Microsoft

Build Your Skills: Prepare for MCP exams by learning the Windows 2000 registry

Prepare for Microsoft Certification exams by learning the Windows 2000 registry


Don’t blow an MCP exam just because you forgot to study the Windows 2000 registry. Make sure that you spend time reviewing the Win2K registry structure and working with Win2K’s two registry editors before you try your hand at any of the following exams:
  • Exam 70-210: Installing, Configuring, and Administering Microsoft Windows 2000 Professional
  • Exam 70-215: Installing, Configuring, and Administering Microsoft Windows 2000 Server
  • Exam 70-240: Microsoft Windows 2000 Accelerated Exam for MCPs Certified on Microsoft Windows NT 4.0

Registry editors
Two registry editors exist in Windows 2000. They are both named Registry Editor, which makes it a little hard to differentiate between the two. Open the registry editors by clicking Start | Run and typing either REGEDIT or REGEDT32.

Entering REGEDIT displays the screen similar to that shown in Figure A. The REGEDIT editor, by default, displays all registry keys in the form of a hierarchical tree in the left pane. In the right pane, REGEDIT lists registry entry information associated with the registry key that’s highlighted in the left pane.

Figure A
By default, the REGEDIT editor displays information in two panes.


Using REGEDIT, you can perform all of the following tasks:
  • Import and export registry files
  • Connect to a remote registry
  • Print selected registry keys or the entire registry
  • Create or rename new registry entries

Anytime you view or edit the registry, you must work carefully. Transpose just two characters or enter a value incorrectly, and you risk losing data or rendering a system unbootable.

You must be especially careful using REGEDIT, as doesn’t offer a “view only” feature, as REGEDT32 does.

REGEDT32 lists each top-level registry key in its own window, as shown in Figure B.

Figure B
REGEDT32 lists each top-level registry key in its own window.


You can perform most of the same tasks using REGEDT32 that you can using REGEDIT, including editing and creating registry values. You can also use REGEDT32 to perform the following operations:
  • Load and unload registry hives
  • Save keys
  • Select Read Only Mode
  • Configure registry permissions

One of REGEDT32’s biggest benefits is its Read Only option. From the Options menu, select Read Only Mode. Then you can search, view, and compare registry values without accidentally deleting or changing existing registry information.

REGEDT32 also offers different display options. You can elect to view trees only (just the registry keys), trees and data (the registry keys and their accompanying data values), or data only (just the registry data values). Select your preference from REGEDT32’s View menu.

Another critical operation REGEDT32 supports is the setting of registry security permissions. Select Permissions from the Security menu to configure access rights for registry keys, as shown in Figure C. Just add and delete permissions as you would for a file share.

Figure C
You can edit user permissions for each registry key using REGEDT32.


Registry keys
The Windows 2000 registry is composed of five root, or subtree, keys. These root keys contain subkeys. For example, Hardware is a subkey of the HKEY_LOCAL_MACHINE root key.

Each of the root, or top-level keys, contains specific information. Here’s a breakdown of each one.

HKEY_CLASSES_ROOT
File association information is stored in the HKEY_CLASSES_ROOT registry key. Microsoft Internet Explorer, Word, Excel, and other applications rely upon the file association information stored in this key to determine which program to use to open which files.

Component Object Modeling, a critical component Windows 2000 uses to complete processes and operations, also relies upon information found in the HKEY_CLASSES_ROOT key.

HKEY_CURRENT_USER
User application preferences are housed in the HKEY_CURRENT_USER key, which stores information related to the user who is logged in to the system. Everything from desktop wallpaper to printer preferences to remote access settings specific to the logged-in user are kept in this registry key.

HKEY_LOCAL_MACHINE
All hardware, security, software, and system information specific to a workstation or server is stored in the HKEY_LOCAL_MACHINE registry key. Most of the information stored in the HKEY_CURRENT_CONFIG key is kept in the HKEY_LOCAL_MACHINE key, too.

The HKEY_LOCAL_MACHINE subtree stores data regarding all the hardware components attached to a system. Programs and hardware devices (such as a pointing device) whose settings are used by every user account are also stored in this key.

Each time a system boots properly, an important new entry is made in the HKEY_LOCAL_MACHINE subkey. It’s important to understand the different control set keys, which contain important boot information.

A variety of subkeys can be found under HKEY_LOCAL_MACHINE\System. Microsoft refers to them as Current, Default, Failed, and LastKnownGood. The Current subkey, appropriately enough, describes the current configuration in use by the system. The Default subkey holds the control set that will be used by default the next time Windows 2000 boots.

The Failed subkey stores a control set that resulted in a boot failure, should a boot process have failed. The LastKnownGood subkey, meanwhile, holds the last control set that booted Windows 2000 properly. This subkey plays a critical role in helping recover from the installation of bad drivers, hardware components, and other incompatibilities. The LastKnownGood subkey is created once a logon completes successfully by taking a Clone control set created during the Win2K boot process and writing it to the LastKnownGood subkey.

HKEY_USERS
Every time a new user logs on to a system, an entry is created in the HKEY_USERS key. This entry stores configuration and profile information about the user.

Among the settings that are stored here are the user’s wallpaper, screensaver, power configuration, printer, and software program preferences.

HKEY_CURRENT_CONFIG
A system’s current boot state is logged in the HKEY_CURRENT_CONFIG key, which is updated each time a system boots. Software and system information is recorded here. Among the specific items that are tracked in this key are the CurrentControlSet, which includes Plug and Play enumerated devices, and font settings.

Registry values
Knowing the registry keys and the type of information found in each one is important. You should also know the difference between the different registry values you’ll find in Windows 2000. Two types are used most often: REG_DWORD and REG_SZ.

REG_DWORD values are typically used for counters or intervals. They are often set as 0, meaning off, or 1, meaning on. REG_DWORD values appear as eight-byte alphanumeric entries, such as ff800000, or simply 00000001 (or 1).

REG_SZ values are Unicode strings that read as text or numerical strings, such as 20000, FASTDETECT, or biosinfo.inf. They are almost always human-readable.

Other important registry values are REG_BINARY and REG_EXPAND_SZ entries.

REG_BINARY values store registry settings in binary form. They appear similar to this:
0000� 00 40 99 31 2E BF 01 13

REG_EXPAND_SZ values are similar to REG_SZ values, but they also contain variables that can be expanded by applications when appropriate. A sample REG_SZ entry might appear as
%SystemRoot%\MEMORY.DMP

REG_MULTI_SZ entries contain a group of REG_SZ values. Programs read the separate REG_SZ values in a single REG_MULTI_SZ entry, which looks similar to this:
0000� 6B 00 62 64 00 63 00 A3
0008� F4 TT 56 89 3F 22 01 00

Eckel’s take
Entire texts are written covering the Windows 2000 registry, the values that are found there, and methods for configuring and editing registry entries. Hopefully, this column helped bring you up to speed on the basics or refreshed your memory as to the different registry keys, the information stored there, and the types of registry values you’re likely to find.

Be sure to spend some time reviewing the registry and the various settings it contains. It’s best to do so on a test machine, as a stray character here or an accidental deletion there could render a system unbootable. Never make changes to the registry until you’ve backed it up and verified that the backup works properly.

Also, don’t forget which features each registry editor offers. Come test day, you won’t want to have to scramble to remember whether REGEDT32 or REGEDIT offers security permission editing capability. (Hint: It’s REGEDT32.)

Do you have registry editing hints and tips?
We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.


Editor's Picks