Using nontraditional methods that improve safety and efficiency
Mining for fixes and workarounds in Windows NT can be a hazardous pursuit, especially when you are exploring the depths of the NT Registry. Microsoft is quick to point out the dangers of accessing the Registry. The company precedes many of the instructions that accompany NT with scary sounding warnings about how dangerous entering the realm of the Registry can be. But despite these warning signs, you can use some nontraditional methods to enter and explore the Registry in an efficient and relatively safe manner. These tools include bypassing the usual interactive mode of Registry editing, and instead involve editing the Registry from the command prompt, batch files, and Web browsers. These methods reduce the risk of damaging the Registry because they automate the process of making changes within the Registry.
For the most part, the applets in the Control Panel and the Administrative
Tools in NT are front ends to the Registry. These tools organize system settings
that have a similar context, such as user administration. However, under the
surface the tools only add, delete, or modify values within the Registry. If you
want to change a particular Registry setting that does not have a corresponding
Control Panel applet or Administrative Tool to manipulate it, you have to use a
Registry editor to reach the setting. You can also use NT's Registry editors to
circumvent the Control Panel applets and Administrative Tools in the interest of
speed and efficiency.
Accessing the Registry
Before you begin to explore the Registry, you need to know that you can
easily trash your system by fooling around with Registry settings. Make sure you
back up the Registry before you go further. If you are new to diving into the
Registry, I also suggest that you run a practice drill and go through all the
steps for recovering from a damaged Registry before you actually need to.
NT 4.0 includes two traditional tools for editing the Registry:
Regedt32.exe, which has the old NT 3.x interface, and Regedit.exe, which looks
similar to the Windows 95 Registry editor. You might assume you would only want
to use Regedit with its newer interface, but you need both editors because each
has features lacking in the other.
For example, Regedt32 is the better of the two editors for loading,
editing, and unloading Registry hives (hives are disk files that contain
sections of the Registry), while keeping the hive in a separate disk space from
other sections of the Registry. Hives contain a top-level key and its subkeys or
a subkey of a top-level key and all its subkeys.
Regedt32 creates a separate window for each top-level Registry key (HKEY_),
whereas Regedit organizes all the top-level keys in one window under My
Computer. Regedt32 has a read-only mode (click Options, Read Only Mode) that
lets you browse the Registry without fear of accidentally changing something.
Regedt32 can display Registry changes in realtime (click Options, Auto
Refresh), so you can watch the Registry change while another Registry editor or
program accesses it. You have to select the location of the Registry being
changed to observe the changes.
You use Regedt32 to administer the access control lists (ACLs) in NT's
Registry. ACLs are analogous to directories in the NT file system (think of keys
as directories and subkeys as subdirectories). You can use both Registry editors
to edit the Registry remotely. Therefore, keep in mind that the ACL for a
particular Registry key determines which users (local and remote) can access
that key and how.
Regedit is better for searching for values, data, and key names. For
example, if you want to find every place in the Registry where NT stores the
computer name, Regedit is the best tool.
You can read in and write out Registry data files when you run Regedit from
the command prompt. This feature makes Registry editing available from within
batch files, Telnet sessions, and scripting languages.
If you use both Registry editors often, you will want to add shortcuts
within the Administrative Tools menu to both editors. Table 1 presents a
comparative list of each editor's features.
Registry Changes
Most edits you make to the Registry are one-time changes. You typically
change a Registry entry once and reboot. For example, you may designate a
specific NT server as a domain master browser by setting the value of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster to TRUE, and setting this value to FALSE on other NT servers.
However, other times you may want to toggle a Registry value to observe the
effects. On these occasions, you want to use a systematic approach to editing
the Registry that helps ensure safety and efficiency. A good example of this
concept is turning on and off Point-to-Point Protocol (PPP) logging (for
information on PPP logging, see Microsoft Knowledge Base article Q115929). If
you are having trouble starting a Remote Access Service (RAS) session with a
remote computer using PPP, you can log the entire PPP transaction to a file for
analysis. The Microsoft Knowledge Base article describes how to change the
Logging value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP key. The log file contains a record of each PPP packet sent or received during the RAS session. For example:
>PPP packet received at 05/15/1997 08:53:36:145
>Protocol = LCP, Type = Identification, Length = 0x33, Id = 0x1, Port = 1
>C0 21 0C 01 00 31 12 BE 11 A0 53 68 69 76 61 20 |.!...1....Shiva |
>4C 61 6E 52 6F 76 65 72 2F 38 45 2C 20 56 65 72 |LanRover/8E, Ver|
>73 69 6F 6E 20 34 2E 35 2E 34 20 39 37 2F 30 32 |sion 4.5.4 97/02 |
>2F 32 38 |/28 |
I frequently experiment with different PPP servers, and I use this feature a
lot. I want PPP logging turned on only when I'm trying to resolve a PPP-related
problem, and shut off at all other times. I quickly grew tired of starting a
Registry editor, finding the right key, and changing the Logging value every
time I wanted to turn logging on or off.
To automate this process, I use Regedit's import and export features. When
you use the import feature, Regedit can read in data from a Registry data file
(usually with a .reg extension) that you specify from the command prompt.
Regedit can write out a selected Registry section to a Registry data file. When
reading the Registry data file, Regedit replaces any existing keys or values
with those from the data file and adds any keys or values that do not match an
existing Registry entry. If your goal is to edit an existing key or value, the
structure (i.e., the Registry's tree-like hierarchy, which includes keys,
subkeys, and values for the configuration settings) of the Registry data within
the file will have to exactly match the current Registry. Otherwise, NT will
simply append and ignore the new entries. To ensure that the Registry data file
is always in the correct format, use the export feature to generate the file.
You can export the entire Registry or any selected subkey.
Previous
Register
