Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 20 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
20
Dung lượng
141,22 KB
Nội dung
TheRegistry T he registry is the core repository of configuration infor- mation in Windows 2000, storing information about the operating system, applications, and user environment on standalone workstations and member servers (non-domain controllers). The Purpose of theRegistry Early versions of the Windows operating system family, such as Windows 3.x, stored most of their configuration informa- tion in initialization, or .ini files. These files were text files containing various sections that stored settings for a variety of properties such as device drivers, application and docu- ment associations, user environment settings, and so on. Windows applications used .ini files as well to store their configuration settings. Even today in Windows 2000 and appli- cations, .ini files are still a widely used mechanism for stor- ing user, application, and operating system settings. A quick search of your hard drive for .ini files will illustrate that fact. Although they provide a simple means of storing and retriev- ing settings, .ini files offer some disadvantages, particularly for storing important OS settings such as device drivers, con- figuration data, user environment settings, and so on. First, Windows 2000 needs a fault tolerant system for maintaining its settings to avoid the problem of an unbootable system due to a corrupt or missing .ini file. This information also needs to be secure, something .ini files can’t really provide. Finally, managing all the settings needed to keep a Windows 2000 sys- tem up and running, plus applications and user-related set- tings, would be overwhelming if .ini files were the only solution. Theregistry comes to the rescue. In Windows 2000, like Windows NT before it, theregistry stores configuration information about the system’s hardware and software, both operating system- and application-related. Theregistry also stores information about users, including security settings and rights, working environment (desktop properties, folders, and so on), and much more. However, 18 18 CHAPTER ✦✦✦✦ In This Chapter The Purpose of theRegistryThe Registry’s Structure TheRegistry Editors Securing theRegistry ✦✦✦✦ 4667-8 ch18.f.qc 5/15/00 2:07 PM Page 689 690 Part V ✦ Availability Management unlike Windows NT, it no longer stores domain user and computer accounts or information related to “network” objects; this job now belongs to the Active Directory, as explained in Chapter 2 and the chapters in Part III. When you promote a member server to a domain controller, all registry settings that also apply to a domain controller server, such as the desktop settings, are absorbed into Active Directory. But when you demote the server, the original reg- istry settings are not restored, and you are returned to a clean registry. (The demo- tion wizard even asks you for a new Administrator password because the original account is lost.) Keep this in mind when you demote a domain controller, because Active Directory can easily outgrow the host machine it was originally installed on. The following list explains some of the ways certain components make use of the registry: ✦ Setup: When you install Windows 2000, Setup builds theregistry based on your selections (or automated selections) during installation. Setup also mod- ifies theregistry when you add or remove hardware from the system. ✦ Application setup: The Setup program for an application typically will modify theregistry to store the application’s settings at installation. It also will typi- cally read theregistry to determine which components, if any, are already installed. ✦ Applications: Most applications that store their settings in theregistry modify those settings during program startup, shutdown, or general operation to store changes made to application settings both by the application or the user. ✦ Ntdetect: The Ntdetect.com program executes at system startup to detect hardware and attached peripherals, and it stores information in theregistry about those items for use in subsequent boot steps to initialize device drivers for identified devices. ✦ The kernel: The Windows 2000 kernel reads theregistry at startup to deter- mine which device drivers to load and in which order, along with other driver initialization parameters. ✦ Device drivers: Most device drivers store their configuration and operating settings in the registry, reading theregistry at initialization to determine how to load and function. ✦ System: The Windows 2000 operating system as a whole uses theregistry to store information about services, installed applications, document and OLE (Object Linking and Embedding) associations, networking, user settings, and other properties. ✦ Administrative tools: One of the main functions of utilities such as the Control Panel, the various MMC consoles, and standalone administration utilities is typically to modify the registry. In this context, these utilities provide a user interface for registry modification. Caution 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 690 691 Chapter 18 ✦ TheRegistry ✦ TheRegistry Editors: Windows 2000 provides two utilities, regedit.ex e and regedt32.exe , that enable you to view and modify theregistry directly. While you’ll want to perform most modification tasks using other utilities, theRegistry Editors make possible tasks such as direct modification, selected reg- istry backup, and others. Theregistry is in many ways the “brain” of the Windows 2000 OS. Nearly everything the OS does is affected by or affects the registry. For that reason, it’s important to not only understand the registry’s function and how to modify it, but also how to protect it from catastrophe or unauthorized access. The following sections explain the structure of theregistry and how to manage it. TheRegistry Structure Theregistry forms a hierarchical (tree) database with five primary branches called subtrees. A subtree can contain keys, which function as containers within the sub- tree for subkeys and values. Subkeys are sub-branches within a key. Values are the individual settings within a key or subkey. Perhaps the best way to understand theregistry structure is to view it through one of theRegistry Editors, as shown in Figure 18-1. (You’ll find detailed information about theRegistry Editors later in this chapter.) Figure 18-1: TheRegistry Editors show the structure of theregistry — a hierarchical tree, with each subtree serving as a primary branch. 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 691 692 Part V ✦ Availability Management There are two physical subtrees in the Windows 2000 registry: HKEY_LOCAL_ MACHINE and HKEY_USERS, the former containing system- and hardware-related settings and the latter containing user-related settings. These two physical subtrees are divided into the five logical subtrees you see in theRegistry Editors. Organizing theregistry into five logical subtrees makes it easier to navigate and understand the logical structure of the registry. The five logical subtrees are as follows: ✦ HKEY_LOCAL_MACHINE: This subtree, often abbreviated as HKLM, stores settings that apply to the local machine, defining hardware and operating sys- tem settings that are the same regardless of which user is logged on. The set- tings in HKLM, for example, define device drivers, memory, installed hardware, and startup properties. ✦ HKEY_CLASSES_ROOT: Abbreviated HKCR, this subtree contains file associa- tion data, such as associating a document file type with its parent application and defining the actions taken on a given document type for various tasks (open, play, edit, and so on). This subtree is built from HKLM\SOFTWARE\ Classes and HKEY_CURRENT_USER\SOFTWARE\Classes, with the value in HKCU taking precedence. HKCR provides user- and computer-specific class registration, providing different class registrations for each user. This per-user class registration is different from previous versions of Windows that pro- vided the same registration data for all users. ✦ HKEY_CURRENT_USER: This subtree (HKCU) stores the user profile for the user who is currently logged on to the system locally. Settings include desktop configuration and folders, network and printer connections, environment vari- ables, Start menu and applications, and other settings that define the user oper- ating environment and UI. This subtree is actually an alias of HKEY_USERS\ SID, where SID is the security ID of the current user. ✦ HKEY_USERS: This subtree (HKU) stores user profile data for users who log on to the computer locally, as well as the default user profile for the local computer. ✦ HKEY_CURRENT_CONFIG: This subtree (HKCC) stores hardware configura- tion data about the local computer identified at startup and includes settings relating to device assignments, device drivers, and so on. This subtree is an alias of HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current. Each of the subtrees listed previously represents a hive. Microsoft defines a hive as describing a body of keys, subkeys, and values rooted at the top of theregistry hierarchy. An individual hive comprises three files: ✦ A registry file, in most cases stored in systemroot\System32\Config . This file contains theregistry structure and settings for the given hive. ✦ A log file, stored in systemroot\System32\Config . This file serves as a transaction log for modifications to the hive registry file. 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 692 693 Chapter 18 ✦ TheRegistry ✦ A repair (backup) file, located in systemroot\System32\Repair . This is a backup copy of theregistry file. Table 18-1 lists theregistry hives and their corresponding file names. Table 18-1 Registry Hive Files Hive Files HKEY_LOCAL_MACHINE\SAM Sam and Sam.log HKEY_LOCAL_MACHINE\SECURITY Security and Security.log HKEY_LOCAL_MACHINE\SOFTWARE Software and Software.log HKEY_LOCAL_MACHINE\SYSTEM System and System.alt HKEY_CURRENT_CONFIG System and System.log HKEY_CURRENT_USER Ntuser.dat and Ntuser.dat.log HKEY_USERS\DEFAULT Default and Default.log With the exception of Ntuser.dat and Ntuser.data.log , the hive files are stored in systemroot\System32\Config . The Ntuser.dat and Ntuser.dat.log files are stored in \Documents and Settings\user for systems with clean Windows 2000 installations or upgrades from Windows 9x. Systems upgraded from Windows NT store the Ntuser.dat and Ntuser.dat.log files in systemroot\Profiles\user . Windows 2000 uses a process know as flushing to ensure a reliable, working copy of theregistry at all times, guarding against attempted registry changes not being completed. Attempted changes to the registry, when a given number of seconds has passed or the modifying application explicitly requests it, are flushed or saved to disk. The following explains how flushing occurs for all but the SYSTEM hive ( HKLM\SYSTEM ): 1. Modified data is written to the hive log file so that the data can be recon- structed if the system halts or fails before the data is written to theregistry file. 2. The log file is flushed upon completion of a successful update to the log file. 3. Windows 2000 marks the first sector of theregistry file to indicate that it is in the process of being modified (dirty). 4. The changes are written to theregistry file. 5. Upon successful completion of the write operation, the first sector is modified to indicate successful completion (clean). 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 693 694 Part V ✦ Availability Management When Windows 2000 reads the hive files to construct the registry, it checks the sta- tus of each file. If the system failed during a previous registry update operation, theregistry file will still be marked as dirty. In that situation, Windows 2000 attempts to recover theregistry file using the log file. The changes identified in the log file are applied to theregistry file, and if successful, the file is marked as clean. The SYSTEM hive behaves a little differently from the others in terms of fault toler- ance. The systemroot\System32\Config folder includes a file named System.alt , which is a clean copy of the current System registry file. After a successful modifica- tion of the System file, it is copied to System.alt for use as a backup. If a problem occurs with the System hive file during boot, Windows 2000 switches to System.alt . Having a backup of theregistry is critical to being able to recover a failed system. Although Windows 2000 provides fault-tolerant management of theregistry hive files, you should employ some additional procedures to ensure a valid, working copy of the registry. See the section “Backing Up and Securing the Registry” later in this chapter for detailed information. You’ll also find coverage of backup proce- dures in Chapter 17. Registry Hive Files As we mentioned earlier, theregistry is divided into five logical hives. This section looks at each hive in a bit more detail. HKEY_LOCAL_MACHINE As explained earlier, the HKEY_LOCAL_MACHINE (HKLM) root key contains hard- ware and operating system settings for the local computer. HKLM contains the fol- lowing subkeys: ✦ HARDWARE: This key stores the physical hardware configuration for the computer. Windows 2000 recreates this key each time the system boots suc- cessfully, ensuring up-to-date hardware detection/configuration. ✦ SAM: The Security Account Manager key contains security data for users and groups for the local machine. ✦ SECURITY: This key contains data that defines the local security policy. ✦ SOFTWARE: This key stores data about installed software. ✦ SYSTEM: This key stores data about startup parameters, device drivers, services, and other system-wide properties. When corresponding settings are found in the HKCU key, those settings override settings in HKLM for the current user for certain data. If no corresponding settings exist, those in HKLM are used. For certain items such as device drivers, the data in HKLM is always used regardless of whether the data also resides in HKCU. 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 694 695 Chapter 18 ✦ TheRegistry HKEY_USERS The HKEY_USERS (HKU) key stores user profile data for users who log on to the computer locally, as well as the default user profile for the local computer. It con- tains a subkey for each user whose profile is stored on the computer, in addition to a key for the default user (.DEFAULT). It’s virtually impossible to identify a given user from the SID, but you wouldn’t want to try to modify settings in this key any- way except through the administrative tools that modify the registry. If you do need to modify settings directly, use the HKCU key instead. HKEY_CURRENT_USER As explained previously, the HKCU key is an alias for the KHC\SID key, where SID is the SID for the current local user. In other words, HKCU points to theregistry key in HKU where the currently logged-on user’s registry data is stored. It contains the fol- lowing subkeys: ✦ AppEvents: This key contains data about application and event associations such as sounds associated to specific events. Use the Sounds and Multimedia object in the Control Panel to modify settings in this key. ✦ Console: This key contains data that defines the appearance and behavior of the Windows 2000 command console (command prompt) and character-mode applications. Use the application or command console’s Control menu to define settings in this key. ✦ Control Panel: This key contains data normally set through the Control Panel applets. ✦ Environment: This key contains environment variable assignments for the current user. ✦ Identities: This key contains user-specific identity information such as last user ID, last user name, and software-related identity settings for Outlook Express, the address book, and so on. ✦ Keyboard Layout: This key stores information about the user’s keyboard layout and key mapping for international settings. Use the Regional Options object in the Control Panel to modify these settings. ✦ Network: This key stores data about the user’s network connections. ✦ Printers: This key stores data about the user’s printer connections. ✦ RemoteAccess: This key stores data about the user’s Internet profile and dial-up connection settings. ✦ Software: This key stores data about the user’s installed applications. ✦ UNICODE Program Groups: This key stores data about the user’s UNICODE Program Groups and is usually empty unless the system has migrated to Windows 2000 from an original Windows 3.1 installation (unlikely in most cases). 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 695 696 Part V ✦ Availability Management ✦ Volatile Environment: This key stores volatile operating environment data such as the user’s application directory (usually \Documents and Settings\ user\Application Data ) and logon server. HKEY_CLASSES_ROOT The HKCR key stores data about file associations and is built from HKLM\SOFTWARE\ Classes and HKEY_CURRENT_USER\SOFTWARE\Classes, with the value in HKCU tak- ing precedence. It contains numerous keys, one for each file/document type. Use the File Types tab of the Folder Options object in the Control Panel to modify file associa- tions. See Chapter 5 for more information about the Control Panel applets. HKEY_CURRENT_CONFIG The HKCC key is an alias of HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\ Current, and it stores hardware configuration data about the local computer relating to device assignments, device drivers, and so on. It contains two keys: Software and System. The Software key stores settings for system fonts and a handful of applica- tion settings. The System key stores a partial copy of the CurrentControlSet key in HKLM\SYSTEM\CurrentControlSet. Keys and Values As you’ve read up to this point, keys serve as containers in the registry. Keys can contain other keys (subkeys). Keys can also contain value entries, or simply, values. These are the “substance” of the registry. Values comprise three parts: the name, data type, and value. The name identifies the setting. The data type describes the item’s data format. The value is the actual data. The following list summarizes data types currently defined and used by the system: ✦ REG_BINARY: This data type stores the data in raw binary format, one value per entry. TheRegistry Editors display this data type using hexadecimal format. ✦ REG_DWORD: This data type stores data as a four-byte number, one value per entry. TheRegistry Editors can display this data type in binary, hexadeci- mal, or decimal formats. ✦ REG_EXPAND_SZ: This is a variable-length string that includes variables expanded when the data is read by a program, service, and so on. The vari- ables are represented by % signs, and an example is the use of the %system- root% variable to identify the root location of the Windows 2000 folder, such as a path entry to a file stored in systemroot\System32 . One value is allowed per entry. ✦ REG_MULTI_SZ: This data type stores multiple string values in a single entry. String values within an item are separated by spaces, commas, or other such delimiters. 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 696 697 Chapter 18 ✦ TheRegistry ✦ REG_SZ: This data type stores a single, fixed-length string, and is the most common data type used in the registry. ✦ REG_FULL_RESOURCE_DESCRIPTOR: This data type stores a series of nested arrays such as a resource list for a device driver or hardware component. Registry Size As you install additional services, hardware devices, and applications, as well as add local user profiles, theregistry grows. Theregistry is stored in a portion of the system’s virtual memory called the paged pool. Windows 2000 needs a mechanism to prevent theregistry from growing to fill the paged pool with registry data. The default minimum size for theregistry is 16MB, or a third of the size of the default paged pool (48MB). You can increase theregistry maximum size in situations where theregistry needs to grow larger than the minimum size of 16MB. Increasing the maximum size of theregistry doesn’t actually allocate that much disk space to the registry, but simply sets the maximum size theregistry can reach. The maximum size also has no bearing on whether the disk space is available to contain the reg- istry. Windows 2000 doesn’t check theregistry size against the maximum size until after the system boots. This ensures that the system can boot even when the maxi- mum size is reached. You can set the maximum size of theregistry by modifying theregistry directly. However, you should preferably use the System object in the Control Panel to mod- ify the maximum registry size. See Chapters 1 and 6 for detailed information on using the System object to configure virtual memory settings. TheRegistry Editors Windows 2000 provides two Registry Editors, regedit.ex e and regedt32.exe , for viewing and modifying the registry. Both enable you to connect to, view, and modify a registry on a remote computer. Before you go tromping through the registry, how- ever, keep two things in mind: 1) you need to have a good backup copy of the reg- istry, and 2) you need to be careful with changes you make, as you could introduce changes that might potentially prevent the system from booting. That’s why a backup copy is so important. Make sure you read the section, “Backing Up the Registry,” in Chapter 17. Also, before you start playing with theRegistry Editors, keep in mind that most changes, whether for the system, user, service, application, or other object, should be made with the administration tools for that object. You should only use theRegistry Editors to make changes not available through other administration tools. Cross- Reference 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 697 698 Part V ✦ Availability Management Both Registry Editors provide much the same capabilities for viewing and editing the registry. Each has a few features that make it more useful in a given situation. The following sections explain each of the editors and explore the situations in which one is preferable to the other. Regedit.exe The first of theRegistry Editors is Regedit.exe , which Setup places by default in the systemroot folder. Regedit displays theregistry in a single, two-pane window. Theregistry tree appears in the left pane, and the results pane on the right shows the object currently selected in the tree (Figure 18-2). To view a particular key or setting, expand the tree and select the object you want to view. Click Start ➪ Run, type regedit in the Run dialog box, and click OK to start Regedit. Figure 18-2: Regedit displays theregistry as a hierarchical tree in a single window. The following list summarizes the features unique to Regedit and situations in which you might use those features: ✦ Search: You can choose Edit ➪ Find to search through theregistry for a given value. Theregistry is a big place, and having the ability to search for a key or value name helps you quickly locate the data you need to view or modify. Regedt32 only provides the ability to search for a key, not a value. ✦ Single tree display: Regedit displays theregistry as a single hierarchical tree, bringing all the keys together in one structure. This eliminates the need to switch between different windows to work with different keys. Note 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 698 [...]... different computer but don’t want to go through the whole installation process Instead, you’d rather just copy the files over to the other computer In this case, you can export the application’s portion of theregistry to a text-based registry file After you copy the application’s files to the other system, you can import theregistry file into the other computer’s registry A similar example would be installing... branch or the entire registry to a text file Tip You can use any text editor to view and, if necessary, modify theregistry file Importing a registry script adds the contents of the file to the registry, creating or replacing keys and values with the imported values Using the program installation example described previously, you’d import theregistry values for the program you want to add to the computer... Editing a Remote Registry You can edit theregistry of a remote computer subject to your permissions and rights on the remote computer, as well as how the remote system is configured To open theregistry from another computer in Regedit, click Registry ➪ Connect Network Registry and specify the computer name or browse for it Theregistry for the remote computer appears as a separate branch in the tree pane... replacing the existing key of the same name (you specify the name for the new hive) You can modify the settings in the key, then unload the hive and copy it to the target system, if necessary To load a hive, open Regedt32 and choose Registry ➪ Load Hive Regedg32 prompts you for the location and name of the previously saved hive Select the file and click Open Specify a name for the key under which the hive... without running the program’s Setup program You have two ways to import a registry file: Use one of theRegistry Editors or simply double-click a registry script To import a key in Regedt32, choose Registry ➪ Restore and select a binary registry file To import a registry key in Regedit, choose Registry ➪ Import Registry File Locate and select the text file, then click Open Regedit loads theregistry file... either tool, changes take effect immediately In addition, double-clicking a registry script file causes Windows 2000 to incorporate into theregistrythe settings stored in the file (after prompting you to confirm) 4667-8 ch18.f.qc 5/15/00 2:08 PM Page 703 Chapter 18 ✦ TheRegistry Note You also can choose Start ➪ Run and enter the name of theregistry file to import the file’s settings into the registry. .. access If you’ve removed theRegistry Editors from a system and need to modify its registry, you can do so remotely from another computer that does contain a Registry Editor See the section, “Securing Remote Registry Access,” later in this chapter if you want to prevent remote editing of theregistry Applying Permissions to Registry Keys Another way to protect theregistry or portions thereof is to apply... can access theregistry subject to the permissions assigned to individual keys If the key exists, Windows 2000 checks the permissions on the key to determine whether or not the remote user can gain access to theregistry (and levels of access) Individual keys then determine what these remote users can do with a given key So, winreg is the first line of defense, and individual key ACLs are the second... in theregistry to prevent unauthorized access that could potentially give a remote user or hacker the ability to change settings that would grant him or her access or cause damage You also can prevent remote administration of a registry and protect theregistry in other ways This section of the chapter explains your options Preventing Access to theRegistry Perhaps the best way to protect the registry. .. of theregistry you want to export Choose Registry ➪ Export Registry File Regedit displays the Export Registry File dialog box shown in Figure 18-5 Specify a file name for theregistry file and select either All or Selected 701 4667-8 ch18.f.qc 702 5/15/00 2:08 PM Page 702 Part V ✦ Availability Management branch, depending on how much of theregistry you want to export Then click Save to create the . 18 CHAPTER ✦✦✦✦ In This Chapter The Purpose of the Registry The Registry s Structure The Registry Editors Securing the Registry ✦✦✦✦ 4667-8 ch18.f.qc 5/15/00. of the reg- istry to a text-based registry file. After you copy the application’s files to the other system, you can import the registry file into the other