Monitor and control registry changes with Resplendent Registrar

Editing the registry is a dangerous business. You can do it more safely with Resplendent Registrar, which offers enhanced monitoring, searching, and backup and restore features.

For Windows servers and workstations, the registry is the brains of the system. Myriad pieces of information are stored there, from such details as the location of the Windows installation files to the name of the most recent logged-on user to specific settings for each program. Indeed, if the registry becomes corrupt, the system may be unable to boot, users may be unable to log on, or programs may run improperly—if they are able to run at all.

Because of its importance to the proper operation of the system, managing changes to this critical resource is vital, especially for servers. I'm going to introduce you to a shareware program that can actively monitor the Windows registry for changes and that allows registry key undo/redo and backup/restore. This product, called Resplendent Registrar, is available for download for a trial period of 21 days. After that, you can purchase it for $44.95.

What it has to offer
Resplendent Registrar provides administrators with a full-featured tool for managing the registry on all Windows systems, including Windows 9x. From interface features such as color-coding certain registry entries to the ability to back up and restore the registry, this product is more than capable of handling almost any registry task.

One of the most useful features is the program's ability to monitor the registry for changes made by external programs. Although this feature works only on Windows NT, 2000, and XP, it can potentially save administrators hours of troubleshooting time if a server fails because of a registry problem.

Installing Resplendent Registrar is just a matter of downloading it and running the single executable. This installs the trial version of the program, which works for three weeks before it needs to be registered. For this article, I used version 3.21.

Running Resplendent Registrar
To run the program, use the desktop icon or the Start menu entry. Either way, the first time the program runs, it will make adjustments for any previous versions it finds and then display the main screen, shown in Figure A.

Figure A
Resplendent Registrar running on a Windows XP system

Anything that you can do with RegEdit can be done in Resplendent Registrar, including assigning permissions to keys or hives and assigning ownership. To check on permissions or ownership of any key or folder, right-click it and choose Properties. Then select the appropriate button—either Permissions or Take Ownership. See Figure B for an example of the Properties page for the HKEY_LOCAL_MACHINE\SOFTWARE key.

Figure B
The Properties screen for the HKLM\SOFTWARE key

In addition, Resplendent Registrar provides additional details about the key or folder you select, such as the number of subkeys, the number of values in the current key/folder, the last time an entry was added or modified, and the name of the user who owns the key.

Searching the registry
Searching the registry can be a huge time-saver. I’ve often taken that approach to locate information such as the key that stores the path to the Windows installation files. Using RegEdit, you are provided with a simplistic search box with little in the way of features. For example, you can’t limit a search to a specific key, and during the search, you are forwarded to the next hit one by one until there are no more search hits.

Using Resplendent Registrar, you can perform much more powerful searches. For instance, suppose you are using Resplendent Registrar on a workstation and are looking for all of the keys that have "Exchange" in them so that you can troubleshoot an Outlook problem. Instead of providing a text/word search like RegEdit does, Resplendent Registrar gives you a snapshot of all of the results in a grid, which makes it much easier to see how many hits there were and whether they are relevant. Clicking on any of the results will bring up the full contents of the key in another window. Figure C shows an example of the Resplendent Registrar search results grid.

Figure C
Resplendent Registrar's search feature is superior to RegEdit's.

Backup and restore
Having a good backup for the registry is always a good idea, especially for servers, and should be a part of a disaster recovery plan. Resplendent Registrar can help achieve this goal with its built-in registry backup and restore function. But more than providing a simple backup, Resplendent Registrar enables you to store multiple backups to provide a snapshot of the current registry at any time.

To use this feature, choose File | Backup And Restore, click the camera icon at the bottom of the window, and choose Backup from the list of options. Next, you can optionally type a descriptive name for the backup and click OK. When the process is finished, the backup will appear in the list and show a status of Complete (Figure D). To restore from a point-in-time backup, choose the snapshot you want to restore and click the folder icon at the bottom of the screen. Resplendent Registrar warns you that this will overwrite the current registry before allowing you to continue.

Figure D
Resplendent Registrar shows that two backups have been made of the registry.

Registry defragmentation
Your registry is simply a database stored on a hard disk. Like standard files on a disk, including other types of databases, it needs occasional maintenance in the form of defragmentation. In addition to making the registry more efficient, this will make it smaller. A registry that gets too large can seriously affect the system, to a point of making it unable to boot. To use the defragger in Resplendent Registrar, choose Tools | Defragment Registry. Note that this procedure requires a reboot after it finishes. So if you do this on a production system, wait for a maintenance window or do it on off hours.

Monitoring the registry
One feature you may find useful is Resplendent Registrar's ability to monitor the registry in real time. This can provide an overwhelming amount of information if you want it to. Out of the box, Resplendent Registrar shows you every modification made to the registry by all running processes, but it also shows you every query to the registry as well. Personally, I don’t care to know that the Outlook.exe process had to query the registry to locate the name of my Exchange server, but I might be interested in knowing that a registry key was changed manually by someone using RegEdit or that a specific process modified a key. This information can be helpful in troubleshooting.

To start the registry monitor, choose Tools | Registry Monitor and watch your screen come alive. In the 10 seconds it took me to change Resplendent Registrar to show me just changes to the registry, I was shown hundreds of registry queries by everything from Explorer.exe to Word to Svchost.exe to Outlook. To change how Resplendent Registrar monitors registry activity, click the Options button. I changed my installation to monitor only registry changes, as shown in Figure E.

Figure E
You can modify the registry monitor using the Options dialog box.

Once I made this change, the activity in the monitor was reduced significantly. Figure F shows some of the registry information that Resplendent Registrar captured. You will notice that some of the actions are queries to the registry rather than changes. This is because I took this screenshot immediately after making the modification to watch only for changes, and there were still some earlier entries on the screen for queries.

Figure F
Resplendent Registrar captures every change made to the registry.

You can save this information to a .reg file by clicking the disk icon. This could be useful if you want to make changes to a system and then make identical changes to another system.

Remote work
Assuming that you have proper permissions, you can also use Resplendent Registrar to work with registries on remote systems, with the same functionality as the local version. To do this, just choose File | Connect To Remote Registry.

Affordable benefits
Resplendent Registrar is a powerful utility that can make modifying the registry a little easier as well as a little safer. In addition, using the monitor process, you can make a snapshot of registry changes for later analysis or for creating a “script” of changes for other systems. At $44.95 for a single system and licenses running as low as $11.25 in volume, Resplendent Registrar is an affordable tool that provides excellent benefits.

