Beruflich Dokumente
Kultur Dokumente
The Registr y has to be one of the least understood aspects of the Windows
operating system family. Even seasoned professionals approach it with a degree of
caution, knowing that a wrong entry can potentially wreak havoc on the system.
Description of the registry. Wean defines the registry as:
A central hierarchical database used in Microsoft Windows used to store information
that is necessary to configure the system for one or more users, applications and
hardware devices. The Registry contains information that Windows continually
references during operation, such as profiles for each user, the applications installed
on the computer and the types of documents that each can create, property sheet
settings for folders and application icons, what hardware exists on the system, and
the ports that are being used. The Registry replaces most of the text-based .ini files
that are used in Windows 3.x and MS-DOS configuration files, such as the
Autoexec.bat and Config.sys. Although the Registry is common to several Windows
operating systems, there are some differences among them.
Some History
The Registry was introduced as a way out of the “INI files mess” that plagued early
versions of Windows. Configuration information regarding the operating system,
application files, hardware, and soon were stored in INI files scattered all over the
system. For example, when an application is installed, it needs to know various
parameters regarding the operating system and the available hardware. Much of
this information is common to other applications as well. However, if there was any
change in the hardware or operating system software, updating the application’s INI
files used to be hell. The Registry was conceived as a way out of this madness. It is
a hierarchical database that stores information regarding the hardware, operating
system software, application software, users preferences and system preferences.
The hierarchy separates the machine infor mation, user information and the
software infor mation into logically discrete units that can be manipulated with
greater ease.
Any changes made by users, the operating system, newly installed software, and
hardware are all updated and reflected in the Registry. During system startup,
Windows uses the registry to get configuration data regarding the hardware,
software and other peripherals that have been configured. It also maintains a
backup copy of the registry with which the system had successfully started up last.
Hence, if it encounters a problem with the current startup, it can then use the
configuration information from the backup to attempt to start the system. Some of
the information stored in the registry is specific to the particular startup session
only, and is mostly user-specific.
This flexibility has deeper significance when considering a networked scenario.
administrators can specify user rights and access to various system and network
components. They can control what users can and cannot do on their machines with
a fair degree of granular control. For example, Administrators can specify that users
are not allowed to install new applications on their machines. A Registr y entry
disabling the users’ right to install would secure the system. And a Registr y entr y
can be made to prevent unauthorized access to the registr y itself!
These files cannot be edited directly; they have to be accessed through a Registry-
editing program such as Regedit.exe or Regedt32.exe.
Registry Hives
A registry hive is a group of keys, subkeys, and values in the registry that has a set
of supporting files that contain backups of its data. The supporting files for all hives
except HKEY_CURRENT_USER are in the %SystemRoot%\System32\Config folder on
Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, and Windows
Vista. The supporting files for HKEY_CURRENT_USER are in the
%SystemRoot%\Profiles\Username folder. The file name extensions of the files in
these folders indicate the type of data that they contain. Also, the lack of an
extension may sometimes indicate the type of data that they contain..
In Windows 98, the registry files are named User.dat and System.dat. In Windows Millennium Edition,
the registry files are named Classes.dat, User.dat, and System.dat.
Contains the root of the configuration information for the user who is currently
logged on. The user's folders, screen colors, and Control Panel settings are stored
here. This information is associated with the user's profile. This key is sometimes
abbreviated as "HKCU."
HKEY_USERS
HKEY_LOCAL_MACHINE
Contains configuration information particular to the computer (for any user). This
key is sometimes abbreviated as "HKLM."
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
Contains information about the hardware profile that is used by the local computer
at system startup.
HKEY_DYN_DATA
Structure
The registry is made up of "Keys". Each key is like the branch of a tree. Each key
has one parent key, and zero or more child keys. Each key can contain zero or more
"Values", each of which contains a single piece of data. To make navigating the
registry a bit easier, you can think of the registry's construction like your hard
drives.
Hard drive <-> Registry
Folders <-> Keys
Files <-> Values
Regedit is a program you can use to access and edit the Registry. It normally ships
with the default Windows installation and can be launched from the Run command
box in the Start Menu by typing in “regedit” or “regedit.exe”. Editing the Registry
should be done with care, and with as much understanding as possible as to why
and where you are making a change. Additionally, it is strongly recommended that
you back up the Registry immediately prior to making a change. You also need to
understand how to restore the Registry in case things go awry. The following
sections deal with how to back up and restore the Registry.
Value Types
As mentioned above, each of these hives contain keys and subkeys, which in turn
can contain further sub-keys or values. These values are of three major types:
DWORD, Binary and String.
REG_DWORD - (a DWORD Value) is usually used for Boolean values and is a four-
byte number. Many device drivers and services use DWORD values to toggle
between options. For example, the
UpdateMode setting that controls refresh rates can have a setting of either 0
(disabled) or 1 (enabled).
If the DWORD value is set to 0, refreshing does not take place. Each setting has a
specific default
DWORD value that is used by the system.
REG_BINARY - (a Binary Value) is used to store information as raw binary data, and
is usually used for hardware components. The String Value type, however, has
expansions to accommodate variables and multiple values. The Value types are
denoted as:
There are two things you can do in terms of backing up the Registry: either back up
the entire Registry, or export the specific key you are going to edit. To export a
Registry key, open Regedit using the Run command box. Find the key or sub-key you
want to edit and select it by clicking on it. Choose
File > Export . In the dialog box, select the location where you want to save the key,
select to save it as a .reg file, and select the “Selected Branch” option. Give a name
for the file and click Save. It will be saved as a .reg file. If you want to back up the
entire Registry, use the backup utility provided with XP.
To restore the system state, open the Backup utility, click Advanced Mode and
select the Restore and Manage Media tab. Select the backed up system state file
you want to restore. Check the System State box. In the “Restore Files to” box,
select Original Location. In the Tools menu, select Options, and click on “Always
replace the file on my computer”, then on OK. (If you don’t do this, you will be
asked for a confirmation for each and every file during the restore process.) Click
“Start Restore”. You will get a warning that says: “Restoring System State will
always overwrite current System State unless restoring to an alternative location”;
click OK. to overwrite. Click OK in the Confirm Restore dialog box. The
restore operation will start showing you the progress of the restore. When it
completes, click Close and accept the prompt to restart the computer.
It is quite easy to search the Registry for items that might apply to a particular
aspect of Windows or your installed software that you want to change. However, it
can also be time-consuming - especially if you have an older, slow computer. It can
be misleading as well, since you may not be sure what the references you find in
the Registry actually do, so be cautious.
In the "Find What" field, type in what you're looking for and, in the "Look At" section,
check off whether you want to search the Keys, Value Names, or Value Data, or any
combination of these. If it finds an instance, you may want to check to see if there
are any further references. Under the File menu, select Find Next, or just hit the F3
key.
To edit a registry value, first navigate the tree until the value is displayed . For
example, we have navigated to the registry value that controls the delay before a
menu pops up.
To edit a value, double click on its name. If you are following this example, go
ahead and change the MenuShowDelay value from 100 to 0. After making this
change, like most changes made in the registry, you will need to reboot. After
rebooting, all menus should pop up noticeably faster.
Removing Entries
Windows XP could not start because the following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM
Windows XP could not start because the following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file):
\SystemRoot\System32\Config\SOFTWARE or its log or alternate
Part one
In part one, you start the Recovery Console, create a temporary folder, back up the
existing registry files to a new location, delete the registry files at their existing
location, and then copy the registry files from the repair folder to the
System32\Config folder. When you have finished this procedure, a registry is
created that you can use to start Windows XP. This registry was created and saved
during the initial setup of Windows XP. Therefore any changes and settings that
occurred after the Setup program was finished are lost.
1. Insert the Windows XP startup disk into the floppy disk drive, or insert the
Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
Click to select any options that are required to start the computer from the
CD-ROM drive if you are prompted to do so.
2. When the "Welcome to Setup" screen appears, press R to start the Recovery
Console.
3. If you have a dual-boot or multiple-boot computer, select the installation that
you want to access from the Recovery Console.
4. When you are prompted to do so, type the Administrator password. If the
administrator password is blank, just press ENTER.
5. At the Recovery Console command prompt, type the following lines, pressing
ENTER after you type each line:
md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak
delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default
Note This procedure assumes that Windows XP is installed to the C:\Windows folder.
Make sure to change C:\Windows to the appropriate windows_folder if it is a
different location.
If you have access to another computer, to save time, you can copy the text in step
five, and then create a text file called "Regcopy1.txt" (for example). To use this file,
run the following command when you start in Recovery Console:
batch regcopy1.txt
With the batch command in Recovery Console, you can process all the commands in
a text file sequentially. When you use the batch command, you do not have to
manually type as many commands.
Part two
To complete the procedure described in this section, you must be logged on as an
administrator, or an administrative user (a user who has an account in the
Administrators group). If you are using Windows XP Home Edition, you can log on as
an administrative user. If you log on as an administrator, you must first start
Windows XP Home Edition in Safe mode. To start the Windows XP Home Edition
computer in Safe mode, follow these steps.
Note Print these instructions before you continue. You cannot view these
instructions after you restart the computer in Safe Mode. If you use the NTFS file
system, also print the instructions from Knowledge Base article KB309531. Step 7
contains a reference to the article.
1. Click Start, click Shut Down (or click Turn Off Computer), click Restart, and
then click OK (or click Restart).
2. Press the F8 key.
On a computer that is configured to start to multiple operating systems, you
can press F8 when you see the Startup menu.
3. Use the arrow keys to select the appropriate Safe mode option, and then
press ENTER.
4. If you have a dual-boot or multiple-boot system, use the arrow keys to select
the installation that you want to access, and then press ENTER.
In part two, you copy the registry files from their backed up location by using
System Restore. This folder is not available in Recovery Console and is generally not
visible during typical usage. Before you start this procedure, you must change
several settings to make the folder visible:
Note This folder contains one or more _restore {GUID} folders such as
"_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
8. Open a folder that was not created at the current time. You may have to click
Details on the View menu to see when these folders were created. There may
be one or more folders starting with "RPx under this folder. These are restore
points.
9. Open one of these folders to locate a Snapshot subfolder. The following path
is an example of a folder path to the Snapshot folder:
These files are the backed up registry files from System Restore. Because you used
the registry file that the Setup program created, this registry does not know that
these restore points exist and are available. A new folder is created with a new GUID
under System Volume Information and a restore point is created that includes a
copy of the registry files that were copied during part one. Therefore, it is important
not to use the most current folder, especially if the time stamp on the folder is the
same as the current time.
The current system configuration is not aware of the previous restore points. You
must have a previous copy of the registry from a previous restore point to make the
previous restore points available again.
The registry files that were copied to the Tmp folder in the C:\Windows folder are
moved to make sure that the files are available under Recovery Console. You must
use these files to replace the registry files currently in the
C:\Windows\System32\Config folder. By default, Recovery Console has limited folder
access and cannot copy files from the System Volume folder.
Part Three
In part three, you delete the existing registry files, and then copy the System
Restore Registry files to the C:\Windows\System32\Config folder:
del c:\windows\system32\config\sam
del c:\windows\system32\config\security
del c:\windows\system32\config\software
del c:\windows\system32\config\default
del c:\windows\system32\config\system
Note This procedure assumes that Windows XP is installed to the C:\Windows folder.
Make sure to change C:\Windows to the appropriate windows_folder if it is a
different location.
If you have access to another computer, to save time, you can copy the text in step
two, and then create a text file called "Regcopy2.txt" (for example). To use this file,
run the following command when you start in Recovery Console:
batch regcopy2.txt
Part Four
To gain access to the System Volume Information folder, use the steps in the
appropriate section.
Microsoft Windows XP Professional or Windows XP Home Edition Using the FAT32 File
System
Double-click the System Volume Information folder in the root folder to open it.
Using CACLS with Windows XP Home Edition Using the NTFS File System
In Windows XP Home Edition with the NTFS file system, you can also use the Cacls
tool, which is a command-line tool, to display or modify file or folder access control
lists (ACLs). For more information about the Cacls tool, including usage and
switches, search the Help and Support Center for "cacls."
1. Click Start, click Run, type cmd, and then click OK.
2. Make sure that you are in the root folder of the partition for which you want
to gain access to the System Volume Information folder. For example, to gain
access the C:\System Volume Information folder, make sure that you are in
the root folder of drive C (at a "C:\" prompt).
3. Type the following line, and then press ENTER:
Make sure to type the quotation marks as indicated. This command adds the
specified user to the folder with Full Control permissions.
4. Double-click the System Volume Information folder in the root folder to open
it.
5. If you need to remove the permissions after troubleshooting, type the
following line at a command prompt:
cacls "driveletter:\System Volume Information" /E /R username
The following steps also work if you restart the computer to Safe mode because
simple file sharing is automatically turned off when you run the computer in Safe
mode.