|
|
The Windows Server 2003 Registry is a database that contains operating system, hardware, and software information for the local computer system. It is used by many programs, including the Windows Server kernel, device drivers, setup, and detection executables. One example of the type of information stored in the Registry is a list of all properly installed applications. Therefore, when you double-click a file name with the Windows Server Explorer, its extension is matched with a list of installed applications and launches the appropriate software. Other items stored in the Registry include:
Hardware configuration data
Program group and desktop settings for each user
User profile data
Local language and time settings
Network configuration data
Security information for users and groups
ActiveX and OLE server data
NOTE
The relationship between the Registry and the Active Directory is very close. The Registry maintains information for the local system, and the Active Directory provides object information about the domain network as a whole.
The Registry is based on a logical hierarchy of information, beginning with five subtrees known as keys. The concept of keys and subkeys follows the same principle as folders and subfolders within a directory tree. Every key and subkey has at least one entry that contains its name, data type, and configuration value (Table 2.3).
|
Key |
Description |
|---|---|
|
HKEY_LOCAL_MACHINE |
Information about the local system such as hardware and operating system data; major keys are hardware, SAM, security, software, and system. |
|
HKEY_CLASSES_ROOT |
File allocation and OLE/ActiveX data; includes association of extensions to applications. |
|
HKEY_CURRENT_CONFIG |
System startup configuration that permits changes to device settings. |
|
HKEY_CURRENT_USER |
Profile for current active user as well as console, Control Panel, environment, printer, and software data. |
|
HKEY_USERS |
Profiles for all active users as well as default profile. |
The keys and subkeys are stored in collections known as hives. Hive files are stored in %systemroot%\System32\Config or for user data in \%systemroot%\Profile\username. When changes are made to the Registry data, the data is compared to the logs before it is written. The log file is written first in a type of data streaming mechanism. When it is saved to disk, changes are updated to the hive key components. In this way, hive information is coupled with associated log files in an effort to minimize corruption.
If the Registry is lost or damaged, Windows Server 2003 cannot function. Therefore, its care and feeding is a critical system administrator responsibility. The first rule is to retain an emergency copy of the Registry in case of damage or loss. As stated previously, the Registry information is found in %systemroot%\System32\Config, where %systemroot% is the root directory for a system, such as \winnt. For system recovery, the Windows Server Setup program also creates a %systemroot%\Repair folder that contains the following files:
Autoexec.nt a copy of %systemroot%\System32\Autoexec.nt used to initialize the MS-DOS environment.
Config.nt a copy of %systemroot%\System32\Config.nt used to initialize the MS-DOS environment.
Default the Registry key HKEY_USERS\DEFAULT in compressed format.
Ntuser.DA A compressed version of %systemroot%\Profiles\DefaultUser\Ntuser.dat. The process uses Ntuser.da_ if this area needs repair.
Sam The Registry key HKEY_LOCAL_MACHINE\SAM in compressed format.
Security The Registry key HKEY_LOCAL_MACHINE\SECURITY in compressed format.
Setup.log The log of installed files with cyclic redundancy check (CRC) data. This file is read-only, system, and hidden by default.
Software the Registry key HKEY_LOCAL_MACHINE\SOFTWARE in compressed format.
System the Registry key HKEY_LOCAL_MACHINE\SYSTEM in compressed format.
During system startup, the Windows Server kernel extracts information from the Registry, such as which device drivers to load and their load order. The Ntoskrnl.exe program also passes other information, including its version number, to the registry.
System administrators may find it necessary to regularly view and edit the Registry. The Registry Editor tool (regedt32.exe) is located in the \System32 directory. Generally speaking, it is best to use the Windows Server administrative tools to resolve system issues prior to editing the Registry. However, from time to time, it is necessary to go to the source of system data. That is when the Registry Editor (Figure 2.23) comes into play.
NOTE
The older style regedit is no longer supported. If regedit is invoked from the command prompt, regedit32 is automatically invoked.
CAUTION
The Registry Editor is not a toy. Its improper use can result in fatal system behavior. When viewing and copying the Registry, always turn the Editor to read-only mode. When directly editing, always think twice before entering information. The Registry Editor automatically saves all changes, so once they are entered you must live with the consequences. Changes are reflected automatically.
 |
|
|
| Top |