 70-270, Second Edition, Enhanced

  10. Windows Registry (continued) • Loaded into memory from files on system startup • Written from memory back to the files on shutdown Guide to MCSE 70-270, Second Edition, Enhanced

  11. Important Registry Structures and Keys • Keys and subkeys control Windows behavior Guide to MCSE 70-270, Second Edition, Enhanced

  12. HKEY_LOCAL_MACHINE • Controls local computer • Includes information about: • Hardware devices • Applications • Device drivers • Kernel services • Physical settings Guide to MCSE 70-270, Second Edition, Enhanced

  13. HKEY_LOCAL_MACHINE • Subkeys: • HARDWARE • SAM • SECURITY • SOFTWARE • SYSTEM Guide to MCSE 70-270, Second Edition, Enhanced

  14. HKEY_LOCAL_MACHINE\HARDWARE • Data related directly to physical devices installed on a computer • Configuration data • Device driver settings • Mappings and linkages • Relationships between kernel-mode and user-mode hardware calls • IRQ hooks Guide to MCSE 70-270, Second Edition, Enhanced

  15. HKEY_LOCAL_MACHINE\HARDWARE (continued) • Re-created each time the system starts • Not saved when the system shuts down • Does not map to a specific hive file • Subkeys: • DESCRIPTION • DEVICEMAP • RESOURCEMAP • ACPI (not always present) Guide to MCSE 70-270, Second Edition, Enhanced

  16. HKEY_LOCAL_MACHINE\HARDWARE (continued) • Contents should not be manipulated • Contains data read from state of physical devices and associated device drivers Guide to MCSE 70-270, Second Edition, Enhanced

  17. HKEY_LOCAL_MACHINE\SAM • Contains data related to security • Security Accounts Manager (SAM) database • Local user accounts and group memberships are defined • Entire security structure of Windows XP system • You should not normally attempt to modify this subkey Guide to MCSE 70-270, Second Edition, Enhanced

  18. HKEY_LOCAL_MACHINE\SECURITY • Container for the local security policy • Defines control parameters, such as: • Password policy • User rights • Account lockout • Audit policy • General security options for the local machine • Maps to hive file named SECURITY Guide to MCSE 70-270, Second Edition, Enhanced

  19. HKEY_LOCAL_MACHINE\SOFTWARE • Container for data about installed software and mapped file extensions • Applies to all local users • Maps to hive file named SECURITY Guide to MCSE 70-270, Second Edition, Enhanced

  20. HKEY_LOCAL_MACHINE\SYSTEM • Stores data about: • Startup parameters • Loading order for device drivers • Service startup credentials (settings and parameters) • Basic operating system behavior • Essential to start process of Windows XP • Contains subkeys called control sets • Include complete information about start process for system Guide to MCSE 70-270, Second Edition, Enhanced

  21. HKEY_LOCAL_MACHINE\SYSTEM (continued) • Contains additional subkeys with settings for: • Storage devices • Control set boot status • Control set subkeys: • Control • Enum • Hardware Profiles • Service Guide to MCSE 70-270, Second Edition, Enhanced

  22. HKEY_LOCAL_MACHINE\SYSTEM\Select Subkey • Value entries used to define how Windows XP uses its control • Value entries: • Default • Current • LastKnownGood • Failed Guide to MCSE 70-270, Second Edition, Enhanced

  23. HKEY_CLASSES_ROOT • Container for information pertaining to application associations based on file extensions and COM object data • Copied from the HKEY_LOCAL_MACHINE\ • SOFTWARE\Classes subkey • Maintained for backward compatibility • Do not edit the contents of this key Guide to MCSE 70-270, Second Edition, Enhanced

  24. HKEY_CURRENT_CONFIG • Container for data that pertain to whatever hardware profile is currently in use • Link to the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\HardwareProfiles\ Current subkey • Maintained for backward compatibility • Not strictly required by Windows XP Guide to MCSE 70-270, Second Edition, Enhanced

  25. HKEY_CURRENT_CONFIG (continued) Guide to MCSE 70-270, Second Edition, Enhanced

  26. HKEY_CURRENT_USER • Container for profile for whichever user is currently logged on • Contents are built each time a user logs on • Copy of appropriate subkey from the HKEY_USERS key • Should not be edited directly • Modify user’s profile through conventional profile management techniques Guide to MCSE 70-270, Second Edition, Enhanced

  27. HKEY_CURRENT_USER (continued) Guide to MCSE 70-270, Second Edition, Enhanced

  28. HKEY_USERS • Contains profiles for all users who have ever logged onto system • Contains default user profile • Built each time the system boots • Loads the default file and locally stored copies of Ntuser.dat or Ntuser.man from user profiles • To remove user profile from this key: • Use the User Profiles tab of System applet in Control Panel Guide to MCSE 70-270, Second Edition, Enhanced

  29. HKEY_DYN_DATA • Appears only on machines with Windows 95 or Windows 98 applications • Use older versions of Plug and Play Guide to MCSE 70-270, Second Edition, Enhanced

  30. Registry Editors • Special tools are required to operate on the Registry directly • Regedit.exe • Reg.exe Guide to MCSE 70-270, Second Edition, Enhanced

  31. Regedit.exe • Offers: • Global searching • Security manipulation • Combines all of the keys into single display Guide to MCSE 70-270, Second Edition, Enhanced

  32. Reg.exe • Console Registry tool for Windows • Command-line utility • Permits users, batch files, or programs to operate on the Registry • No graphical user interface • Not as convenient or friendly as Regedit.exe Guide to MCSE 70-270, Second Edition, Enhanced

  33. Reg.exe (continued) Guide to MCSE 70-270, Second Edition, Enhanced

  34. Changing the Registry • Back up all important data on the computer before editing Registry • Make a distinct backup of all or part of Registry • Saving each key or subkey individually is recommended • Restart machine before editing Registry • Perform only a single Registry modification at a time Guide to MCSE 70-270, Second Edition, Enhanced

  35. Changing the Registry (continued) • Test results before proceeding. • Restart immediately after each change • Force full system compliance with new settings in Registry • Test changes on nonproduction system before deploying on production systems Guide to MCSE 70-270, Second Edition, Enhanced

  36. Registry Storage Files • Static images of the Registry are stored • %systemroot%\system32\config • %systemroot%\repair • Located in boot partition • Files do not match one-to-one with top-level keys Guide to MCSE 70-270, Second Edition, Enhanced

  37. Registry Storage Files (continued) Guide to MCSE 70-270, Second Edition, Enhanced

  38. Registry Storage Files (continued) Guide to MCSE 70-270, Second Edition, Enhanced

  39. Registry Storage Files (continued) • Only two of HKEY_LOCAL_MACHINE subkeys are stored in files: • Default subkey of HKEY_USERS key • HKEY_CURRENT_USER key • Other subkeys are built “on the fly” or copied from subkeys of HKEY_LOCAL_MACHINE Guide to MCSE 70-270, Second Edition, Enhanced

  40. Registry Storage File Extensions • No extension • .alt • .log • .sav Guide to MCSE 70-270, Second Edition, Enhanced

  41. Registry Fault Tolerance • Registry becomes corrupted or destroyed • Windows XP cannot function or even start • Fault tolerance of Registry is sustained by: • Its structure • Memory residence • Transaction logs • Flush • Transaction logs Guide to MCSE 70-270, Second Edition, Enhanced

  42. Restoring the Registry • Last Known Good Configuration (LKGC) • Boot option is accessed by pressing F8. • If LKGC fails: • Use backup software to restore Registry files • Reinstall Windows XP, either fully or as an upgrade Guide to MCSE 70-270, Second Edition, Enhanced

  43. Protecting the Registry • Registry should only be edited by a qualified person • Permissions can be assigned to the hives and keys within the Registry • Almost identical to assigning permissions and protecting files and folders on an NTFS partition • Only privileged groups and users should be allowed to edit and view the Registry Guide to MCSE 70-270, Second Edition, Enhanced

  44. Windows XP Professional Resource Kit Registry Tools • Tools that can be used to manipulate the Registry • Separate from Windows XP Professional operating system • Purchase from: • Microsoft • Most software or book vendors Guide to MCSE 70-270, Second Edition, Enhanced

  45. Windows XP Professional Resource Kit Registry Tools (continued) • Key utilities: • Regdump.exe • Regfind.exe • Compreg.exe • Regini.exe • Regback.exe • Regrest.exe • Scanreg.exe Guide to MCSE 70-270, Second Edition, Enhanced

  46. Summary • The Windows XP Registry is a complex structure consisting of keys, subkeys, values, and value entries • The Registry should only be edited with extreme caution • Changes to the Registry can cause the Windows XP system not to boot • The Registry is divided into five main keys Guide to MCSE 70-270, Second Edition, Enhanced

  47. Summary • Windows XP includes two Registry editors, the graphical Regedit.exe and the command-line Reg.exe utility • As part of your normal system maintenance and administration, you should create copies of the Registry Guide to MCSE 70-270, Second Edition, Enhanced

More Related