[ Go to September 1997 Table of Contents ]|
Manage the NT Registry
Anyone who's been using Windows NT for any length of time has rubbed shoulders-or bumped heads-with the NT configuration database otherwise known as the Registry.
The Registry is a centralized database that holds all system configuration and many application settings. It first appeared in Windows NT 3.1, replacing the disorganized initialization (or INI) files that held system and application configuration data in 16-bit Windows. Managing these settings with a single GUI-based utility is a crucial aspect of proper system and operation security in the current NT version. Microsoft encourages developers to abandon INI files and place all application and configuration information within the Registry. All NT logo-compliant hardware and software must meet this specification.
We can't delve into all the details of the Registry here, but a few easily applied tips can help ensure safe and reliable Registry maintenance. After covering the basics of managing your system's Registry, we'll take a look at how you can migrate certain Registry entries from one NT install to another. This ability can prove valuable in several situations, one of which we'll examine here.
In supporting NT users, I find many are missing an important tool when it comes to system maintenance. If you purchased NT Workstation on CD-ROM, you should have the three NT boot diskettes you need to jump-start a dead system and access the WINNT installation routine. If you don't have them, take 10 minutes and use WINNT32 (from the CD) with the /OX option to create them. This will save you countless hours of frustration when something goes wrong with your NT system. Notice I said when, not if, something goes wrong. If your system is dynamic (with periodic hardware or software installations and upgrades), you will encounter a failed boot process at one time or another. If you have the necessary restoration data, this is a trivial matter. Traveling without it can be a trip fraught with frustration.
Before you make any changes to an operational system Registry, you must have a reliable backup of all information on that machine. The easiest way to accomplish this task is to use the NTBACKUP utility included with NT Workstation to create a tape copy of all data files and Registry information. However, NTBACKUP does not create a Registry backup by default. You must select this option by checking the "Backup Local Registry" entry when performing the backup.
If you don't have a tape drive, you can use the RDISK utility included with NT Workstation to create a disk-based copy of the local Registry. You must use the /S option to completely back up the Registry using RDISK. A complete Registry may be 5MB to 10MB in size, and RDISK will fail on a disk full of errors. For this reason, back up the database to an adequate hard disk before using XCOPY or some other command to copy the information to removable media. You must have the three NT boot floppy disks to restore an RDISK-saved Registry hive to your system.
REGEDT32 and REGEDIT
Windows NT Workstation comes with two programs you can use to manually edit or add Registry data. The first utility, REGEDT32, has been part of NT since version 3.1. REGEDT32 presents the Registry entries in a tree structure similar to File Manager's displayed files and directories. The other utility, REGEDIT, presents this same information in a folder view similar to that of NT Explorer. REGEDIT has been erroneously described by some as a Windows 95-only application. Also, false warnings of Registry corruption have been widely circulated. You're safe as long as you use the Windows NT version of REGEDIT. As a bonus, you may also use the NT REGEDIT to safely edit Windows 95 Registries.
The Windows NT Workstation Resource Kit (ResKit) is the best resource for an in-depth explanation of the Registry components; it has two chapters devoted to all aspects of Registry management. However, I'll cover some Registry basics here.
Hives are the NT Registry's basic building blocks. A hive is a specific group of keys, subkeys and values beginning at the top of the Registry hierarchy. Hives are distinct from other groups of keys because they are a permanent part of the Registry. This means that hives are not created dynamically when the system starts and deleted when it stops. Thus, HKEY_LOCAL_MACHINE\Hardware, which is built dynamically by NTDETECT when Windows NT starts, is not a hive. Data in each hive is saved in files located in the Systemroot\System32\Config subdirectory and the Systemroot\Profiles\Username subdirectory. Because a hive is a file, you can move it from one system to another or one local NT installation to another. However, you can only edit a hive by using Registry Editor, and you must take special steps to restore a hive on an operational NT machine.
A Registry subtree is the list of root-level folders in the left pane of the Registry Editor window. For example: HKEY_LOCAL_MACHINE is a subtree. A hive is a subtree, but, as shown above, a subtree is not necessarily a hive. A Registry key is a folder displayed in the left pane of a Registry Editor window. A key can contain subkeys (just more keys) and value entries. For example: Software is a key of HKEY_LOCAL_MACHINE. A Registry entry is a file displayed in the right pane of a Registry Editor window; this is where the specific parameter for an individual key is stored. To view or change the Registry entry's value, double-click on the entry.
Additional Registry utilities
A few Registry management tools come with the base operating system. Other handy utilities are part of the ResKit. One help file alone, REGENTRY.HLP, is nearly worth the price of the kit.
REGENTRY.HLP documents many default keys and their entries. I recommend it to anyone looking to gain a deeper understanding of the NT Registry.
Here's a list of other ResKit tools designed to ease Registry maintenance:
-- COMPREG: Compares two local or remote Registry keys
-- DELSRV: Unregisters a service with the service control manager
-- REGBACK: Backs up the NT Registry to files without requiring a tape drive
-- REGCHG: Adds or changes Registry values on the local or on a remote computer
-- REGDEL: Removes Registry keys remotely or on the local computer
-- REGINI: Adds keys to the NT Registry by specifying a Registry script
-- REGKEY: Sets several Registry settings without actually editing the Registry
-- REGREAD: Reads the Registry, parses values and outputs them to the screen
-- REGREST: Restores Registry hive files from backup copies created by REGBACK
-- REGSEC: Removes the Everyone group from a Registry key
-- RESTKEY: Restores a Registry key from a file
-- RREGCHG: Adds or changes Registry settings on a remote computer
-- SAVEKEY: Saves a Registry key to a file
-- SCANREG: Performs GREP-like search for any string in keynames
-- SECADD: Adds user permissions to a Registry key
Merging a Registry hive
Moving software from one separate, local operating-system installation to another can be a real pain if you're running NT. When you use Windows NT Setup to install the operating system, you must choose between two basic options: upgrading or installing NT to a new drive or directory. Upgrading a current installation will preserve all user profiles, security settings and software parameters. Installing NT to a new drive or directory will create a totally new default system. You may want to create a new system, but dread the thought of having to reinstall all your applications in order to register them within the new installation. Using some of the techniques described here, we can have the best of both worlds-a clean install that includes all our previously installed application software.
First, create an Emergency Repair Disk using RDISK with the /S option. Next open REGEDIT and select the HKEY_LOCAL_MACHINE\Software key. Choose the Export Registry file command from the Registry menu. Ensure that the Selected Branch radio button is depressed, and choose OK to create a file on disk that contains all the keys and entries under the Software key. Repeat this step to export the HKEY_CLASSES_ROOT hive and the HKEY_CURRENT_USER\Software key. Now proceed with the installation of the new NT system in the desired drive or directory. Reboot the system. Login using an account with administrative privileges and create your default user account and profile. Create a backup of the new Registry with RDISK /S. Next, run REGEDIT under the new operating system and choose Import Registry File under the Registry menu. Select the files you created in the earlier step and choose OK. Restart your machine, selecting the newly installed system. Finally, copy any desired program shortcuts from the Profiles directory of the original installation to the new installation. You may now begin using your software applications under the newly installed system.
Rick Furnival is an engineer and network administrator with Sullivan, Donahoe & Ingalls of Fredericksburg, Va. Contact Rick care of the editor at the addresses on page 20.