1001 Secrets for Windows NT Registry
(Publisher: 29th Street Press)
Author(s): Tim Daniels
ISBN: 1882419685
Publication Date: 12/01/97

Table of Contents


Introduction

The Registry

Using the registry can sometimes be a scary thing. We’ve all read this warning: “Using the registry can render your system useless or unstable. The (insert your favorite vendor here) makes no warranties, explicit or implied.” Rubbish! When you use a computer, you can render almost anything useless or unstable!

This book is not a “how to use the registry book,” nor is it a programmer’s guide to the registry. This book is a practical reference — something a network administrator or an NT user could use to solve problems; a roadmap, if you will.

This book assumes you know how use Regedt32.exe and are comfortable backing up and restoring your system. You should also be familiar with Windows NT Server and Workstation.

In the Beginning

The registry grew out of ini files that have been around since Windows 1.0. In the beginning, all the variable data was stored in ini files, including data such as interrupt settings for printers and temporary directories for word processing programs. Windows 3.0 included a centralized database for this type of information — the registry. Although it was not used very extensively in Windows 3.0, it was there. Slowly, hardware and software vendors started to use this repository to store important information instead of the widely scattered ini files. With the 3.1 and 3.11 releases of Windows, the registry became more integrated with the system. By the time Windows NT was released, the registry was the repository for most data. Subsequent releases 3.5, 3.51 and 4.0 heavily depended on the registry, and the tools we use to manage the registry improved. The advantages of a centralized database for volatile system information are obvious. No longer do you need to hunt through your entire system or network (have you ever seen an .ini file on a mapped network drive?) for that elusive setting that is keeping your computer from functioning correctly.

For a more complete overview, see the excellent Powerpoint presentation at http://www.igug.org/slides96/systems/505/sld001.htm, which is hosted on the Intergraph Users Group site. Written by James Kanya of Cleaver Ketko Gorlitz Papa and Associates, the overview is an excellent tutorial about the registry and what you can do with it.

Today, the registry still holds all the cards. If you want to tweak your system outside the normal parameters supplied by the hardware or software vendor, the registry is your best bet. If you want to squeeze every ounce of performance out of your system, then regedt32.exe is your best friend. If you want to create custom configurations and apply them to large numbers of end-user systems, the registry is the way and the light.

Briefly, registry keys are made up of the following components.

Hive HKEY_LOCAL_MACHINE The hive in which the key resides.
Key SYSTEM\CurrentControlSet\
Services\Atapi
The actual key in which the parameter to modify resides.
Value Name Start The actual value to modify.
Data Type REG_DWORD The type of data. The options are REG_BINARY, REG_DWORD, REG_EXPAND_SZ, REG_MULTI-SZ, REG_SZ.
Value 0X0 The actual value. You either need to modify your value to match the one listed or add a new entry with this value.

About this Book

The book is divided into six different parts: General System, Hardware, Applications, Microsoft Office, Security, and Performance. You may notice that certain registry keys are listed more than once. Don’t worry; this book takes a problem-solving approach rather than indexing individual keys. To figure out how to increase network performance, look in the Performance section for how to set the pulse frequency for PDC to BDC replication. At the same time, if your BDCs don’t update the PDC frequently enough, the General System section is the place for this kind of specific troubleshooting information. Both modifications use the same key, but under different circumstances.

General System

This section is the largest section of the book. Here you find information about how to customize your desktop — with these tips, you can radically alter its appearance. You can also find answers to common problems all Windows NT users face, including network protocols, printers, disk drives, and domain controllers. I use this section time and time again. I couldn’t even wait for the book — I carry a printout around with me at work.

Hardware

In this section, you find registry information pertaining to hardware peripherals, such as network adapters, disk controllers, video cards, scanners and CD-ROMs. Windows NT works with a wide array of hardware. Trying to troubleshoot this collage of hardware can be somewhat trying at times. This section provides a practical road map to common hardware problems that can be solved by registry tweaking.

Applications

This section contains registry entries for all types of software, from Microsoft SQL Server to Netscape to Windows NT system information. In this section, you can find the details of customizing software for your particular users’ needs. You will also find information that lets you troubleshoot problems that typically occur in a day-to-day IT environment.

Microsoft Office

We had so many tips for Microsoft Office, particularly for Office 97, that we gave this topic its own section. Never before has a suite of standard office applications provided so much functionality and become so complex. Dean Porter was the major architect of this section. You can completely customize your Office environment, from the cursors and sounds you use to interact with Word, Excel, PowerPoint and Access to the actors that guide you through the intricacies and nuances of Office 97. I have referred to this section countless times in the past few months. My job calls for a high degree of customization — everything from function to appearance. Dean Porter has given us the building blocks to construct the perfect Office 97 environment.

Security

It has been all over the news and Internet that Windows NT isn’t as secure as some would lead you to believe This section contains registry tips that let you secure your system. You can monitor all the activities that users can perform (standard NT doesn’t do this) as well as limit who can view sensitive information on your systems (such as event logs and other sensitive system information). This section also gives you default values for permissions on your registry, so that as you explore and modify, you will always have a reference point to which you can return.

Performance

Whether you are new to Windows NT or a long-time user, you have no doubt heard of Mark Russinovich. Mark Russinovich is probably the brightest star in the Windows NT internals galaxy today. The amount of knowledge Mark has about NT is truly astounding. Mark has picked out some of his favorite performance-oriented registry modifications to help you squeeze every drop of power from your Windows NT machines. From memory allocation to network performance, you’ll find it in this section.

Mark Russinovich and Bryce Cogswell, the authors of REGMON, were gracious enough to let us include this utility on the CD-ROM. If you want to learn about the registry internals, you must look at the source code for this wonderful utility.

Appendix A

Steve Scoggins asked the question early on in writing the book, “I think these modifications are great, but what if I need to change the registry on 100 or 1000 machines? Then what?” My answer to Steve was “Excellent question, Steve; when can you have it written up?” Much to my surprise, that was not the last time Steve asked those kinds of questions. Steve Scoggins does an excellent job of showing you how you can manipulate the registry via logon scripts and custom programs. Steve even wrote a utility (included on the CD-ROM with both the compiled and source versions) called REGREM, which shows you how to read remote entries on any machine’s registry.

This section also has practical examples that you can use to make the registry do what you want, including C source code showing you how to read registry keys and techniques that let you change registry keys on your users’ machines remotely and when they log on.

The Testing Environment

My co-authors and I tested all of these registry entries, and Bob Chronister, who also wrote the Foreword for this book, also tested a random sample of the entries. We used a variety of machines, from off-the-shelf configurations of Gateway, Compaq, Hitachi, AST, and Dell to custom configurations made up of standard components like Super Micro motherboards, Seagate hard drives, and Matrox video cards. All these systems had two things in common: They were Intel-based machines and they ran Windows NT version 4.0 with either Service Pack 2 or Service Pack 3.

Most machines were connected to a network via ethernet and almost all machines had a minimum of 32 MB of RAM with some using upwards of 128 MB of RAM (Dr. Bob Chronister has more memory for his personal machine than anyone else I know of — 256 MB and counting). Every registry entry was tested for the desired effect; that is, if the entry was supposed to change a particular characteristic, that change is what we tested. What we didn’t test is what happens if one machine had all these registry entries applied to it at the same time. My guess is that the universe would probably implode; certainly the poor machine would cease to function.

All kidding aside, the registry changes things at the core. You can and will cause things in your setup to stop working. The good news is that you are not working without a net; if you properly back up your registry and system, you can recover from anything you may do to your registry. I personally destroyed, obliterated, and otherwise rendered unusable my system dozens of times while researching this book. I never once failed to recover.

The Lessons I Learned

You can do some amazing things in the registry. Some of these functions cannot be had by any other means, although you can also count on Microsoft and other vendors to expose the majority of those functions through control panel applets and other means, if users cry loud enough.

Although service packs are generally good things, they occasionally wreak havoc on registry settings. I found it very useful to print key registry entries before applying service packs. I also found a fair number of modifications using this technique.

Speaking of techniques, I learned a lot of different ways to go spelunking in the registry. With out a doubt, using REGMON is the most fun! I urge you to try this tool (included on the CD-ROM) and if nothing more, just watch the activity that simple functions generate to the registry (bring up the Control Panel from the Start menu, for example).

I also used Internet search engines extensively. I could probably write a chapter on the pros and cons of each individual search engine out there. I used AltaVista (www. altavista.com) for about a month and then switched to HotBot (www.hotbot.com) almost exclusively. When you search on “HKEY,” “Registry,” or even “Windows NT Registry,” you get tens of thousand of hits. I waded through the vast majority of them and culled what I thought to be useful information. Next, I had to reproduce the purported benefit or change on my test systems. My success rate was something like 30 percent, which for you math wizards means 70 percent of what is on the Internet is either duplicate or flat doesn’t work on Windows NT.

I also found a huge number of registry entries in newsgroups and list servers. These resources are inexpensive and, more importantly, invaluable. I had a much higher rate of success duplicating the desired result of these registry entries and modifications (better than 85 percent) on my test machines. I list a number of Web sites, newsgroups and ListServers on the CD-ROM and later in this introduction. Be sure to check the 1001 Secrets for Windows NT Registry website (http://www.registrysecrets.com) for an updated list.

Finally, I just went spelunking, and I encourage you to do so, too. Fire up Regedt32.exe, or for searching, use Regedit.exe, and start opening keys. Spelunking is really fun and also very dangerous. From spelunking, I learned how to recover from hosing my system. I even went exploring in the SAM key without any special tools. How, you ask? Dean Porter came up with this gem of a procedure, and the exact details are posted on the Web site. SAM stores some interesting information, but so far I have been unable to verify exactly what we can or should modify.

You can back up your registry in a variety of ways. Microsoft provides Rdisk.exe, which helps you safeguard your information but is a bit cumbersome. Many tools to help you manage the registry are in the Microsoft Resource Kit. By the way, if you don’t already own this resource, you should. I used it many times to puzzle out exactly what an NT-specific system or registry entry was trying to do or should do. A list of commercial registry management tools is also available on the book’s Web site. This list is dynamic and includes test drives and trial versions of software, so check in frequently. A list of shareware programs is included on the CD-ROM and the Web site. This list is growing constantly, so be sure to check the site frequently.

Your Mileage May Vary

When we set out to write this book, we wanted it to be an effective tool for Windows NT professionals and aficionados alike. We took a great deal of time and effort to make sure every entry is correct and accurate. However, it is impossible to test these entries on every single combination of software and hardware. The bottom line is this: Back up your system before you try these modifications. I also suggest using a test machine, or at least a test install of Windows NT. You can make a multiboot system and install Windows NT on it more than once. I did this on my laptop and made many a discovery while flying at 35,000 feet! I got some seriously strange looks from my fellow passengers when I started whooping it up after discovering a particularly cool modification.

The Resources

Like most things, this book was not created in a vacuum. A tremendous wealth of information about the registry is available on the World Wide Web, from news groups, and from mailing lists. It never ceases to amaze me the lengths people will go to solve a problem. I have compiled information from a number of sites as well as picking the brains of the contributing authors. I also used several registry tools (included on the CD-ROM) to go spelunking into the registry itself.

Mailing Lists

NT Internet Security List — This mailing list is a wealth of security-related Windows NT security issues! To subscribe, send e-mail to majordomo@iss.net with the words “subscribe ntsecurity” (no quotes) in the body of your message.

Newsgroups

These newsgroups are available on the msnews.microsoft.com NNTP server:

  microsoft.public.windowsnt.setup — Everything you always wanted to know about Windows NT setup issues. It has a definite Microsoft bias at times. If you are looking to fix setup problems related to other vendor products, this is a good place to start.
  microsoft.public.windowsnt.apps — All NT applications; an excellent source of registry information for specific applications. This newsgroup is an absolute must!
  microsoft.public.windowsnt.protocol.tcpip — If you want to know about the wacky and weird goings on in TCP/IP, this is the place. Great networking tips and registry entry information.
  microsoft.public.windowsnt.protocol.ipx — If you run IPS, you must read this group.
  microsoft.public.windowsnt.protocol.ras — You have RAS questions? They have RAS answers! Lots of good practical information flows through here daily.
  microsoft.public.windowsnt.protocol.misc — Everything else related to protocols that’s not covered in the previous three newsgroups.

The following newsgroups are available from your local NNTP server:

  comp.os.ms-windows.nt.admin.misc — General information about living in a Windows NT environment. Good registry information from time to time.
  comp.os.ms-windows.nt.admin.networking — My personal favorite. Good meat-and-potatoes information about how administer a Windows NT network.
  comp.os.ms-windows.nt.setup.hardware — All the hardware-related hacks are here.
  comp.os.ms-windows.nt.software.backoffice — This group is where you find out about SQL, SMS, and all the other Back Office components — a must-read.
  comp.os.ms-windows.nt.software.services — If you want to know about Windows NT, you need to know about the services that comprise it. Good information, with the occasional registry gem.
  comp.os.ms-windows.nt.setup.misc — Very similar to the Microsoft-sponsored newsgroup, except that the bias is not pro-Microsoft, but rather in support of your own personal favorite.

Web Sites

  Windows NT Registry Secrets — The website for this book. Completely dedicated to the Windows NT registry, this site contains programs, hacks, and examples of how to do just about anything you can think of with the registry. www.registrysecrets.com
  Jerold Schulman International — Windows NT tips, registry hacks, and more tricks, tips, and configuration using the registry. http://www.jsiinc.com/reghack.htm
  Windows NT Internals — The home of NTRegmon, this site has tons of Windows NT and Windows 95 freeware and shareware utilities, as well as technical information on Windows NT and Windows 95 Internals. Be sure to check out the NT Internals Tips and Trivia section for registry examples, utilities, and other extremely useful information about Windows NT internals. http://www.ntinternals.com
  NONAGS — This site includes tons of Windows-related questions and answers and a good software selection. Although it’s not NT-specific, it has helpful, knowledgeable people. I find the discussion forums really useful. http://nonags.com/nonags/forum/
  Microsoft.com — Still one of the best places for Windows NT-specific knowledge, especially registry stuff, the site includes hundreds of Knowledge Base articles, white papers, and other literature that cover almost every aspect of the registry that you could want to explore.

Books/Magazines/Articles

Microsoft Windows NT Workstation Resource Kit, Microsoft Press, ISBN 1-57231-343-9

Microsoft Windows NT Server Resource Kit, Microsoft Press, ISBN 1-57231-344-7

Windows NT Magazine, “Tricks and Traps,” by Dr. Bob Chronister , 1995 to present

Microsoft TechNet and Knowledge Base articles

The Tools

Regmon.exe

What can I say? If you could have only one utility for registry spelunking, this is it! This utility is brought to you by the dynamic duo of Mark Russinovich and Bryce Cogswell.

NTRegmon is a device driver/GUI combination that displays all registry activity taking place on a Windows NT System. You can use the NTRegmon menus to set up process and path filters, toggle on and off hooking, control the scrolling of the listview, and save the listview contents to an ASCII file.

Both process and path filters take expressions similar to those the command prompt takes: you can specify names with asterisks (*) representing wild cards. The Path Include filter represents path names that will be monitored and the Path Exclude filter represents path names that will not be monitored. Where the path names overlap, Path Exclude overrides Path Include. Note that the filters are interpreted in a case-insensitive manner.

For example, if you do not want to see activity to Software subkeys, you can specify *Software* as the Path Exclude filter. If you want to see only activity to the HKLM directory, set HKLM* as the Path Include filter. If you set both filters, all activity to HKLM is logged except activity to subkeys with the name Software in them, such as HKLM\Software. By default, the filters are set up to watch all Registry activity. The process filter is *, the Path Include filter is *, and the Path Exclude filter is empty.

Regedit.exe

This editor comes with Windows 95 and is now provided with Windows NT. I don’t use it to make any changes to the registry itself, but it has excellent search capabilities. I have used this utility thousands of times in conjunction with NTRegmon during spelunking expeditions.

Regadmin

This tool is excellent for administering the registry. It adds the features that Microsoft forgot. It’s absolutely necessary if you want to properly add or modify registry key account permissions. If you are locking down your system and need to hunt down and kill the Everyone permission, this tool is simply the best.

Regrem

This utility, written by Steve Scoggins, shows you how to read registry keys on remote systems and display useful information. Regrem displays the following information about your current network configuration:

    Windows NT Network Adapter
    Description: 3Com Etherlink III PCI Bus-Master Adapter (3C590)
    Manufacturer: 3Com
    Product Name: El59x
    Service Name: El59x1
    Interrupt Number: 12ff8c
    IO Base Address: 3
    TCP/IP DefaultGateway : 200.200.200.254
    TCP/IP IPAddress : 200.200.200.200
    TCP/IP Subnet Mask : 255.255.255.0
    TCP/IP Domain Name: test.com
    TCP/IP Hostname: bigdog
    TCP/IP DNS Name Servers:
    TCP/IP Domain Name Search List:
    Windows NT Computer Name: BIGDOG
    Windows NT DomainName: BIGDOG

To use this utility, type regrem and the IP address of the computer you want to examine. The full annotated source code is included on the CD-ROM that accompanies this book.

The Future

Books are wonderful ways to convey ideas and to store information; however, they suffer from the fact that they are, for the most part, static entities. With 1001 Secrets for Windows NT Registry, we hope to provide a practical reference in book form as well as a mechanism to allow for the dynamic nature of the Windows NT registry. Our Web site, http://www.registrysecrets.com, is dedicated to the Windows NT Registry and the things you can do with it. Here, you can sort through new tricks and registry hacks and submit your own tricks to share with the rest of the Windows NT community. In conjunction with Windows NT Magazine, we also will be hosting a forum dedicated to the Windows NT Registry. We hope that the Windows NT community in general and the Registry community in particular will think of this forum as their own and use it to further explore the Windows NT Registry.

Future editions of this book will include user-submitted registry modifications. As mentioned, we will provide a mechanism for you to submit your favorite modification. If we like what we see, you can earn t-shirts and other prizes that let the whole world know that you too are a Registry Spelunker. In addition, if we publish any of your tips in subsequent editions of this book, you’ll receive an official mention in the book and compensation.

I hope to create a place where people can come when they need information about the registry — a place where you’ll never read that silly disclaimer. A place that will become a permanent part of your repertoire of problem-solving methods and tactics.

Thank you for buying this book. I hope it is as helpful to you as compiling it has been to me — it has become an invaluable resource for me and my former colleagues at Windows NT Magazine. See you online!


Table of Contents