Cisco Rich Media Communications Specialist, IBM Deployment Professional, Cisco VPN Security Specialist, EC-Council Certified Ethical Hacker, Cisco CCIE Data Center
Exin Exin ITIL ITIL Foundation v.3 & ITIL Foundation Exin Exam Training Software
100% Success Guaranteed At Exin Exin ITIL ITIL Foundation v.3 & ITIL Foundation Exam
Exin EX0-101 Bundle
Was 190.97 USD
Today 169.98 USD
Exam Code: EX0-101
Exam Name: ITIL Foundation v.3 & ITIL Foundation
Certification Provider: Exin
|EX0-101 Questions & Answers||$138.59|
|80 Questions - Last Update : October 09, 2014||$125.99|
|EX0-101 Study Guide||$32.99|
|Last Update : October 07, 2014||$29.99|
|EX0-101 Audio Exam||$38.49|
|Last Update : December 15, 2014||$34.99|
The Windows Registry
Understanding the Windows Registry
System configuration data controls each part of the operation of an application. Before Windows 95, applications typically stored system configuration data in their own configuration files, or in a variety of files including System.ini, config.sys, Win.ini and autoexec.bat. This resulted in system configuration files being stored in numerous locations. From this, it is simple to conclude that system administration was quite tricky and challenging. In addition, machines were often swamped with its own set of configuration information as the number of Windows applications increased. This led to configuration information only being understood by the particular application programmers.
Windows NT 3.1 replaced the use of ini, .sys, and .com configuration files used in earlier versions of Microsoft Windows, with the registry. The registry can be defined as a specialized database that Windows uses to centrally store hardware and software configuration data. The registry consists of many configuration files but functions as a single logical database to control the Windows OS. The registry actually controls the OS by providing the correct initialization information to boot Windows and initialize applications. It also deals with the loading of device drivers, and network protocols.
The features provided by the registry introduced with Windows NT 3.1 are described below. A few of features have progressed to Windows 95, Windows 98 and Windows Me. The Windows NT4 registry remains very similar to the Windows Server 2003 registry.
The data stored in the registry are located in binary database files on disk.
The types of configuration data stored in configuration data include hardware, system, application and user settings, as well as user account data.
To access the binary database files, you would need to use specialized tools that can call the registry access routines of the Win32 API.
Registry data is grouped according to category. What this means is that configuration data that relates to a particular setting is stored by itself, away from the other settings. A setting is basically kept as a separate data component or item.
A registry data item possesses an owner and also has a data type. The registry editors use the data types to ensure that strings and numbers are placed appropriately.
Each registry data item can have unique security access control lists (ACLs) and auditing controls.
System files such as win.ini and system ini are still around in cases where you are running older applications that require them.
The different types of data stored in the registry are summarized below:
Hardware installed on the machine – bus type, CPU, mouse or other pointing device, keyboard
Network adapter card settings - interrupt request (IRQ) number, I/O port base address, I/O channel ready, memory base address.
Installed device drivers, applications, and network protocols
User settings, and user account information
The manner in which data stored in the registry is used is briefly summarized in the following section:
During Windows setup, installation, startup, configuration, and deletion of the OS, the information data in the registry is read.
During system startup NTDETECT.COM performs hardware detection, which results in hardware configuration data being written to the registry.
At startup, the Windows kernel reads the registry to determine which device drivers should be loaded and the order in which to load them. The kernel too stores information in the registry on itself and stores information needed by the drivers in the registry.
Device drivers obtain configuration information from the registry so that it can operate with the hardware on the computer. Device drivers also write configuration information on the system resources that it is using to the registry. This includes hardware interrupts, and direct memory access (DMA) channels.
When setting up applications or hardware devices, its associated setup program adds new configuration information to the registry, and then reads the registry to find out whether the necessary components are installed.
Hardware profiles also read the registry information.
System tools and certain MMC snap-ins read registry data and write configuration data to the registry.
Windows writes user configuration changes to the registry and to the appropriate user profile.
The Structure of the Registry
The registry is organized into a collection of five hives or root keys, similar to that of a file system. Root keys exist at the root of the registry structure. A root key has many subkeys. A subkey also holds other subkeys and values. A subtree has to contain at least one value. Think of subkeys as folders, and values as being files to better understand the terminology being described. A value is a setting to which data is assigned. A value has an associated data type that controls the data which it can hold. A value’s name has to be unique within the subkey that contains it. Subkeys with its associated subkeys and values are called a hive. The registry is stored on disk as many individual hive files. You can discover a value of the registry by indicating its path. Always commence at the root.
Windows Server 2003 uses the following hives:
DEFAULT, corresponding to HKU\DEFAULT
SAM corresponding to HKLM\SAM
SECURITY corresponding to HKLM\SECURITY
SYSTEM corresponding to HKLM\SYSTEM
SOFTWARE corresponding to HKLM\ SOFTWARE
A user profile corresponding to HKCU
Before delving any further into the registry structure, lets first note the different types of values that are supported for the registry.
REG_SZ, a text string value
REG_BINARY, a binary value that is a string of hexadecimal digits
REG_DWORD, a hexadecimal DWORD value consisting of a string between 1 – 8 digits
REG_EXPAND_SZ, a string value that is expandable
REG_MULTI_SZ, a multiple string value
REG_FULL_RESOURCE_DESCRIPTOR for storing a resource list for hardware
Registry Root Keys and Main Subkeys
The following five root keys are displayed in the Registry Editor. During installation, the Setup program installs Registry Editor (REGEDT32.EXE) in the %systemroot%\System32 directory. This is tool used to view the registry:
HKEY_LOCAL_MACHINE (HKLM) contains configurations settings on the local computer, and its users. Configuration data stored here include hardware and OS data such as bus type, system memory, startup control data and device drivers. The data here is used to configure the computer. Applications should store data under this root key when it is relevant for all users of the computer.
HKEY_CURRENT_CONFIG (HKCC) contains configuration data on the current configuration of the computer such as the system services and devices at boot time. HKCC is a pointer to components located in HKEY_LOCAL_MACHINE
HKEY_USERS (HKU) contains configuration information on each user of the computer. It holds an entry for each and every user that has logged on to the computer, including the profile settings that were used for a user.
HKEY_CURRENT_USER (HKCU) contains configuration information on the current user. HKEY_CURRENT_USER is stored within HKEY_USERS, and points to the profile of the user in HKU.
HKEY_CLASSES_ROOT (HKCR) contains information on file associations. It connects file extensions and OLE class identifiers. HKCR points to HKLM\SOFTWARE\Classes. System components use file associations when ascertaining what applications to utilize when creating or accessing a data object.
A few of the main registry subkeys are discussed in the following sections.
HKLM\HARDWARE subkey: This subkey contains data on the hardware that exists on the computer. It stores the type and state of the actual physical hardware devices connected to the computer. Because of this, applications typically query the HKLM\HARDWARE subkey. Any values that are located under HKLM\HARDWARE are stored in RAM. The HKLM\HARDWARE subkey is considered volatile. What this means is that Windows formulates it using information collected at startup. The main subkeys stored beneath HKLM\HARDWARE are:
DESCRIPTION subkey: This subkey holds descriptive information on the CPUs, floating-point processors and the multifunction devices running.
DEVICEMAP subkey associates a device with a particular driver
RESOURCEMAP subkey holds a subkey for the hardware abstraction layer (HAL), for the Plug-and-Play Manager, and another subkey that indicates the system resources available on the machine.
HKLM\SECURITY: The subkey stores security data on the local computer. Applications typically query the security data via security APIs.
HKLM\SAM subkey contains information on any accounts or groups created locally on the computer. Information stored within this subkey cannot be modified. The data in the HKLM\SAM subkey is needed for compatibility with the Windows NT.
HKLM\SOFTWARE subkey contains information on the local computer software, as well as file associations and OLE information. Applications and system components write their settings to this subkey.
HKLM\SYSTEM subkey contains information on system devices and services. Whenever you install or configure device drivers and services, the data stored in HKLM\SYSTEM is modified.
HKLM\SYSTEM\MountedDevices contains information on the mounted and available devices that was obtained by the Logical Volume Manager service.
HKLM\SYSTEM\CurrentControlSet subkey points to the controls which are currently being used. The HKLM\SYSTEM subkey has multiple ControlSetXXX keys with each ControlSetXXX subkey representing a control set that existed before now. The CurrentControlSet subkey is merely a pointer to the latest successful boot set. The main subkeys stored beneath HKLM\SYSTEM\CurrentControlSet are:
Control holds information for the systems tools and services
Enum: An entry exists here for each device which was detected by the system
Hardware Profiles: An entry exists for each hardware profile on the computer.
Services: An entry exists for each service.
Using the Registry Editor (Regedit.exe) to edit the Registry
You have to use a registry editor if you want to perform any changes to the registry. The registry settings can be changed using Control Panel, Group Policy objects, MMC snap-ins, a logon script, the Registry Editor (Regedit.exe) or the Reg command-line utility. The settings that you can change in Control Panel are stored in the registry. You can therefore use Control Panel to view and modify registry settings.
The tools most commonly used to edit the registry are the latter two tools (Regedit.exe, Reg command-line utility) just mentioned.
Before actually making any changes to the registry, you should record the original registry keys and their associated values. You can use a backup tool to copy the registry or you can export the key that is going to be modified before attempting any modifications on the key. By doing this, you would be able to reinstate the key and values if necessary.
Setup installs the Registry Editor (Regedit.exe) in the %systemroot%\System32 directory. Use Regedit.exe when you need to search for subkeys, values and configuration data, add new registry keys and values, or change or delete the registry keys and values.
The main window of the Registry Editor is structured as follow:
In the left pane, there is a tree that holds the root keys and subkeys. These can be expanded.
The right pane lists the values that are linked with a key which you have selected in the left pane. The information displayed on the value in the right pane includes the name, type, and the data of the value.
The bottom section of the main window contains a status bar. The status bar details the full path to the key which you have chosen.
When you need to locate a key or value, you would use the Find option that is accessible from the Edit menu. In the Find What box, enter the pattern which you are trying to locate. You are cannot specify wildcards in your search. For the pattern you define, the Registry Editor searches only string values. You can use the available options in the Look At box to limit the search. You can specify the Keys, Values, or Data check box. If you need to locate the full search string, check the Match Whole String Only checkbox. After specifying your search criteria, click on Find Next. The Registry Editor now begins the search, using the parameters that you have specified.
When you actually know the location of the registry key and value, you can use the following process find the registry key and value:
Open the Registry Editor
Load the registry for the local computer
Double-click on the icon of the hive that contains the key or value you want to navigate to, to expand it.
Double-click on the icon of the key to expand the key
Select the values that the key contains to display them in the right pane of the main window
When you do not know the location of the registry key and value, you can use the following process find the registry key and value:
Choose the hive or key that you want to search
On the Edit menu, choose the Find option
When the Find dialog box is displayed, enter the name of the key, value or data that you are trying to find. Choose one of the following options: Keys, Values, Data, Match whole string
Click the Find Now button
When you need to edit or delete a key or value entry, you would use the Modify option from the Edit menu, or the shortcut menu items:
Open the Registry Editor, and load the registry for the local computer
Find the key or value that you want to edit or delete
If you want to change a value entry, choose the key that holds the value, and then right-click the value.
Choose Modify from the shortcut menu
Proceed to specify the new data of the value. Click OK
If you want to change the name of a key or value, right-click it, and then choose Rename from the shortcut menu.
Proceed to enter a new name for the key or value that you have selected.
If you want to delete a key or value, right-click it, and then choose Delete from the shortcut menu.
Click Yes to verify the deletion of the key/value.
You can use the Registry Editor to add new keys and values, and to remove existing keys and values. You would use the New /Key option on the Edit menu if you want to add a new key under a particular existing key. The Registry Editor creates the key with a default name of New Key #1. After the key is created, this name is automatically selected so that you can change it. A new key is created with a linked value that is not named. You can use the other options on the New submenu if you want to add any further values.
If you want to remove a key or value, simply select the particular key or value and use the Edit menu to select the Delete item.
Use the steps below to add a new key and new value:
Open the Registry Editor
Locate and right-click the parent key under which you want to add a new key or new value
Choose New, and then select Key from the shortcut menu
A new key is created as a child key of the parent key in the registry
Specify a new unique name for the key, and push Enter
If you want to add more values, right-click the parent key, choose New.
Next, choose one of the following options: String Value, Binary Value, DWORD Value, Multi-String Value, or Expandable String Value
Specify a new name for the value, and push Enter.
Right-click the just created value, and select the Modify option from the shortcut menu to allocate data to it
Before you make changes to the registry, it is recommended to make a backup copy of it. By doing this, you would be able to restore the key or value to its previous state. For this purpose, it is possible to import and export registry data from the Registry Editor. You can export the parent key to create a text based file version of the key that is easy to read. These files have a .reg file extension, and you can use a standard text editor to view the contents of the files.
The steps used to export, and then import registry keys are outlined below.
To export a registry key, open the Registry Editor
Find and then right-click the particular key that you want to export
Select the Export option from the shortcut menu to open the Export Registry File dialog box
Enter a the name and location for the export file
To import a .REG file into the Registry, open the Registry Editor
From the File menu, choose Import to open the Import Registry File dialog box
Find the file you want to import, and then click Open
The keys and value that the file contains are next imported into the registry.
You can also use the Registry Editor to change registry key security. To do this, select the Permissions option from the Edit menu. The Permissions dialog box has the following security users/groups:
Administrators, CREATOR OWNER, Power Users, SYSTEM ,Users
The permissions that you can grant/deny for keys are
Read, Full Control, and Special Permissions options
Click on the Advanced button on the Permissions dialog box to open the Advanced Security Settings dialog box of the particular key which you are working with. The Advanced Security Settings dialog box allows you to use its Permissions, Auditing, Owner and Effective Permissions tabs to set security parameters for the key.
Permissions tab: The settings of the Allow Inheritable Permissions From Parent To Propagate To This Object checkbox determines whether permissions are inherited by the subkeys of the particular key which you are configuring. You can use the View/Edit button to specify more precise permissions for a particular user(s). If appropriate, and before configuring these specific permissions, disable the Allow Inheritable Permissions From Parent To Propagate To This Object checkbox. The permission you can set are:
Full Control, enables users to view, edit and take ownership for a key
Query Value, enables users to query the registry for a value.
Set Value, enables users to configure new values, and overwrite the current values
Create Subkey, enables users to configure a new subkey
Enumerate Subkeys, enables users to obtain a list of the subkeys which belong to a specific key
Notify, enables users to register callback for when a value changes
Create Link, enables users to create a link to a particular registry key
Delete, enables users to delete keys/values
Read Control, enables users to view the DACL for a key
Write DAC, enables users to write access controls on a key
Write Owner, enables users to take ownership of a key
Auditing tab, used to configure auditing permissions for a key. You have to enter the users/groups that’s actions should be audited, and then define what actions should be logged.
Owner tab, used to reassign ownership for the key
Effective Permissions tab, used to determine the permissions that should be granted to a user/group.
Using the Reg (Reg.exe) command-line tool to edit the Registry
You can use the Reg (Reg.exe) command-line tool to view and perform changes to the registry. You can use this tool in batch files as well. The syntax and commands of Reg are detailed in the following section:
reg action [options]
Add, for adding a subkey or value to the registry
Delete, used to remove data from the registry
Copy, used to copy data in the registry to a different location within the registry
Import, used import a .REG file into the registry
Export, used export data from the Registry, and save the exported data to a file with a .reg extension.
Load, used to move data within the registry to a different location in the registry
Unload, used to remove any registry data which was added via Load.
Compare, used to compare the data of two particular subkeys or values. The command returns the following:
0 indicates that no dissimilarities were detected
1 indicates that the comparison failed
2 indicates that the comparison was successful, and that differences were detected
Query, used to view and print the registry data associated with a particular key
Save, used to save registry data in a file
How to Back up and Restore the Registry
It is recommended to back up the registry because it contains system and application settings. If you are using the Windows Backup Utility to back up system state data, a back up of the registry of the computer is incorporated in the backup process. You can consider using the Registry Editor to perform a manual back up of the registry data you want backed up. The Registry Editor includes the capability of exporting files from, and importing files to the registry.
How to use the Backup Utility to back up the registry
Open the Backup Utility tool
When the Backup Utility Wizard is displayed, click Advanced Mode
Click the Backup tab on the Backup Utility dialog box.
Use the Backup Media Or File Name option and Backup Destination option to indicate the device or location that should be backed up.
Enable the System State checkbox
Click Start Backup to initiate the backup
The system state data, as well as the registry files are backed up.
The Automated System Recovery (ASR) can be used to recover from system failure. You can use ASR to backup system files when changes are made to the OS. When you run ASR backup, a backup copy of the data is saved. Floppy disks are also created which you can use to restore the data that was backed up. You can initiate the ASR backup process via the Backup Utility tool. Click the ASR Wizard option on the Tools menu. You can run ASR restore to restore startup files when you are having problems starting Windows.
How to use the Last Known Good Configuration to restore the HKLM\System\CurrentControlSet key
After a successful startup of the operating system, Windows automatically stores a copy of the following registry key: HKLM\System\CurrentControlSet. If you have made recent configuration changes, and you are experiencing problems with starting Windows, use the Last Known Good Configuration option to boot the computer.
You can use the steps below to restore the HKLM\System\CurrentControlSet registry key:
Click Start, and click Turn off computer
When the Turn off computer dialog box is displayed, choose Restart
When prompted to choose the OS to start, select the Last Known Good Configuration option.
The computer now starts and restores the HKLM\System\CurrentControlSet key.
Certay IT Certification Questions and Answers are prepared by vastly experienced and qualified professionals hired by Certay and also these Q&As are updated on a regular basis in order to provide you with the latest Exam material. The IT Certification Training Kit provided by Certay is way Cheaper than the ordinary IT Certification books available in the market; also the IT Certification Training Kit is dull and monotonous.
Your purchase with Pass4sure is safe and fast. Your products will be available for immediate download after your payment has been received.
The Pass4Sure website is protected by 256 -bit SSL from McAfee, the leader in online security.
Experience Pass4Sure exam testing engine for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your Exin ITIL Foundation v.3 & ITIL Foundation exam.
Customizable, interactive testing engine
Simulates real exam environment