Knowing when and where to dig

Some sources warn you that the Windows NT Registry is a dangerous force that you don't want to reckon with. Still others tell you that using the Registry to fix bugs and tweak your system's performance is OK. Microsoft seems to support both camps, but I agree with the people who promote using the Registry to your benefit. You need to explore and understand the Registry, which is the core of NT's configuration. When you start to explore the Registry with a little caution, you find that configuring NT is simple and relatively safe.

The NT Registry includes many entries that let you fix bugs in the operating system, improve NT's performance, and even customize your system to fit your needs. Once you begin to find your way around the Registry, you'll want to learn all the neat little tricks you can use. Although companies such as Microsoft and various books and magazines have documented many of the most common Registry tips and tricks, you can still find a few lesser-known fixes that are helpful in your day-to-day work. This article helps you uncover a few of these gems.

Enabling Full SAM Database Synchronization Every Time NT Starts
By default, when an NT Backup Domain Controller (BDC) starts, it doesn't attempt to synchronize the Security Accounts Manager (SAM) database with the Primary Domain Controller (PDC) until the interval (usually 5 minutes) you designate between the domain controllers expires. Even then, the BDC performs only a partial synchronization by default. You can add the value Update (data type REG_SZ) to the following Registry key to guarantee that a full synchronization occurs every time an NT 4.0 domain controller boots: HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Services\Netlogon\Parameters. You can supply two settings, Yes and No, to this Update. A setting of Yes enables the full synchronization option, and a setting of No disables this option. NT bases its domain database synchronization process on a pull approach (i.e., the BDCs send the replication trigger to the PDC), so you need to use this value only on BDCs. You need to understand that if you perform a full synchronization on machines with very large domain databases, you could tie up the network link. This situation is especially the case across slow WAN links.

This setting is one of several that govern the automatic synchronization of the NT 4.0 SAM databases among the various domain controllers on a network. You can override these settings by either adding or adjusting entries in the same Registry key you add Update to. These entries can assist you in optimizing the domain database traffic over your network.

Solving Directory Replication Problems
If you work with NT 4.0's directory replication a lot, you might be familiar with the error message, The data is invalid. You might see this error message when you make a lot of directory and file changes. When this type of error occurs, the Registry entries associated with these changes can become corrupt. The best approach to preventing this corruption is to use the Services applet in the Control Panel to stop the Directory Replicator service on all participating computers. Next, you need to use a Registry editor on one of the participating computers to access the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Replicator. Delete the Parameters, Exports, and Imports subkeys, and restart the Directory Replicator service on all the machines to solve the most likely problemĀ­corrupted Registry entries.

Most problems associated with directory replication revolve around directories either not copying correctly or not copying at all. In NT 4.0, the import machine must read a new key in the export machine's Registry. By default, neither the Replicator Group nor the Replication User Account has permission to access this Registry key. To solve this corruption problem, use the Regedt32 Registry editor, and navigate to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg.

After you select this Registry key, go to the Security menu in Regedt32 and select Permissions. Grant Read Access to either the Replicator Group or to the Replication User Account. One of these users or groups needs to have access to this key to completely solve this problem.

Controlling Logon Parameters
Many Registry settings for controlling NT's logon parameters (such as how to keep the name of the last user from appearing on screen) are well known. In addition to these, you can configure many other less familiar logon settings by adding or changing values associated with the following Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon.

The first value you can work with is AllocateCDRoms (data type REG_SZ). When you include this value in the Registry key, only the user logged on to the computer where the Registry resides can access the CD-ROMs in any of the available CD-ROM drives. This value overrides even the Sharing status of the CD-ROM drive. A setting of 1 enables this access, and a setting of 0 disables it. With this value, NT allocates CD-ROMs to the user during the interactive logon process, and frees the CD-ROMs for general use or for reallocation only after that user logs off. This value also satisfies part of the C2 security requirement that you must be able to secure removable media. If you don't add this value, NT makes the contents of the CD-ROMs in the drives available to all processes on the system.

The second value you can work with is AllocateFloppies (data type REG_SZ). When you include this value, only the user logged on to the computer where the Registry resides can access the disks in the floppy disk drives. A setting of 1 enables this feature, and a setting of 0 disables it. As with the AllocateCDRoms value, NT uses the AllocateFloppies value to allocate floppy disks to the user during the interactive logon process, and frees the floppy disks for general use or for reallocation only after that user logs off. This value also satisfies part of the C2 security requirement that you must be able to secure removable media. If you don't add this value, NT makes the contents of the floppy disks available to all processes on the system.

TABLE 1: Node Types
Registry Value Associated Node Type Method of Name Resolution
1 B-node Broadcasts
2 P-node Directs point-to-point name queries to a name server (WINS)
4 M-node Broadcasts, then queries a name server (WINS)
8 H-node Queries a name server (WINS), then broadcasts
The third value is DeleteRoamingCache (data type REG_DWORD). This value affects the use of roaming user profiles and can have a setting of 0 (the default) or 1. If you set this value to 1, NT deletes locally cached profiles when a user with a roaming profile logs off. This setting helps prevent conflicts that local and roaming profiles can cause as a result of date stamps or program contents. This value can also help you conserve disk space because the local machine is not caching copies of roaming profiles in the %SystemRoot%\Profiles directory.

The fourth value is KeepRasConnections (data type REG_SZ). By default, when you log off, NT closes all Remote Access Service (RAS) connections that you opened during the session. If you add this value and set it to 1, NT won't close these RAS connections when you log off. Keeping these connections active lets you create a permanent RAS connection that you want available for other users after you log off. NT disables this feature by default.

The fifth value is LogonPrompt (data type REG_SZ). This value can be a string up to 256 characters long that overrides the default text string Enter a user name and password that is valid for this system in the Logon Information dialog box. You can change this text and create a custom corporate message or design it to display additional legal warnings to users before they log on.

The sixth value is Welcome (data type REG_SZ). This value can also be a string up to 256 characters long, and it appears in the caption bar beside the title of the Begin Logon, Logon Information, Workstation Locked, and Unlock Workstation dialog boxes. This value doesn't display any text by default. The DeleteRoaming Cache, KeepRasConnections, Logon Prompt, and Welcome values don't automatically appear in the Registry.

Resolving Networking Issues
Many Registry entries let you fine tune and adjust networking parameters. You need to be careful when exploring these options, and you need to understand what you are modifying. I usually stick to fine tuning transport protocols and adjusting file and directory parameters. I avoid using the Registry to override low-level parameters such as network adapter card Maximum Transmission Units (MTUs) because they can cause confusion on your machine and other machines on the network.

Adjusting TCP/IP database file locations. My colleague Teresa Bisaillion contributed this interesting entry. The Windows Sockets interface uses TCP/IP database files, which consist of the standard Internet database files (HOSTS, LMHOSTS, networks, protocols). Most operating systems maintain these TCP/IP database files in an \etc directory off the root directory, but NT buries them deep in its system directory structure in the %SystemRoot%\winnt\System32\Drivers\etc directory. To change this default location, go to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. The value DataBasePath should appear, but you can always add it and give it the data type REG_EXPAND_SZ. You can change the default path to the path you want. Like many users, I usually change this setting to C:\Etc to ensure consistency across operating systems (by default, both NetWare and UNIX point this path to the root directory).

Changing the NetBIOS over TCP/IP node type. When you use NetBIOS over TCP/IP (NetBT), you use node types to determine which method NetBT uses to register and resolve host names (for a list of the various node types, see Table 1). If you enable LMHOSTS or Domain Name System (DNS), it also uses node types to resolve names. Unfortunately, the only way to directly change the value of a node type on a machine is to manually edit the Registry. To change the node type, go to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters.

You will need to add or edit the value NodeType (data type REG_DWORD). Available settings for this value include 1 (B-node), 2 (P-node), 4 (M-node), or 8 (H-node). If you are manually configuring TCP/IP, the default value is 1 or 8 depending on the Windows Internet Naming Service (WINS) server configuration.

If you haven't previously configured the system for use with WINS, the system will default to a B-node option that will cause name resolution to occur exclusively via broadcasts. When you configure the system as a WINS client, it defaults to 8 for H-node. This node is a hybrid mechanism that attempts to resolve names via a WINS server first. If that attempt fails, the system tries to resolve names via a broadcast. If you use Dynamic Host Configuration Protocol (DHCP), you can use the DHCP Manager utility to set the node type for a DHCP scope.

Adjusting the default NWLink IPX/SPX frame type. NWLink automatically detects which frame type the network is using during initial startup and uses that frame type. If no frame type is detected on the network, NT defaults to frame type 802.2. You can adjust the default frame type using the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlinkIpx\NetConfig\Driverx. The Driverx subkey will vary depending on the relative adapter number. You need to configure the DefaultAutoDetectType value (data type REG_DWORD). The setting for this value can range from 0 to 4 as follows (the default value is 2): 0 (Ethernet_II), 1 (Ethernet_802.3), 2 (802.2), 3 (SNAP), 4 (ArcNet).

Turning off annoying browser election event log messages. Anybody who has ever looked at an NT System Log is familiar with the message, Browser has forced an election on device... To turn off this message, go to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameter. You can edit or add the LogElectionPackets value (data type REG_DWORD). The settings for this value can be 0 or 1, and this value has a default setting of 0 (false). This value specifies whether the computer browser will generate events when your machine receives or processes election packets.

Making the Most of the Registry
Every configuration change you make to NT involves the Registry to some degree. Even when you use a friendly Control Panel applet, you're adjusting the Registry. Unfortunately, Microsoft hides a lot of Registry features behind the GUI and leaves many of them under-documented. I hope that the tips in this article help you better understand some of these under-documented features so you can configure NT to suit your needs.