The Registry is a database used to store settings and options for the
Transkript
The Registry is a database used to store settings and options for the
OS 2010 BAHAR EGEMYO BİLPROG THE REGISTERY The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry. It is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes. Launching Registry Editor To look at registry, launch the Registry Editor. Type “Win+r” to launch the run dialog, then type “regedit”. The Registry Editor in Windows Vista. Yard. Doç. Dr. C. Harmanşah 1 OS 2010 BAHAR EGEMYO BİLPROG The Structure of the Registry The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer. Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context. There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows: Yard. Doç. Dr. C. Harmanşah 2 OS 2010 BAHAR EGEMYO BİLPROG Name Abbreviation HKEY_CLASSES_ROOT HKCR HKEY_CURRENT_USER HKCU HKEY_LOCAL_MACHINE HKLM HKEY_USERS HKU HKEY_CURRENT_CONFIG HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface. HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings. HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer. HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch. HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration. HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system. Each registry value is stored as one of five main data types: Yard. Doç. Dr. C. Harmanşah 3 OS 2010 BAHAR EGEMYO BİLPROG REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format. REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format. REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32) REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32) REG_SZ - This type is a standard string, used to represent human readable text values. Other data types not available through the standard registry editors include: REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format. REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format. REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type. REG_NONE - No defined value type. REG_QWORD - A 64-bit number. Yard. Doç. Dr. C. Harmanşah 4 OS 2010 BAHAR EGEMYO BİLPROG REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format. REG_RESOURCE_LIST - A device-driver resource list. Importing and Exporting Registry Settings Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=dword:00000000 "CmdLine"="setup -newsetup" "SystemPrefix"=hex:c5,0b,00,00,00,40,36,02 The layout is quite simple, REGEDIT4 indicated the file type and version, [HKEY_LOCAL_MACHINE\SYSTEM\Setup] values are from, indicated "SetupType"=dword:00000000 the are key the the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary. So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry. Deleting keys or values using a REG file It is also possible to delete keys and values using REG files. To delete a Yard. Doç. Dr. C. Harmanşah 5 OS 2010 BAHAR EGEMYO BİLPROG key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this: REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\Setup] The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first. Yard. Doç. Dr. C. Harmanşah 6 OS 2010 BAHAR EGEMYO BİLPROG Regedit Command Line Options Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. regedit.exe [options] [filename] [regpath] Import .reg file into the registry [filename] /s [filename] /e [filename] [regpath] /L:system /R:user Silent import, i.e. hide confirmation box when importing files Export the registry to [filename] starting at [regpath] e.g. regedit /e file.reg HKEY_USERS\.DEFAULT Specify the location of the system.dat to use Specify the location of the user.dat to use C [filename] Compress (Windows 98) /D [regpath] Delete the specified key (Windows 98) Yard. Doç. Dr. C. Harmanşah 7 OS 2010 BAHAR EGEMYO BİLPROG Where the Registry is stored The Registry itself is stored on your computer in certain files. Below we detail what files and their locations are used to store the Registry based upon the particular version of Windows. For Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, the Registry files are stored in the following directories: Systemroot\System32\Config Systemroot\Profiles\Username The names for the registry files are: Sam, Sam.log, Sam.sav Security, Security.log, Security.sav Software, Software.log, Software.sav System, System.alt, System.log, System.sav System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log Default, Default.log, Default.sav For Windows 98, the registry files are named User.dat and System.dat and are stored in the C:\Windows directory. Yard. Doç. Dr. C. Harmanşah 8 OS 2010 BAHAR EGEMYO BİLPROG How to edit the Registry In order to modify values in the Registry you need to use a program called a Registry Editor. Windows comes with a program called regedit.exe or otherwise known as Registry Editor. When you open Registry Editor you will see two panes. The left pane is your navigation pane. By default it will list all the Hives with a + or - next to each one. You can click the + to expand the tree underneath that Hive revealing Keys and Subkeys. Then you will see in the right pane a listing of the values associated with that key. In the screenshow below you will see an image of the Registry Editor where I have navigated to the key: HKEY_CURRENT_USER\Control Panel\Colors Figure 1. Registry Editor Yard. Doç. Dr. C. Harmanşah 9 OS 2010 BAHAR EGEMYO BİLPROG In Figure 1 above, the Hive that we are in is HKEY_CURRENT_USER. They Key is Control Panel and the Subkey is Colors. The right hand portion shows all the Values contained in the Subkey Colors. To modify a Value, you would double-click on the value name and a screen similar to Figure 2 below would appear. Figure 2: Modifying a Value You then would type in the appropriate information into the Value data field and press the OK button. Yard. Doç. Dr. C. Harmanşah 10 OS 2010 BAHAR EGEMYO BİLPROG Startup Tasks Under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion you'll find keys named Run, RunOnce, RunServices and RunServicesOnce. Open the Run key. In here you'll see several named values containing paths to programs. The exact contents will vary from system to system but a few are created by Windows Setup such as the “ScanRegistry” entry. This contains the value “C:\WINDOWS\scanregw.exe /autorun” which causes the automatic registry check and backup to be performed each time Windows starts. To prevent a program from being launched automatically at start-up using this mechanism you can simply delete the value containing its path. To add a new startup task right-click the right hand pane and create a new string value, name it appropriately and enter as its value the path (and command line arguments, if any) of the program you want to start. Yard. Doç. Dr. C. Harmanşah 11 OS 2010 BAHAR EGEMYO BİLPROG RunOnce will be empty, but it can contain entries for programs that are to be run once at startup. After the program has been run Windows deletes its entry from the Registry. This key would typically be used by a Setup program to perform some configuration task that can only be done right after a restart. RunServices is similar to Run. It is used to start special tasks called “services”. Services are programs that run as part of the system. Under Windows NT they have extra privileges compared with normal tasks. Programs may also be started automatically by adding values HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run to and RunOnce. This key is part of HKEY_CURRENT_USER and not the system-wide HKEY_LOCAL_MACHINE. Programs that use this mechanism run when the user logs in (or when the default desktop loads if user profiles aren't enabled under Windows 9x.) This means that different users can have different programs start automatically when they log in. This is more closely comparable to the function of the StartUp folder, which is also unique to each user. Removing Windows Messenger from Internet Explorer A simple registry edit which enables the windows messenger toolbar and icon to be removed from Internet explorer. Launch regedit Navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Internet Explorer/Extensions. Right click on the key {FB5F1910-F110-11d2-BB9E-00C04F795683} and choose rename. Add a „-„(minus) to the start of the key. Yard. Doç. Dr. C. Harmanşah 12 OS 2010 BAHAR EGEMYO BİLPROG On restarting Internet Explorer the Windows Messenger integration with IE will be removed. Disable task manager An excellent administration lock down, preventing users from accessing the task manager in order to view processes, applications and make precedence changes to individual tasks. Launch regedit Navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/policies/system. Under the system key create a new DWORD value called “DisableTaskMgr”. Set the value to „1‟. This will disable the task manager To revert back to the default simply set the value to „0‟ = no effect. For this change to take effect the user will need to log off, although it does not require a full reboot. Preventing the system from automatically rebooting after a windows update Yard. Doç. Dr. C. Harmanşah 13 OS 2010 BAHAR EGEMYO BİLPROG As is the case for the vast majority of users, windows is configured to perform automatic updates. When these updates are performed, if any individual components require a reboot of windows then the system automatically reboots. The following registry edit enables the user to control this rebooting. Launch regedit Navigate to HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/Windows Update/AU. Under the AU key create a new DWORD value called “NoAutoRebootWithLoggedOnUsers”. We are wanting to toggle „on‟ or „off‟ the reboot process. As such enter „1‟ to disable the automatic reboot To revert back to the default simply set the value to „0‟ = no effect (continue as before, i.e. reboot). Somewhat ironically, you will need to reboot the system for this change to take effect! Adding a Right click menu option to Favorites Adding right click menu functionality is another excellent tweak within the windows registry. One example is adding a right click menu option to your favorites, where the end user can open the favorite in a new window. Launch regedit Navigate to HKEY_CLASSES_ROOT/InternetShortcut/Shell Under the shell key create a new subkey called “Open in a new window”. Under this new key create a further subkey called “command”. In the right hand pane open the „default‟ key and enter the value “rundll32.exe shdocvw.dll, OpenURL %1” Select OK for the change to take effect Yard. Doç. Dr. C. Harmanşah 14 OS 2010 BAHAR EGEMYO BİLPROG Right click on one of your favorites. There will be a menu option to “Open in a new window”. Configure Windows to close services correctly by increasing the shutdown process time Launch regedit HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control. In the right hand pane, create a new String value, or modify the existing value „WaitToKillServiceTimeout‟ Enter the Value Data = „20000‟ Click Ok – Exit - Reboot. Removing ‘Properties’ option in My Computer Launch regedit HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Polici es/Explorer In the right hand pane, create a new DWORD value, or modify the existing value „NoPropertiesMyComputer‟. Enter the Value Data „1‟ = No Properties. To revert back set „0‟ = Show Properties Click Ok – Exit - Reboot Enable Start Menu Scrolling Launch regedit HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explo rer/Advanced In the right hand pane, create a new String value, or modify the existing value 'StartMenuScrollPrograms‟ Enter the Value Data "Yes" or "No" Click Ok – Exit - Reboot. Yard. Doç. Dr. C. Harmanşah 15 OS 2010 BAHAR EGEMYO BİLPROG Remove the ‘Links’ Folder from Favorites Launch regedit HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Toolbar Set the „LinksFolderName‟ value to a blank string, i.e. delete the value data Click Ok – Exit. Launch Internet Explorer and delete the „Links‟ folder from the Favorites menu. Any subsequent launch of Internet Explorer will not create the „Links‟ folder. Disable Error Reporting Launch regedit HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/PCHealth/ErrorReporting In the right hand pane, create a new DWORD value, or modify the existing value 'DoReport' Enter the Value Data '0' = Disables Reporting or '1' = Send Report Yard. Doç. Dr. C. Harmanşah 16 OS 2010 BAHAR EGEMYO BİLPROG References http://www.pctools.com/guides/article http://www.bleepingcomputer.com http://www.brighthub.com Yard. Doç. Dr. C. Harmanşah 17