Mucking with the Registry
The Registry is one of the best administrative features of NT. You can find all the
configuration information for a system in one place, which you can access locally or remotely. To be
an effective administrator, you owe it to yourself to get familiar with what's in the Registry, how
to change it, and the consequences of your changes. (For more information about the Registry, see
Christa Anderson, "Care and Feeding of the Registry," December 1996, and Mark Russinovich,
"Inside the Windows NT Registry," April 1997).
The Registry hives are files kept in the %systemroot%\system32\config directory. The hives
you'll spend the most time with are HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. Registry permissions
prevent nonadministrative users from doing much with HKEY_LOCAL_MACHINE. However, as an
administrator, you have several tools you can use to edit the Registry. In addition to NT's REGEDIT
and REGEDT32, the resource kits provide many tools for manipulating the Registry from the command
line or within scripts. For example, the REGINI utility lets you make multiple Registry changes at
one time. The utility inputs references to key names and their required values from a .ini file
(make sure you include a carriage return at the end of the .ini file, or REGINI will fail) and
subsequently edits the Registry. For example, the following REGINI file changes the startup type of
the Schedule service from manual to automatic and enables the TCP/IP option for DNS lookup of
NetBIOS machine names:
\Registry\machine\system\CurrentControlSet\Services\Schedule
Start = REG_DWORD 2
\Registry\machine\system\CurrentControlSet\Services\NetBT\Parameters
EnableDNS = REG_DWORD 1
The resource kits for NT 4.0 contain several other command-line utilities for making scripted
Registry changes. You can use REGDEL to delete local or remote Registry keys, REGCHG to change
Registry values, REGDIR and REGDMP to dump the contents of a hive or a key to the screen or a file,
and REGFIND to find and replace values in the Registry.
One difficulty with using the resource kit tools to make changes on a large number of machines
is that you often must copy the tool to the target machines before running it. Distributing the
tools to hundreds (or thousands) of machines and then updating the tools as new versions come out is
unwieldy. Making Registry changes without having to keep a utility around for just that purpose
makes more sense. You can use REGEDIT to perform command-line Registry adds and changes. The syntax
for this command is
regedit (-s) filename.reg
where the -s parameter performs a silent registration, rather than presenting a dialog box that
signals a successful registration. New applications commonly use .reg files to register their
components during installation. You can use this capability to add and change a machine's Registry.
Screen 2 shows an example .reg file. The file header must contain the word REGEDIT4. The example in
Screen 2 makes two Registry changes: The first entry changes the path to the Perl binaries in
HKEY_LOCAL_MACHINE; the second entry enables the Synchronous Logon feature of user profiles in
HKEY_CURRENT_USER. You can use REGEDIT to change or add REG_SZ, REG_DWORD, and REG_BINARY values.
If you've ever wondered what Registry changes occur during the installation of an application,
here's a quick little trick you can use to find out. Most applications write changes to the SOFTWARE
key in HKEY_LOCAL_MACHINE. Before you install the application, start REGEDT32. Highlight the
SOFTWARE key, select Save Subtree As from the Registry menu, and enter a filename to save a copy of
that portion of the hive to the file. Next, install your application and then repeat the Save
Subtree As process on the SOFTWARE key, entering a new file name. Finally, run the resource kit's
WINDIFF utility and open both the before and after file. You'll immediately see the changes. This
method also lets you determine Registry changes when you perform a configuration operation.
NT Internals Tools
Occasionally, you find a utility on the Internet or a bulletin board that becomes indispensable
in your systems administrator arsenal. I recently found two such utilities, NTFileMon and NTRegMon,
at the NT Internals Web site (http://www.ntinternals.com) maintained by Mark Russinovich and Bryce
Cogswell.
Each utility uses a process that the authors describe as kernel-mode system call hooking
to let you monitor (in realtime) I/O to the file system or to the Registry. The utilities provide a
much-needed window into what's really going on when you launch an application or when you hear that
hard disk on your NT system spinning without a reason. Screen 3 shows an example of the NTFileMon
display when I changed the TCP/IP configuration on an NT workstation. I recently used NTRegMon to
help troubleshoot a Microsoft Word problem: With this utility, I discovered that a user's profile
(HKEY_CURRENT_USER in the Registry) was configured to grab a document template from a directory that
did not exist.
The NT Internals site also includes Windows 95 versions of these two utilities. In addition to
NTFileMon and NTRegMon, this site contains other useful, educational utilities for the NT systems
administrator. Check out NTSync, which (like UNIX's sync command) forces all data in cache
to be written to disk. This action prevents data loss if you have an inadvertent system crash or
lose power. NTFSDOS is a well-known utility. This DOS-based device driver can provide read-only
access to your NTFS partitions from a DOS boot diskette. NT-Recover lets you use a serial cable to
recover files from a crashed NT system's disks. These utilities and other useful information make
the NT Internals Web site a must-visit for the NT systems administrator.
Tools for Common Problems
Although this list is by no means complete, the commands and utilities I've discussed in this
article represent the most common themes you will likely come across in the day-to-day management of
your NT environment. Being a systems administrator in any environment often requires using all the
resources at your disposal under stressful situations. I hope this brief list gives you some
additional tools and knowledge to make your job easier.
Register
