Chapter 25 - Configuration Management and the Registry
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
This chapter provides some examples of problem-solving tasks that involve changes made to the Registry by using Registry Editor. The topics in this chapter include the following:
Solving users' environment problems by using the Registry
Making sure the system always starts
Changing driver and service configuration data
Caution Use extreme care if you follow any procedures described here for changing the Registry directly by using Registry Editor. Editing entries in the Registry is equivalent to editing raw sectors on a hard disk. You can easily make mistakes that prevent the computer from starting.
Wherever possible, use Control Panel, the tools in the Administrative Tools group, and Windows NT Explorer to change the system configuration.
Solving Users' Environment Problems by using the Registry
.gif "Cc722564.spacer(en-us,TechNet.10).gif")
Using a Registry editor to view the contents of the Registry for a remote computer makes it easier for a system administrator to solve users' configuration problems.
Windows NT 4.0 includes two tools for viewing and editing the Registry, both called Registry Editor. The traditional tool, Regedt32.exe, is documented more thoroughly in these chapters. The new tool, Regedit.exe, has a Windows NT Explorer interface. It has many of the same functions as Regedt32 and an expanded search capability. Both tools are installed automatically when you install Windows NT on any computer.
You can use a Registry editor on your computer to view and edit the Registry of a remote computer. Then you can browse Registry entries to identify problems. To view and edit the Registry of a remote computer:
In Regedt32, from the Registry menu, click Select Computer, then type the name of the remote computer.
In Regedit, from the Registry menu, click Connect Network Registry, then type the name of the remote computer.
You can also load a copy of a hive from another computer to view and change entries, as described in "Loading Hives from a Remote Computer" in Chapter 24, "Registry Editors and Registry Administration."
Registry Editor is most useful as a tool to find the source of problems, not to edit value entries. After you find the source of a problem, Control Panel or other tools can be more safely used to solve the problem.
For example, you can easily check the user's desktop settings by examining the values under the Console and Control Panel subkeys for the user. The Console subkeys define settings for the command prompt and other character-based applications. The Control Panel subkeys in the Registry define the appearance and behavior of items in the Windows NT desktop.
To view a user's desktop settings
Use a Registry editor to view the Registry of the user's computer.
Under HKEY_USERS for the selected computer, double-click the subkey that represents the profile of the user. (The subkeys are named by the Security ID string (SID_#) of each user.)
Tip To determine which SID_# subkey is associated with a user, see the values for ProfileImagePath in the following Registry path:
HKEY_LOCAL_MACHINE\Software
\Microsoft
\Windows NT
\CurrentVersion
\ProfileList
\SID_#Double-click the ProfileImagePath value entry. The value of ProfileImagePath is a binary representation of the directory name of the user's profile, which includes the user's name.
Double-click the Console subkey if the problem involves a character-based screen.
– Or –
Double-click the Control Panel subkey if the problem involves a Windows NT window.
Check values as described in the Help topic for User Preferences on the Windows NT Workstation Resource Kit CD.
For example, suppose a user complains that their screen turns black whenever they click the shortcut icon for a utility that runs in a command prompt window. You can select this computer in a Registry editor, and then select the following subkey:
HKEY_USERS
\SID_#
\Console
\Name of shortcut
In this example, if the value of ScreenColors is 0, both the text and the screen background have been set to black, and this is the source of the user's problem. To fix this by selecting new colors, the user can double-click the shortcut icon, press ALT+SPACEBAR to display the Control menu, click Properties, then click the Colors tab.
Tip To change the colors or the bitmap that appear on the CTRL+ALT+DELETE logon screen, change the Wallpaper value entry under HKEY_USERS.DEFAULT\Control Panel\Desktop. For example, if you want a bitmap of your company's logo on the logon screen, change the value of Wallpaper to specify the path and filename of the logo bitmap.
Making Sure the System Always Starts
This section discusses:
Starting a system with configuration problems
Reconstructing a system with damaged files
Creating a custom startup verification program
The goal in all of these situations is to make sure a Windows NT system starts correctly each time you turn on the switch. Of course, you need to plan ahead for system safety by doing the following:
Maintain a regular backup program, including backups of Registry hives, as described in "Maintaining the Registry" in Chapter 24, "Registry Editors and Registry Administration."
Maintain a copy of the Emergency Repair Disk created when you installed Windows NT. Each Emergency Repair Disk works only for the computer where it was made. Use Repair Disk Utility (Rdisk), a tool installed with Windows NT, to update the Emergency Repair Disk with the current version of Registry hives. For more information, see Help for the Repair Disk Utility.
Install a redundant copy of the operating system to make the system more robust, as described in Chapter 2, "Customizing Setup."
You can also rely on Windows NT to automatically recover from damages to startup data. Specifically, to protect the system from corrupted sectors in the System hive, Windows NT automatically creates a backup of the System hive—the System.alt file—which is stored in Systemroot\System32\Config. If any problems are encountered while reading the System hive during startup, such as damage to the file, the Boot Loader automatically switches to the System.alt file to continue startup. For more information about the System.alt file, see "Hives and Files" in Chapter 23, "Overview of the Windows NT Registry."
Starting a System with Configuration Problems
This section describes how to start a computer when hardware or software problems prevent normal system startup.
For a computer running Windows NT, the Registry includes several control sets. Each control set is a complete set of system parameters that define startup, system recovery, and driver load controls plus service parameters and other system configuration data. The control set that appears under the CurrentControlSet key is the one used to start the system for the current session. For details about control sets, see "HKEY_LOCAL_MACHINE \System Key" in Chapter 23, "Overview of the Windows NT Registry."
Whenever you start Windows NT, the Boot Loader automatically tries to boot by using the current control set described under the HKEY_LOCAL_MACHINE \System \Select subkey. If the system cannot start by using this control set (because of erroneous user changes or bad-sector errors on a file), the Boot Loader automatically tries the LastKnownGood control set, as defined in the Select subkey.
You can also switch to the Last Known Good configuration manually, bypassing the automatic process.
To manually switch to a previous system configuration
Press ENTER to select Windows NT at the startup prompt, and then immediately press the spacebar.
From the Hardware Profile\Configuration Recovery menu, click Use Last Known Good Configuration, press L, then press ENTER.
Note If you select the LastKnownGood option at startup, the system discards any configuration changes to the HKEY_LOCAL_MACHINE \System \CurrentControlSet subkey made since the computer's last successful startup.
During system startup, you can choose between the default and the LastKnownGood control set only. For information about how the LastKnownGood control set is selected and stored, see "HKEY_LOCAL_MACHINE \System Key" in Chapter 23, "Overview of the Windows NT Registry."
If you have created more than one hardware profile, you can also choose a hardware profile. A hardware profile is a set of changes to the standard configuration of services (including drivers and Win32 services) and devices loaded when Windows NT starts.
For more information on hardware profiles, double-click System in Control Panel, click the Hardware Profiles tab and open Help. See also "Hardware Profiles Subkey for All Control Sets" in Chapter 23, "Overview of the Windows NT Registry."
Reconstructing a System with Damaged Files
You might need to restore a user's system configuration and working environment if hardware fails or is being replaced, or if files have been damaged on the hard disk. You can use the Emergency Repair Disk created during Windows NT installation to restore the system files. However, you lose any changes that were made to the system after installation when you use the Emergency Repair Disk to repair files such as the Registry hives unless you updated hive files on the Emergency Repair Disk. To update the Emergency Repair Disk with a current copy of the Registry hive files, use Repair Disk Utility (Rdisk.exe), a tool installed with Windows NT.
You can use one of the following methods to reconstruct the system from backups (as described in "Backing Up and Restoring Registry Hives" in Chapter 24, "Registry Editors and Registry Administration"):
Use Windows NT Restore to restore the Registry from tape backups*.*
Start the computer by using another instance of the operating system (or by using MS-DOS for a FAT partition). Copy the backup files to the Systemroot\System32\Config and Systemroot\Profiles subdirectories.
If you attempt to restore damaged SAM or Security hives, you must use this second method. You cannot replace these hives while Windows NT is running. This means that if your system files are on an NTFS volume, you must have another instance of Windows NT available on that system to be able to restore the SAM and Security hives. Or, you can use the Emergency Repair Disk to restore the default SAM and Security hives.
Use Regrest.exe, a tool on the Windows NT Workstation Resource Kit CD. Regrest replaces the default files installed by Windows NT Setup with data from backup files, and saves the default files under other filenames.
Creating a Custom Startup Verification Program
System startup is usually declared "good" if the following two procedures are complete:
All startup drivers are loaded.
When a service fails to load during startup, its ErrorControl value is checked, as defined in the CurrentControlSet\Services\Servicename subkeys. Whether the system startup process continues or halts depends on this value.
At least one user successfully logs on to the computer by pressing CTRL+ALT+DELETE and supplying a valid user name, domain, and password.
This basic standard for verifying system startup suits the needs of most situations; however, your site might require additional steps before considering a computer to be successfully started and ready to participate in the network.
For example, you can redefine startup validation for a server no one normally logs on to, or for which you want system startup to be validated as successful only after a particular process has started.
Or, for a server running Microsoft SQL Server, you might want a system startup to be marked as good only after the server responds to a request. To do this, you can write a program that queries the SQL database and checks the response. If the response is not as expected, the program can call the NotifyBootConfigStatus() function with a value of FALSE, prompting the system to restart by using the LastKnownGood control set. Or, the program can direct the system to run without saving the current configuration as the LastKnownGood control set. Conversely, if SQL Server responds as expected, the program can call the NotifyBootConfigStatus() function with a value of TRUE, which prompts the system to save the current configuration as the LastKnownGood control.
You can run such a verification program from the command prompt. Or you can have the program run automatically during startup by specifying value entries under the BootVerificationProgram subkey in the Registry.
To create a custom startup verification program
Change the value of ReportBootOK to 0 under the following Registry path:
HKEY_LOCAL_MACHINE \Software
\Microsoft
\Windows NT
\CurrentVersion
\WinLogonThe data type for ReportBootOK is REG_SZ. When the value of ReportBootOK is set to 0, it disables the automatic acceptance of startup after the first successful logon.
Create the executable program that you want to run as part of startup verification. Then specify its filename as a value for ImagePath in the BootVerificationProgram subkey under this Registry path:
HKEY_LOCAL_MACHINE \System
\CurrentControlSet
\Control
\BootVerificationProgramThe data type for ImagePath must be REG_SZ or REG_EXPAND_SZ.
As another example, a computer setup for a turnkey application is a candidate for a custom startup verification routine: The computer does not usually interact directly with users and you therefore do not want a successful user logon to be part of the system startup.
If you want a good system startup to be accepted from a remote computer (either manually or automatically), you can use the Bootvrfy.exe program that is supplied with Windows NT. In this case, the remote computer accepts the system startup by starting the Bootvrfy service. You can also write your own verification service, which can reject the system startup and revert to the LastKnownGood control set to restart the computer.
To verify system startup from a remote computer
For the local computer, add a BootVerification subkey under the following Registry path:
HKEY_LOCAL_MACHINE \System
\CurrentControlSet
\ServicesAdd the following value entries under this new BootVerification key:
Start : REG_DWORD : 0x00000003
Type : REG_DWORD : 0x00000020 ErrorControl : REG_DWORD : 0x00000001 ImagePath : REG_EXPAND_SZ : bootvrfy.exe ObjectName : REG_SZ : LocalSystem
For more information about these entries, see Regentry.hlp, the Registry Help file on the *Windows NT Workstation Resource Kit* CD.
Change the value of ReportBootOK to 0 under the following Registry path:
HKEY_LOCAL_MACHINE \Software
\Microsoft
\Windows NT
\CurrentVersion
\WinLogonStart the Bootvrfy service from a remote computer.
This service tells the service controller on the local computer to save the current startup configuration as the LastKnownGood configuration, and then the service terminates itself.
Important You cannot use the Bootvrfy service in conjunction with settings in the BootVerificationProgram subkey. These are mutually exclusive methods.
You might also want a good system startup to depend on whether a specific service or driver loads. For example, for a server you can program the Boot Loader to choose the LastKnownGood control set if the Server service doesn't start on the computer.
To change system startup to depend on a service or driver
Select the subkey for the service under the following Registry path:
HKEY_LOCAL_MACHINE \System
\CurrentControlSet
\Services
\ServicenameServicename can be any service you want successful system startup to depend on.
Double-click the service's ErrorControl entry, then change its value to 0x2 (which specifies to switch to LastKnownGood if the service does not start).
On rare occasions, you might want to change the ErrorControl value to 0x3 (which specifies to stop the attempted startup if the service does not start); however, this ErrorControl value is usually reserved for critical services such as file system drivers.
To put the new values into effect, close Registry Editor, shut down the system, and restart the computer.
If you do not get the intended effect, restart the computer and manually select the LastKnownGood control set as described in "Starting a System with Configuration Problems," earlier in this chapter. (All changes in the last session will be discarded.)
Customizing Windows NT Logon
You can change the Windows NT logon process in either of the following two ways:
Create a custom logon message, especially for secure sites
Allow automatic logon for a computer
During Windows NT logon, the first message that appears instructs the user to press CTRL+ALT+DELETE to log on. Then, when the Welcome dialog box appears, the user can type a user name, domain, and password.
You can define a custom message to display after the user presses CTRL+ALT+DELETE. For example, you can warn users that a particular computer is restricted to only certain users. Or, for all computers on the network, you can warn against unauthorized attempts to log on.
To create a custom logon message
In Registry Editor, select the following subkey:
HKEY_LOCAL_MACHINE \Software
\Microsoft
\Windows NT
\CurrentVersion
\WinlogonAdd a value entry named LegalNoticeCaption of type REG_SZ, and type text that will be the caption for the message.
Add a value entry named LegalNoticeText of type REG_SZ, and type text for the message.
If either LegalNoticeCaption or LegalNoticeText is defined in the Registry, a user cannot log on to the computer without acknowledging the message by clicking OK.
For a computer used as a print server and another special-use system, you might enable system startup without a user having to supply a user name or password. You can define automatic logon for a computer by adding some value entries in the Registry.
To allow automatic logon for a computer
In Registry Editor, select the following subkey:
HKEY_LOCAL_MACHINE \Software
\Microsoft
\Windows NT
\CurrentVersion
\WinlogonAdd a value entry named AutoAdminLogon of type REG_SZ, and specify a value of 1.
Add a value entry named DefaultPassword of type REG_SZ, and enter the password of the user who is listed under the value DefaultUserName.
Changing Driver and Service Configuration Data
The hardware detected on a computer is stored in the volatile HKEY_LOCAL_MACHINE \Hardware key. Because this key is destroyed each time the system stops and recreated each time the system starts, you cannot usefully edit hardware settings.
You can use Windows NT Diagnostics to view hardware data in an easy-to-read format. Based on this information, you can discover conflicts and their causes or determine how to set up new hardware before installing it. You can also get information about conflicts by looking at the System event log in the Event Viewer.
This section presents some suggestions for solving hardware and related driver problems by using Registry Editor.
To carry out some procedures described in this section, you need to follow the instructions for saving keys in "Saving and Restoring Keys" in Chapter 24, "Registry Editors and Registry Administration."
Recovering from an Unsuitable Video Display Choice
You can use the Windows NT Setup Display option in Control Panel to change the type of video driver, the color depth, or the resolution for a display adapter. If you make an unsuitable setting, one of the following two events occurs:
The driver fails to recognize the card and, therefore, fails to load at system startup. By default, the system tries to load VGA in base mode as a kind of reserve. So, if your video setting fails, the computer starts in VGA and screen resolution is poor. However, you can use the Display option in Control Panel to try another setting. (This happens only on an Intel-based computer.)
The driver recognizes the card and proceeds as though the parameters selected are acceptable. Because they are not acceptable (for example, you tried to use 1280x1024 resolution on a monitor that is only capable of 1024x768), you cannot see anything on your screen, although the system starts with no apparent trouble. (This always happens on a RISC-based computer when an inappropriate option is selected, but it can also occur on an Intel-based computer.)
If you cannot see anything on the screen after changing the display settings, do not attempt to log on. Instead, wait for the disk activity to stop, then use the power switch to restart the computer. When you restart, choose the VGA Mode version of Windows NT. If this does not work, follow the instructions in "Starting a System with Configuration Problems," earlier in this chapter. Then you can use the Display option in Control Panel to try another selection.
Changing Driver Loading Controls in the Registry
Under most circumstances, you should define the startup behavior of a device or a service by using the Devices option or the Services option in Control Panel, or by using Server Manager under Windows NT Server. Use these methods in specific cases where you cannot define behavior by using the other administrative tools.
You can change the basic value entries in the Registry to control driver loading for a specific driver. For example, you can change:
At what point the driver is loaded or the service is started, including turning off driver loading during startup.
The load order for a driver, a service, or a group during system startup.
Error control for a driver or service, so that startup continues or halts depending on whether the item is initialized.
Parameters that can be set for a driver or service.
To change the behavior of a driver or service
Select the subkey for the driver or service in the following Registry path:
HKEY_LOCAL_MACHINE \System
\CurrentControlSet
\Services
\DriverNameIf you want to change how system startup proceeds if the driver is not loaded or the service is not started, change the value of ErrorControl as follows:
Value
Meaning
0x3
Critical. Fail the attempted system startup.
0x2
Severe. Switch to LastKnownGood or, if already using LastKnownGood, continue in case of error.
0x1
Normal. Continue startup if the driver fails to load, but display a message noting the failure.
0x0
Ignore.
If you want to change the dependencies for loading the service, specify new values for the DependOnGroup, DependOnService, or Tag value entry.
If you want to change when the service is started or the driver is loaded, change the Start value as follows:
Value
Start type
Meaning
0x0
Boot
Loaded by the Boot Loader.
0x1
System
Loaded at Kernel initialization.
0x2
Auto load
Loaded or started automatically at startup.
0x3
Load on demand
Available, but started only by the user.
0x4
Disabled
Do not start.
To put these values into effect, close Registry Editor, then shut down and restart the computer.
For details about Start and ErrorControl values, see their definitions in Regentry.hlp, the Registry Help file on the Windows NT Workstation Resource Kit CD.
Controlling Multiport Serial I/O Cards
The Microsoft serial driver can be used to control many dumb multiport serial cards. Dumb indicates that the control includes no on-board processor. Each port of a multiport board has a separate subkey under the CurrentControlSet\Services\Serial subkey in the Registry. In each of these subkeys, you must add values for DosDevices, Interrupt, InterruptStatus, PortAddress, and PortIndex because these are not detected by the Hardware Recognizer. (For descriptions and ranges for these values, see Regentry.hlp, the Registry help file on the Windows NT Workstation Resource Kit CD.
For example, if you have a four-port COMTROL Hostess 550 board configured to use address 0x500 with an interrupt of 0x2, the values in the Registry are:
Serial2 subkey: |
Serial4 subkey: |
Serial3 subkey: |
Serial5 subkey: |
Certain multiport boards, such as Digiboard non-MCA bus cards, use a different scheme to determine which port is interrupting. These boards should include the Indexed value entry in the configuration data for each port under its subkey in CurrentControlSet\Services\Serial. This entry indicates that the board uses an indexed interrupt notification scheme as opposed to a bitmapped method.
For example, if you have an eight-port Digiboard communications board configured to be at address 0x100 with an interrupt of 0x3, the values in the Registry are:
Serial2 subkey: |
Serial6 subkey: |
Deleting Serial Ports
You can configure communication ports as described in the previous section. You might also need to delete one or more COM ports. Communication ports should be deleted by using the Ports option in Control Panel.
To delete a COM port by using Control Panel
- In Control Panel, double-click Ports. In the Ports dialog box, select the port you want to delete, then click Delete.
Sometimes, if you use Control Panel to delete a COM port that was created manually, the process leaves unwanted data in the Registry. If the deleted COM port is generating error events in the Event Log, you can remove the port directly from the Registry.
To delete a COM port by using a Registry editor
In a Registry editor, locate the Serialxxxxx subkey for the port in the following Registry path:
HKEY_LOCAL_MACHINE \System
\CurrentControlSet
\Services
\Serial
\ParametersTip To identify the Serialxxxxx subkey for the COM port, double-click the DosDevices value entry for a Serialxxxxx subkey. The value entry identifies the port by number, such as COM3.
Delete the Serialxxxxx subkey for the COM port. In Regedt32 or Regedit, from the Edit menu, click Delete.
If the communication port is active and detected by the Hardware Recognizer, the port reappears in the Control Panel Ports list when the system is restarted. If you do not want a built-in serial port to be active in Windows NT, you must disable the hardware by using a tool such as the computer's CMOS setup program.