Security

Windows Registry hacks

On March 30th Ivan Mayes ventured with us to where angels fear to tread: Windows Registry. Join us and learn some of the Windows Registry hacks that shed some light on this formerly dark place.


On March 30th Ivan Mayes led a path where even angels fear to tread. Read his insight into a few Windows Registry hacks.If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting.

On March 30th Ivan Mayes led a path where even angels fear to tread. Read his insight into a few Windows Registry hacks. If you couldn’t join us then, check this issue’s Bookmarks page for future meeting dates and topics. We hope to see you soon on our weekly live chat.

Note: TechProGuild edits Guild Meeting transcripts for clarity.

Welcome to the Guild Meeting!
HUEVOS: G'evening, gentlemen.

MICHEALKCLARKE: Greetings.

JLWALLEN: Evening all.

MIKKILUSA: Good evening oh batch file king juevos!

HUEVOS: I got the 95s working, now NT/2000...

JCADMUS: Hello, everyone!

HUEVOS: Hi.

MICHEALKCLARKE: Hi there, jcadmus.

JVHOWARD: Hi everyone!

MODERATOR: Hello everyone and welcome to tonight's guild meeting! Tonight TechProGuild is pleased to bring you Ivan Mayes, who will enlighten us about hacking the Windows Registry. Our speaker should be here any moment.

HUEVOS: Hi.

GJANI: Hello everyone.

JVHOWARD: Will we be able to get questions answered?

HUEVOS: Hi.

MODERATOR: Tonight we'll be giving away a few prizes...which I will announce at the end of the meeting <thought I’d make you wait>. In the meantime...until our speaker arrives...get those questions ready!

MIKKILUSA: Yes jvhoward. If you’re lucky hehehhe.

GJANI: How nice of you...Moderator.

Welcome Ivan Mayes
MODERATOR: Our speaker is here! He’s logged in as ivandmm! Everyone welcome Ivan Mayes!

MIKKILUSA: WELCOME OH MASTER OF THE REGISTRY!

TECH84: Howdy, Ivan.

HUEVOS: Welcome.

JVHOWARD: Welcome Ivan!

JCADMUS: Welcome.

TLSNC: All hail!

GJANI: Hello Ivan.

IVANDMM: Thanks — we love technology don't we...since I couldn't log in through the Java Lite, I'm using mIRC — sorry about any problems. Okay —- where should we start?

MIKKILUSA: All the Registry’s hacks you know in 55 minutes or less.

JCADMUS: And safety nets.

HUEVOS: Importing .reg files through command prompt.

MIKKILUSA: Screen capture program awaits eheheheh.

Backing up the Registry
IVANDMM: Well — how about starting with the prerequisite backing up the Registry — it’s a safe thing to do if you plan on monkeying around in there...

GJANI: Not a bad idea.

JVHOWARD: Ok.

MIKKILUSA: ERD is the best I find for that.

TECH84: Is it really a big deal to use Regedt32, as opposed to REGEDIT, in NT/2000?

IVANDMM: Regedt32 vs. REGEDIT — a few important differences —

TECH84: REGEDIT has that spiffy "export registry" feature.

IVANDMM: While REGEDIT allows you to export & import text files, it won't do binary files; Regedt32, on the other hand, will let you export and import binary files...

TECH84: Ahhh… I see.

HUEVOS: What is a binary file?

IVANDMM: Regedt32 offers security as opposed to REGEDIT.

JVHOWARD: 1s and 0s.

JVHOWARD: With all of the sources out there, do people really use binary?

IVANDMM: But I digress — backing up the Registry — obviously using ERD is the de facto — ntbackup.exe can back up your Registry on the fly — even while up and running.

What is ERD?
JCADMUS: What is ERD?

JVHOWARD: And is this an NT only command?

TLSNC: Emergency Repair Disk.

IVANDMM: Emergency Repair Disk.

TLSNC: No, Windows 9X has them too.

IVANDMM: There are a *few* differences in the way the Registries 'act' between 3.x (almost useless since everything is based in *.ini files).

IVANDMM: 9x and NT, and 2000 offer even more incremental differences.

BORODKIN: Such as?

JVHOWARD: And where can the backup be found?

EMOORE: Ivan - Can editing the Registry in Win98 help get rid of my Inbox icon, since it won't go away even after I deleted the program?

TLSNC: The Export Registry command creates a file with a .reg extension. By default it will be in whatever folder you are in at the time. Place it wherever you want it.

Storm: Emoore - that's sort of strange, I just simply deleted it, it never had an issue with me on that.

Storm: On both of my machines.

EMOORE: Storm - when I right-click on the icon, it doesn't have a delete option. I guess I'm just lucky???

STORM: Does highlighting and hitting delete (or shift-delete work?) I can’t test it, I haven't one on the systems ;-)

EMOORE: Nope.
Our Guild Meetings feature top-flight professionals leading discussions on interesting and valuable IT issues. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.
IVANDMM: But — some of the programs, such as RegClean — can create backups as well as "clean” your Registry of old unused and leftover keys — it also offers a safe way to restore a prior copy of your Registry — this is for 9x boxes.

STORM: Hmmm,... my official diagnosis then??

EMOORE: I wonder what would happen if I deleted everything in the Registry that had to do with MS Exchange?

STORM: It's broken.

EMOORE: Duh :-)

HUEVOS: But run RegClean a couple of times for completeness.

MIKKILUSA: I read about a reg hack to make 98 program columns llok like 95 with multiple columns. It did work, do you know this hack?

STORM: Er, I think I remember Outlook, etc. using MS Exchange,.. don't quote me, though.

TLSNC: RegClean creates more problems than it cures in my experience!

MIKKILUSA: llok=look

TECH84: So RegClean is pretty safe now? I used it a few years back and it screwed up my system.

STORM: Mikkilusa - yeah, I read the same, e-mail me and I'll see if I can find it.

What doesn’t screw up Windows?
HUEVOS: What doesn't screw up Windows?

MIKKILUSA: I have it, it just did not work Storm.

EMOORE: I haven't found anything yet, HUEVOS!

TECH84: Haha... good point. That was 95, which I no long use.

TECH84: Oops… no longer use, I mean.

TLSNC: Right on tech84. I just used it last month. Messed up my Network Neighborhood and Netscape.

STORM: Mikkilusa - I have one that supposedly works, there are many out there that don't... I'll forward the e-mail, it went thru a coupla revisions to make it work.

EMOORE: Storm - is that a version of RegClean you are talking about?

IVANDMM: What are some of the favored Registry Editors out there that you people prefer?

JVHOWARD: I have gone into msconfig to remove a CONFIG.SYS file, and it now boots up with 'rem' in front of this file, how do I remove it?

STORM: Emoore - no, a way to make multicolumns in the program,... start menu :)

TLSNC: Ivan, I just use REGEDIT.

JVHOWARD: I use TweakUI and MS config.

TECH84: I use REGEDIT most of the time, and occasionally Regedt32.

EMOORE: Ivan, all I use is REGEDIT (Win98).

TECH84: Although I do use TweakUI on my laptop.

What does TweakUI do?
EMOORE: Does TweakUI do the same thing as REGEDIT?

IVANDMM: TweakUI is obviously the MS standard — KVManager is nice —- if you are managing a number of machines, something like the Multi-Remote Registry Change app will allow you to wrangle control over multiple machines from a centralized point.

JVHOWARD: No.

JVHOWARD: TweakUI is simple but cannot do as much.

TLSNC: Where do we get KVManager?

IVANDMM: TweakUI allows a GUI to perform what you would normally have to do manually in REGEDIT — changing Win environment, settings, etc. — a safer way.

EMOORE: How do I get TweakUI?

TLSNC: Download at Microsoft.

MIKKILUSA: TweakUI is cool but we want all the undocumented cool hacks you know. Ivan?

IVANDMM: TweakUI — go to Microsoft’s page.

JVHOWARD: Me too.

IVANDMM: Ok — desktop, network –

Undocumented hacks
TLSNC: Speaking of undocumented hacks. How do people find these?

JVHOWARD: Is there a place to study the Registry hacks?

ME54C: Can we discuss Logon Scripts here?

IVANDMM: The absolute best site on the Web concerning Registry is www.regedit.com —

TLSNC: Who would have guessed that one!

JVHOWARD: Thank you!!

IVANDMM: That should cover the volumes that could be written — and have been — about the Registry.

MIKKILUSA: Yea thanks Ivan, know the page. 1001 hacks Microsoft does want you know page please?

TLSNC: Ivan, what are some of your most used hacks?

MIKKILUSA: Add not in there hehehe.

IVANDMM: Since cable & DSL are getting big now – let’s talk about speeding up TCP/IP — this is good even for regular POTS connections like 56K as well.

TECH84: Sounds good to me, Ivan!

TLSNC: Sounds like a good place to start.

EMOORE: I could use that info, too!

IVANDMM: Since TCP/IP is preconfigured with things like a predetermined Time To Live (TTL default is 32)...TTL is the lifetime of a packet before it is ignored and dies out...

ME54C: Is this working?

IVANDMM: To pump up the TTL — obviously, the longer it has to live — it gets a better chance of transmittal —

IVANDMM: In HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP

Don’t forget the Login Scripts
ME54C: Will there be a discussion on Login Scripts on this forum?

IVANDMM: Under the value DefaultTTL , modify it from 32 to say, 64 or 128 — anything above that is usually useless.

HUEVOS: I would like that.

MODERATOR: We could possibly arrange a discussion on login scripts.

ME54C: How??

IVANDMM: In relation to user profiles?

MODERATOR: Just so everyone knows, we have 15 minutes left in tonight’s meeting.

HUEVOS: Why does importing a certain string (in a .reg file) not take effect on the 1st try?

TLSNC: Are you rebooting after you make the change?

HUEVOS: No, but it doesn't need to if ran twice.

HUEVOS: X2 does the trick.

MIKKILUSA: Riverside, Saltney, Chester. CH4 8RS.

MIKKILUSA: Tel: ++ 44 (0) 1244 674774 Fax: ++ 44 (0) 1244 682218.

IVANDMM: If you use Regedt32 it should take w/o the need to reboot — of course, that applies to NT & W2K, and not 9x.

HUEVOS: It's Win 9x.

JVHOWARD: Is there a reg trick to remove a CONFIG.SYS entry?

HUEVOS: No, to modify clip art path in Office 97.

TLSNC: From the Registry or from the CONFIG.SYS file itself.

More hack questions
HUEVOS: How do you remove CONFIG.SYS entry?

JVHOWARD: Whichever works is fine.

TECH84: This is kind of a cheesy hack question... I once saw a hack to have the My Computer icon display %username% on %computername% instead of My Computer. I can't remember the hack, though. Could you refresh my memory, please?

TLSNC: Open the CONFIG.SYS in Notepad, delete the entry, save the file.

HUEVOS: Oh thanks tlsnc =->

MARTINCHURCH: If you’re talking about removing a driver from the CONFIG.SYS without delete, place rem before the command line you want eliminated.

TLSNC: Ivan any more hacks for the modems?

JVHOWARD: How do I access the file? In find?

MARTINCHURCH: CONFIG.SYS is found at the root of your boot drive.

JVHOWARD: I already have rem in front of it and now I boot up with rem in front of it.

TLSNC: In CONFIG.SYS I always use ; in front of line.

JCADMUS: Why not just edit the CONFIG.SYS and delete the line (from DOS)?

MARTINCHURCH: Then the device is not running and DOS has let you know it has run the program.

IVANDMM: In addition to the aforementioned TTL upswing, pushing up the # in defaultRcvWindow to a max of 4288 will speed things up.

Whoops! What about mistakes
MARTINCHURCH: If you make a mistake it is easier to correct the error.

TLSNC: JV make sure you have your view settings set to show MS DOS extensions.

IVANDMM: It resides in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP , the value being DefaultRcvWindow.

TECH84: Thanks, Ivan!

HUEVOS: How do you change NT WS to server with a hack? =->

MARTINCHURCH: What if this key is missing from the reg in Win95. I checked on this system and your TTL is missing from mine. I have a 33.6K.

IVANDMM: Basically, the receive window is a 'holding tank' of sorts that takes in TCP transmissions while backing up the other requests....

JVHOWARD: Thank you everyone!

STORM: Mikkilusa - check your mail.

IVANDMM: If you don't have either of these keys, you can add them by creating a new string value in the key above.

MARTINCHURCH: Rats, another short meeting with lots to talk about.

Countdown begins
MODERATOR: Well ladies and gents we have but 4 minutes left. I’m going to say this has been such a difficult month as far as prizes are concerned that we're going to have to hold off until next week to make the announcement. This time around the entire TPG team is going to bash heads together and choose the winner. So what I would like you to do is, everyone at tonight's meeting please send me your screen name and e-mail address (send it to jwallen@techrepublic.com) and early next week we'll announce the

TLSNC: By-the-by JV, you could also run SysEdit from the Start menu. That will give you all the system configuration files at once.

IVANDMM: Make sure you name it DefaultRcvWindow and set the value (4288 above) or a string value Default TTL with a value of 64, etc.

TLSNC: And give you a backup file automatically just in case.

MODERATOR: Also...there will be another guild meeting this Friday at 2 P.M. ...it will be an open discussion and I encourage all of you to return and continue this topic. That's 2 P.M. EST.

MODERATOR: Does anyone have any last questions for Mr. Mayes?

IVANDMM: Yeah, can he get another coffee?

MIKKILUSA: Thanks Mr. Mayes and the cut off e-mail is jwallen@techrepublic.com.

JCADMUS: Is there an updated REGEDIT for W2K or is it the same as Win 98?

HUEVOS: Thanks.

MODERATOR: Don’t forget TechRepublic has our forums where you answer and get answered all your IT questions! Just go to www.techrepublic.com and look for the forums link!

EMOORE: Thanks for the useful info, Ivan!

IVANDMM: For W2K you have both REGEDIT and Regedt32 —

JCADMUS: Thank you, Ivan!

MODERATOR: Have a great night all! If you have any suggestions on topics for the guild meetings or content please send them my way!

STORM: Moderator - you already have my info, do I need to resend it?

Thanks Ivan for all the info
MARTINCHURCH: Thanks for the info!

TLSNC: Thanks, Ivan!

MODERATOR: Go ahead and resend even if I already have it (better safe than sorry) ;-)

TECH84: Thanks, Ivan!

MIKKILUSA: Nite all.

JCADMUS: Nite.

HUEVOS: Bye.

MODERATOR:G'night all. Have a safe evening and we hope to see you back!

IVANDMM: Thanks and sorry for the slight delay — if there are any specific questions that I might be able to answer regarding this topic, please e-mail me & I will try to answer them individually.

MARTINCHURCH: 73's.

STORM: Have a good night guys, and thanks to Ivan.

TLSNC: Good night y'all!
Our Guild Meetings feature top-flight professionals leading discussions on interesting and valuable IT issues. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.

Editor's Picks

Free Newsletters, In your Inbox