Registry Data: How It Is Stored and Used
by William R. Stanek
Microsoft® Windows Server™ 2003 Inside Out
- Microsoft® Windows Server™ 2003 Inside Out
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- A Note Regarding Supplemental Files
- Acknowledgments
- We'd Like to Hear from You!
- About the CD
- Conventions and Features Used in this Book
- About the Author
- 1. Windows Server 2003 Overview and Planning
- 1. Introducing Windows Server 2003
- What's New in Windows Server 2003
- 64-Bit Computing
- .NET Technologies
- Windows XP and Windows Server 2003
- Windows XP Editions
- Increased Support for Standards
- Interface and Tool Improvements
- Active Directory Improvements
- Domains Can Be Renamed
- Active Directory Can Replicate Selectively
- Active Directory–Integrated DNS Zones Can Forward Conditionally
- Active Directory Schema Objects Can Be Deleted
- Active Directory and Global Catalog Are Optimized
- Active Directory Can Compress and Route Selectively
- Forest-to-Forest Trusts
- Active Directory Migration Made Easier
- Group Policy Improvements
- Management and Administration Extras
- Security Advances
- Reliability and Maintenance Enhancements
- 2. Planning for Windows Server 2003
- Overview of Planning
- Identifying Your Organizational Teams
- Assessing Project Goals
- Analyzing the Existing Network
- Defining Objectives and Scope
- Defining the New Network Environment
- Selecting a Software Licensing Program
- Final Considerations for Planning and Deployment
- 1. Introducing Windows Server 2003
- 2. Windows Server 2003 Installation
- 3. Preparing for the Installation and Getting Started
- 4. Managing Interactive Installations
- 5. Managing Unattended Installations
- 6. Using Remote Installation Services
- Introduction to RIS
- Installing RIS
- Configuring RIS Clients
- Preparing RIS-Based Installations
- Using RIS for Automated Installations
- Working with Sysprep
- 3. Windows Server 2003 Upgrades and Migrations
- 7. Preparing for Upgrades and Migration
- 8. Upgrading to Windows Server 2003
- General Considerations for Upgrades
- Upgrading from Windows 2000
- Upgrading from Windows NT 4
- 9. Migrating to Windows Server 2003
- Selecting the Migration Tools
- ADMT
- General Considerations for Migrations
- Determining the Approach to Migration
- Preparing for Migration
- Migrating Security Principals
- Performing the Migration: An Overview
- Migrating Group Accounts
- Migrating User Accounts
- Migrating Passwords
- Migrating the Computers
- Merging Groups during Migration
- Migrating Domain Trusts
- Migrating Service Accounts
- Security Translation
- Generating Migration Reports
- 4. Managing Windows Server 2003 Systems
- 10. Configuring Windows Server 2003
- 11. Windows Server 2003 MMC Administration
- 12. Managing Windows Server 2003
- Using the Administration Tools
- Using the Control Panel Utilities
- Using the Add Hardware Utility
- Using the Add or Remove Programs Utility
- Using the Date and Time Utility
- Using the Display Utility
- Using the Folder Options Utility
- Using the Licensing Utility
- Using the Network Connections Utility
- Using the Regional and Language Options Utility
- Using the Scheduled Tasks Utility
- Using the System Utility
- Using Support Tools
- Using Resource Kit Tools
- Using the Secondary Logon
- 13. Managing and Troubleshooting Hardware
- 14. Managing the Registry
- 15. Performance Monitoring and Tuning
- 16. Comprehensive Performance Analysis and Logging
- 5. Managing Windows Server 2003 Storage and File Systems
- 17. Planning for High Availability
- 18. Preparing and Deploying Server Clusters
- 19. Storage Management
- Essential Storage Technologies
- Configuring Storage
- Managing MBR Disk Partitions on Basic Disks
- Managing GPT Disk Partitions on Basic Disks
- Managing Volumes on Dynamic Disks
- Creating a Simple or Spanned Volume
- Extending a Simple or Spanned Volume
- Recovering a Failed Simple or Spanned Disk
- Moving Dynamic Disks
- Configuring RAID 1: Disk Mirroring
- Mirroring Boot and System Volumes
- Configuring RAID 5: Disk Striping with Parity
- Breaking or Removing a Mirrored Set
- Resolving Problems with Mirrored Sets
- Repairing a Mirrored System Volume to Enable Boot
- Resolving Problems with RAID-5 Sets
- 20. Managing Windows Server 2003 File Systems
- 21. File Sharing and Security
- File Sharing Essentials
- Creating and Publishing Shared Folders
- Managing Share Permissions
- Managing File and Folder Permissions
- Managing File Shares After Configuration
- Sharing Files on the Web
- Auditing File and Folder Access
- 22. Using Volume Shadow Copy
- 23. Using Removable Media
- Introducing Removable Media
- Managing Media Libraries and Media
- Inserting Media into a Library
- Ejecting Media from a Library
- Mounting and Dismounting Media in Libraries
- Enabling and Disabling Media
- Enabling and Disabling Drives
- Cleaning Drives
- Working with Library Doors and Ports
- Configuring Library Inventory
- Starting Library Inventory
- Changing Library Media Types
- Enabling and Disabling Libraries
- Managing Media Pools
- Managing Work Queues, Requests, and Security
- Using the Work Queue
- Troubleshooting Waiting Operations
- Changing Mount Operations
- Controlling When Operations Are Deleted
- Using the Operator Requests Queue
- Notifying Operators of Requests
- Completing or Refusing Requests
- Controlling When Requests Are Deleted
- Setting Access Permissions for Removable Storage
- 6. Managing Windows Server 2003 Networking and Print Services
- 24. Managing TCP/IP Networking
- Understanding IP Addressing
- Special IP Addressing Rules
- Using Subnets and Subnet Masks
- Getting and Using IP Addresses
- Understanding Name Resolution
- Configuring TCP/IP Networking
- 25. Managing DHCP
- DHCP Essentials
- DHCP Security Considerations
- Planning DHCP Implementations
- Setting Up DHCP Servers
- Configuring TCP/IP Options
- Levels of Options and Their Uses
- Options Used by Windows Clients
- Using Userand Vendor-Specific TCP/IP Options
- Settings Options for All Clients
- Settings Options for Routing and Remote Access Clients Only
- Setting Add-On Options for Directly Connected Clients
- Defining Classes to Get Different Option Sets
- Advanced DHCP Configuration and Maintenance
- Setting Up DHCP Relay Agents
- 26. Architecting DNS Infrastructure
- 27. Implementing and Managing DNS
- 28. Implementing and Maintaining WINS
- 29. Installing and Maintaining Print Services
- Understanding Windows Server 2003 Print Services
- Print Services Changes for Windows Server 2003
- Upgrading Windows NT 4 Print Servers to Windows Server 2003
- Migrating Print Servers from One System to Another
- Planning for Printer Deployments and Consolidation
- Setting Up Printers
- Managing Printer Permissions
- Managing Print Server Properties
- Managing Printer Properties
- Setting General Properties, Printing Preferences, and Document Defaults
- Setting Overlays and Watermarks for Documents
- Installing and Updating Print Drivers on Clients
- Configuring Printer Sharing and Publishing
- Optimizing Printing Through Queues and Pooling
- Configuring Print Spooling
- Viewing the Print Processor and Default Data Type
- Configuring Separator Pages
- Configuring Color Profiles
- Managing Print Jobs
- Printer Maintenance and Troubleshooting
- 30. Using Remote Desktop for Administration
- 31. Deploying Terminal Services
- Using Terminal Services
- Designing the Terminal Services Infrastructure
- Setting Up Terminal Services
- Using the Terminal Services Configuration Tool
- Using the Terminal Services Manager
- Managing Terminal Services from the Command Line
- Other Useful Terminal Services Commands
- Configuring Terminal Services Per-User Settings
- 24. Managing TCP/IP Networking
- 7. Managing Active Directory and Security
- 32. Active Directory Architecture
- 33. Designing and Managing the Domain Environment
- Design Considerations for Active Directory Replication
- Design Considerations for Active Directory Search and Global Catalogs
- Design Considerations for Compatibility
- Design Considerations for Active Directory Authentication and Trusts
- Universal Groups and Authentication
- NTLM and Kerberos Authentication
- Authentication and Trusts Across Domain Boundaries
- Authentication and Trusts Across Forest Boundaries
- Examining Domain and Forest Trusts
- Establishing External, Shortcut, Realm, and Cross-Forest Trusts
- Verifying and Troubleshooting Trusts
- Delegating Authentication
- Design Considerations for Active Directory Operations Masters
- Operations Master Roles
- Using, Locating, and Transferring the Schema Master Role
- Using, Locating, and Transferring the Domain Naming Master Role
- Using, Locating, and Transferring the Relative ID Master Role
- Using, Locating, and Transferring the PDC Emulator Role
- Using, Locating, and Transferring the Infrastructure Master Role
- 34. Organizing Active Directory
- 35. Configuring Active Directory Sites and Replication
- 36. Implementing Active Directory
- Preinstallation Considerations for Active Directory
- Installing Active Directory
- Uninstalling Active Directory
- Creating and Managing Organizational Units (OUs)
- Delegating Administration of Domains and OUs
- 37. Managing Users, Groups, and Computers
- Managing Domain User Accounts
- Managing User Profiles
- Managing User Data
- Maintaining User Accounts
- Managing Groups
- Managing Computer Accounts
- 38. Managing Group Policy
- Understanding Group Policy
- Implementing Group Policy
- Working with Local Group Policy
- Working with the Group Policy Object Editor
- Working with the Group Policy Management Console
- Installing and Running the Group Policy Management Console
- Using the Group Policy Management Console
- Accessing Forests, Domains, and Sites in Group Policy Management Console
- Creating and Linking a New GPO in Group Policy Management Console
- Editing an Existing GPO in the Group Policy Management Console
- Linking to an Existing GPO in the Group Policy Management Console
- Deleting an Existing GPO in the Group Policy Management Console
- Managing Group Policy Inheritance and Processing
- Using Scripts in Group Policy
- Applying Group Policy Through Security Templates
- Maintaining and Troubleshooting Group Policy
- 39. Active Directory Site Administration
- 8. Windows Server 2003 Disaster Planning and Recovery
- Index to Troubleshooting Topics
- Index
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
Now that you know more about the Registry's structure, let's take a look at the actual data within the Registry. Understanding how Registry data is stored and used is just as important as understanding the Registry structure.
As mentioned previously, some Registry data is created dynamically at boot time and some is stored on disk so it can be used each time you boot a computer. The dynamically created data is volatile, meaning that when you shut down the system, it is gone. For example, as part of the boot process Ntdetect.com scans for system devices and uses the results to build the HKEY_LOCAL_MACHINEHARDWARE subkey. The information stored in this key exists only in memory and isn't stored anywhere on disk.
On the other hand, Registry data stored on disk is persistent. When you shut down a system, this Registry data remains on disk and is available the next time you boot the system. Some of this stored information is very important, especially when it comes to recovering from boot failure. For example, by using the information stored in HKEY_LOCAL_MACHINE SYSTEMCurrentControlSet, you can boot using the Last Known Good configuration. If the Registry data was corrupted, however, this information might not be available and the only way to recover the system would be to try repairing the installation or reinstalling the operating system.
To help safeguard the system and ensure that one section of bad data doesn't cause the whole Registry to fail to load, Windows Server 2003 has several built-in redundancies and fail safes. For starters, the Registry isn't written to a single file. Instead, it is written to a set of files called hives. There are six main types of hives, each representing a group of keys and values. Most of the hives are written to disk in the %SystemRoot%System32Config directory. Within this directory, you'll find these hive files:
.DEFAULT, which corresponds to the HKEY_USERS.DEFAULT subkey
SAM, which corresponds to the HKEY_LOCAL_MACHINESAM subkey
SECURITY, which corresponds to the HKEY_LOCAL_MACHINESECURITY subkey
SOFTWARE, which corresponds to the HKEY_LOCAL_MACHINESOFTWARE subkey
SYSTEM, which corresponds to the HKEY_LOCAL_MACHINESYSTEM subkey
The remaining hive files are stored in individual user profile directories with the default name of Ntuser.dat. These files are in fact hive files that are loaded into the Registry and used to set the pointer for the HKEY_CURRENT_USER root key. When no user is logged on to a system, the user profile for the default user is loaded into the Registry. When an actual user logs on, this user's profile is loaded into the Registry.
Note
The root keys not mentioned are HKEY_CURRENT_CONFIG and HKEY_CLASSES_ ROOT. The on-disk data for HKEY_CURRENT_CONFIG comes from the subkey from which it is built: HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetHardware ProfilesCurrent. Similarly, the on-disk data for HKEY_CLASSES_ROOT comes from HKEY_LOCAL_MACHINE SOFTWAREClasses and HKEY_CURRENT_USERSOFTWAREClasses.
Every hive file has an associated .log file—even Ntuser.dat, whose log file is Ntuser.dat.log. Windows Server 2003 uses the log files to help protect the Registry during updates. When a hive file is to be changed, the change is first written to the associated log file. It is then written to disk. The system then uses the change log to write the changes to the actual hive file. If the system were to crash while a change is being written to a hive file, the change log could later be used by the system to roll back the change, resetting the hive to its previous configuration.
Inside Out: How Windows Server 2003 starts over with a clean Registry
Examine %SystemRoot%System32Config closely and you'll see several files with the .sav extension. These files represent the postinstallation state of the Registry. If you ever wonder how Windows Server 2003 can reset the Registry to that of a clean install after you demote a domain controller, this is the answer. By loading these files into the Registry and then writing them to disk as the original hive files, the server is returned to its postinstallation state with a clean Registry.
When you work your way down to the lowest level of the Registry, you see the actual value entries. Each value entry has a name, a data type, and a value associated with it. Although value entries have a theoretical size limit of 1024 KB, most value entries are less than 1 KB in size. In fact, many value entries contain only a few bits of data. The type of information stored in these bits depends on the data type of the value entry.
The data types defined include the following:
REG_BINARY Raw binary data without any formatting or parsing. You can view binary data in several forms, including standard binary and hexadecimal. In some cases, if you view the binary data, you will see the hexadecimal values as well as the text characters these values define.
REG_DWORD A binary data type in which 4-byte integer values are stored. REG_DWORD is often used to track values that can be incremented, status codes, or Boolean flags. With Boolean flags, a value of 0 means the flag is off (false) and a value of 1 means the flag is on (true).
REG_SZ A fixed-length string of Unicode characters. REG_SZ is used to store values that are meant to be read by users and can include names, descriptions, and so on, as well as stored file system paths.
REG_EXPAND_SZ A variable-length string that can include environment variables that are to be expanded when the data is read by the operating system, its components, or services, as well as installed applications. Environment variables are enclosed in percentage signs (%) to set them off from other values in the string. For example, %SystemDrive% refers to the SystemDrive environment variable. A REG_EXPAND_SZ value that defines a path to use could include this environment variable, such as %SystemDrive%Program FilesCommon Files.
REG_MULTI_SZ A multiple-parameter string that can be used to store multiple string values in a single entry. Each value is separated by a standard delimiter so that the individual values can be picked out as necessary.
REG_FULL_RESOURCE_DESCRIPTOR A value with an encoded resource descriptor, such as a list of resources used by a device driver or a hardware component. REG_FULL_RESOURCE_DESCRIPTOR values are associated with hardware components, such as a system's central processors, floating-point processors, or multifunction adapters.
The most common data types you'll see in the Registry are REG_SZ and REG_DWORD. The vast majority of value entries has this data type. The most important thing to know about these data types is that one is used with strings of characters and the other is used with binary data that is normally represented in hexadecimal format. And don't worry, if you have to create a value entry—typically because you are directed to by a Microsoft Knowledge Base article in an attempt to resolve an issue—you'll usually be told which data type to use. Again, more often than not, this data type is either REG_SZ or REG_DWORD.
-
No Comment