Advanced Registry Cleaner PC Diagnosis and Repair
Another way to protect the registry or portions thereof is to apply permissions on individual keys to restrict access to those keys. In this way, you can allow certain users or groups access to certain parts of the registry and deny access to others. However, use this capability sparingly. Changing the Access Control List (ACL) for a registry key incorrectly could prevent the system from booting. Either avoid configuring the ACL for pre-existing keys and change only those keys you create yourself or be very careful with the changes you make. In Regedit, select the key or subkey on which you want to set permissions. Choose Edit O Permissions to access the Permissions dialog box (see Figure 22-4). Add and remove users and groups as needed, and then set permissions for each. For more information about setting permissions, see Chapter 27. Figure 22-4 Use the Permissions dialog box to configure access permissions on registry keys.
Because much of this chapter has been devoted to customizations related to installing the Windows Server 2003 operating system, it seems appropriate to end with a discussion of that component through which Windows operating systems can be customized to the greatest degree. That component is of course the Registry. The Windows Registry has been around since Windows 95. It is the database containing hardware, operating system, policy, file association, application, and user configuration.
1 & Registry Editor This key raises a red flag for Terminal Services. Each user should have his or her own USER.LEX file for WorkGroup, but this file, by default, is stored on the terminal server, not in each user's home directory. Luckily, WorkGroup gives you a modifiable registry key for the file's location, so the problem should be easy to fix. You make a note that this problem will have to be addressed. Figure 5.12 The location for mirrored registry keys. Figure 5.12 The location for mirrored registry keys.
The Registry is a database that the operating system uses to store configuration information, including hardware configuration. The Registry Editor program is used to edit the Registry. Normally, when you make changes to your configuration, you use other utilities, such as Control Panel. This utility is designed for advanced configuration of the system. Only experienced administrators should use the Registry Editor. It should only be used to make configuration changes that cannot be made through more conventional means. For example, you might edit the Registry to specify an alternate location for a print spool folder. Improper changes to the Registry can cause the computer to fail to boot. You should use the Registry Editor with extreme caution. Previous versions of Windows shipped with two versions of the Registry Editor, but Windows Server 2003 only ships with a single version, Regedit. To start the Registry Editor, Select Start Run, and type regedit in the Run dialog box. You can...
Windows Server 2003 provides one Registry Editor (Regedit), regedit.exe, for viewing and modifying the registry. Windows 2000 and previous versions of Windows NT included an additional Registry Editor, regedt32.exe, which provided a few features that Regedit lacked. These features have been merged (finally ) into a single editor. Regedit enables you to connect to, view, and modify a registry on a remote computer. Before you go tromping through the registry, however, keep two things in mind You need a good backup copy of the registry, and you need to be careful with changes you make because you could introduce changes that might prevent the system from booting. That's why a backup copy is so important. In addition, before you start playing with the Registry Editor, keep in mind that most changes, whether for the system, user, service, application, or other object, should be made with the administration tools for that object. Only use the Registry Editor to make changes not
In Figure 3.1, you saw the Registry Editor display five cascaded windows, one for each subtree. HKEY_LOCAL_MACHINE was on top you can see the other four subtrees' windows too. HKEY_CURRENT_USER's window has a right and left pane. The pane on the left looks kind of like a screen from the Explorer or the old Windows 3.1 File Manager.
Note the blank line between REGEDIT4 and HKEY you need that. Now open up a command line and tell REGEDIT to apply this change by typing regedit s cdfix.reg the s means be Silent, Regedit and so you won't get a message. But reboot your NT machine and you'll find that AutoRun is now disabled. Notice how what I could call the REGEDIT command language works the first line is REGEDIT4, then a blank line, then you indicate what key you want to work with, in brackets, and then the value entry. And that line starting with HKEY_LOCAL_MACHINE is just one line when typed, no matter how long. You can put a whole bunch of changes into a single file, or create different .reg files and apply them sequentially. As with msiexec.exe, be sure to put regedit.exe in the OEM folder, or this won't work. And you may be wondering, how did I figure out how to create a file in REGEDIT format Simple. I just highlighted a key that I wanted to apply and then exported it. The exported file turned out to be a simple...
The only registry editor in Windows Server 2003 is Regedit.exe regedt32 is gone. (If you open Start Run and enter regedt32, Regedit.exe opens). Most of us who work in the registry frequently have always preferred the interface of Regedit.exe, and only used regedt32 to set security settings. Now, the security settings are available in Regedit.exe, so we won't miss regedt32. Prevent Regedit from Displaying the Last Accessed Key One thing I dislike about Regedit in Windows Server 2003 (and in Windows 2000) is the fact that when you open the editor, it displays the last key you accessed. Sometimes that's a key way down the tree, and it's a lot of work to scroll, unexpand, and otherwise wend your way through the left pane in order to get to the key you want to use this time. To change the behavior, you have to perform two steps 1. Go to Applets Regedit. 4. Right-click the Regedit key in the left pane again, and choose Permissions from the shortcut menu. 8. Select that new Deny item and...
Environment (workgroup or NT 4.0 domain), there are several ways to configure registry keys for the SUS client settings. The most common ways to set the registry keys in a non-Active Directory environment are Manually editing the registry using regedit.exe Centrally deploying these registry key changes using Windows NT 4.0 System Policy 1. Open the Registry Editor. Click Start Run and type regedit.exe. Press OK. After the Critical Update software has been upgraded, it is time to configure the software. Let's take a look at one of the methods used to update the registry on older client systems.To modify the Registry with regedit.exe, add the following settings to the Registry at this location HKEY_LOCAL_MACHINE Software Policies Microsoft Windows WindowsUpdate AU
To configure this setting via the command line, you first need to create a .reg file containing the Registry key described in the next section, and then use Regedit to import the file into your local Registry. You can use a shell script to automate the process of creating the Registry key as follows echo Windows Registry Editor Version 5.00 TFILE echo TFILE regedit s TFILE
The client's version is stored in the following registry key On the Advanced Client, this client's version registry key value is set to 99.9.9999.9999. This value ensures that the Advanced Client software is never overwritten by the Legacy Client software. To determine the client's software version, you can check WMI. The client's software version is stored in the ClientVersion property of the SMS_Client class in the root CCM namespace.
Windows NT Server 4 and NT Workstation had several obvious differences, but one of the major differences wasn't obvious. The core files required to run NT Server and NT Workstation were and are the same, but at boot time the OS looks in the Registry key Run REGEDT32 and look in that key on a Win2K system, and, among other information, you'll see a value for Product Type. That value was (and is this hasn't changed) WinNT for Windows NT Workstation Win2K Professional computers, LanmanNT for domain controllers, and ServerNT for server computers.
The following command will disable a particular network adapter in a Windows Server 2003 computer. This command uses the devcon.exe utility, which you can download from the Microsoft website from KB 311272. Devcon.exe requires the value of the PnpInstanceID REG_SZ key found in the Registry key referenced in Recipe 1-21.
In Windows Server 2003, objects include Registry keys, printers, computers, files and folders. Each object has a security information object, which is called the security descriptor, attached to it. The security descriptor contains information about the groups or users that can access an object, and the types of access, i.e., the permissions, granted to those groups or users. This part of the security descriptor is called the Discretionary Access Control List (DACL). In other words, the DACL is the part of the security descriptor that grants or denies access to the object to groups or users.
Authorization is the process of determining whether an authenticated user is allowed to perform a requested action. Each time you open a file, Windows Server 2003 verifies that you are authorized to open that file. Each time you print, Windows Server 2003 verifies that you have Print permissions to that printer. In fact, Windows Server 2003 verifies your authorization to access just about every object you can imagine files and folders, shared folders, printers, services, Active Directory directory service objects, Terminal Services connections, Windows Management Interface objects, and registry keys and values.
In the next screen, you are asked which template you would like to use. Because ours is called AD DS Set, we obviously want to select Active Directory Diagnostics, so we'll select that and click Next. The Active Directory Diagnostics will collect data on this local server that includes Registry keys, performance counters, and trace events that are helpful in troubleshooting Active Directory Domain Services performance issues.
In Win2K, you were prompted to select a compatibility mode when installing Terminal Services. The options were Permissions compatible with Windows 2000 Users and Permissions compatible with Terminal Server 4.0 users. In line with Microsoft's new focus on security, WS2K3 defaults to Full Security mode. This mode is similar to the Win2K Users mode. Under WS2K3 Full Security mode, non-administrators cannot modify the HKEY_LOCAL_MACHINE registry key nor write files to anywhere on the server's hard drive other than their profile directory.
MBSA can determine which critical security updates are applied to a system by referring to an XML file that is continuously updated by Microsoft. The XML file contains information about which security updates are available for particular Microsoft products. This file contains security bulletin names and titles, and detailed data about product-specific security updates, including the files in each update package and their versions and checksums, registry keys that were applied by the update installation package, information about which updates supersede others, related Microsoft Knowledge Base article numbers, and much more.
While permissions can be modified for the Registry using the Registry Editor (by using the regedt32.exe command at Start Run), it makes sense in a larger organization to apply security to the Registry via group policy. Although this topic has been touched on earlier in this book, let's look again at the tools you have at your disposal for securing the Registry across the enterprise. We'll review the use of regedt32.exe and then we'll look at group policy. When you launch the Registry Editor, you can view or modify any Registry keys to which you have access. As you're well aware, modifications to the Registry can cause a system to crash and can make recovery difficult and time consuming unless you've recently backed up the Registry. Use care when viewing or modifying the Registry and, if in doubt, always export a current copy of the Registry or make sure your Automated System Recovery (ASR) disk is up to date before making any changes. Exercise 9.03 steps through viewing Registry...
You discovered some traces of a potentially harmful virus on one of the domain controllers. You launch antivirus software, and it reports successful cleanup, but you still observe some Registry keys that belong to the virus code. Which system state restore method is the most appropriate in this situation
Security Policies These policies provide many different ways of securing the computing environment, ranging from restricting access to files, folders, and Registry keys to controlling system services and applications running on computers, limiting certain privileges to selected users or groups, and determining domainwide password settings.
Each time Windows 2003 boots, a hidden administrative share is created for every drive. These shares are backup paths for the system just in case direct access to system files is somehow interrupted. In other words, it's a redundancy you don't need The administrative shares are disabled by adding AutoShareServer to the following Registry key
Tip You should add most template settings using the Security Templates snap-in. The template file is a text file, but the required syntax might be confusing, and using the snap-in ensures that settings are changed using the proper syntax. However, the exception to this rule is adding Registry settings that are not already listed in the Security Option portion of the template. As new security settings become known, if they can be configured using a Registry key, you can add them to a security template. To do so, you add them to the Registry Values section of the template. The article How to Add Custom Registry Settings to Security Configuration Editor helps you understand how to perform this task. You can find it at
At the end of a given installation, the client is queried for a successful installation of the application. In the event of an installation failure, the application should roll back completely so that the client remains in a state equal to its state before the application was installed. This will depend on the individual applications, which may be limited by the installer technology of the client application. Even if the application fails, the registry key above is incremented. The success and failure to install each application is reported in the Completing the Client Setup Wizard page. The installation order is as follows
Because the Windows 98 workstations are in a child OU, you need to block policy inheritance and then assign the correct Registry keys to the Windows 98 workstations via a Windows 98 Group Policy. All other answers are actions that you would need to take in order to implement IPSec in your environment.
Some applications save configuration information in the Windows registry. If the setup program or provisioning script creates the registry entries, run the setup program or provisioning script on the target server. Otherwise, you must manually identify the registry entries and then re-create them on the target server. Caution Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing 2. Back up the registry entries on the source server that you identified in the previous step by using the registry editor Regedit.exe.
Perhaps the best way to protect the registry from unauthorized changes is to keep users out of it altogether. In the case of a server, keeping the server physically secure and granting only administrators the right to log on locally is the first step. For other systems, or where that isn't practical for a given server, you can secure the Registry Editor. Either remove the Registry Editor from the target system or configure the permissions on Regedit.exe to deny permission to execute for all except those who should have access. If you've removed the Registry Editor from a system and need to modify its registry, you can do so remotely from another computer that does contain a Registry Editor. See the section Securing remote registry access, later in this chapter if you want to prevent remote editing of the registry. Note Simply removing the Registry Editor from a server doesn't prevent registry changes. Someone
The NTUSER.DAT file for the user currently logged in may be edited using a Registry editing tool such as REGEDT32.EXE or REGEDIT.EXE, although these tools are not particularly intuitive (an understatement if I have ever heard one). The System Policy Editor (POLEDIT.EXE, covered in the upcoming section on system policies) that comes with Windows NT Server and Win2K Server is more user-friendly and can be used to directly edit several selected settings in the local Registry. The System Policy Editor is a selective Registry editor and is easier to use, as it does not require any knowledge of Registry syntax or structure. While this application offers several options that are not available in the graphical interface, very little would be of interest to normal users setting up their own profiles, even assuming that they have access to the application (it's not included with NT Workstation). Even though the System Policy Editor can be used to edit the machine's local Registry, as shown in...
In this exercise, you will edit the Registry. It's good practice to back up the Registry before you start. Be careful and follow the steps exactly. There is no Undo function in the Registry Editor. 1. Choose Start Run to open the Run dialog box. In the Open box, type regedit and press Enter to open the Registry Editor.
One of the best ways to protect the Registry from unauthorized access is to make it so users can't access the Registry in the first place. For a server, this means tightly controlling physical security and allowing only administrators the right to log on locally. For other systems or when it isn't practical to prevent users from logging on locally to a server, you can configure the permissions on Regedit.exe and Reg.exe so that they are more secure. You could also remove Registry Editor and the REG command from a system, but this can introduce other problems and make managing the system more difficult, especially if you also prevent remote access to the Registry. To modify permissions on Registry Editor, access the SystemRoot folder, right-click Regedit.exe, and then select Properties. In the Properties dialog box, select the Security tab, as shown in Figure 14-9. Add and remove users and groups as necessary, then set permissions as appropriate. Permissions work the same as with other...
The registry forms a hierarchical (tree) database with five primary branches called subtrees. A subtree can contain keys, which function as containers within the subtree for subkeys and values. Subkeys are sub-branches within a key. Values are the individual settings within a key or subkey. Perhaps the best way to understand the registry structure is to view it through the Registry Editor, as shown in Figure 22-1. (You'll find detailed information about the Registry Editor later in this chapter in the section The Registry Editor. ) Q' Registry Editor
Instead of trying to hack everything out in REGEDT32.EXE, you can use the System Policy Editor to place restrictions directly on the profile. (I know we haven't covered the System Policy Editor yet, but we will soon forgive me for jumping the gun, but this won't take long.) Run the System Policy Editor (POLEDIT.EXE) while logged in as the template user SNEEZY. In this scenario, you will be using the Policy Editor as a user-friendly Registry Editor, instead of as a tool to impose system policies on your network.
In any case, let's try something out, something relatively harmless. Let's change the name of the company that you gave Windows 2000 when you installed it. Recently my firm changed names from TechTeach International to MR&D. Suppose I'd already installed a bunch of Windows 2000 machines and filled in TechTeach International when prompted for an organization. Suppose also that I want to change that so the Help About dialog boxes say that I'm Mark Minasi of MR&D, but I don't feel like reinstalling. Fortunately, the Registry Editor lets me change company names without reinstalling 1. Open the Registry Editor. From the Start menu, choose Run. 2. In the command line, type REGEDT32 and press Enter.
One of the common tasks you'll want to perform in Registry Editor is to search for a particular key. You can search for keys, values, and data entries using the FIND command on the Edit menu (see the following screen). Type the text you want to find in the Find What box. You can search only for standard American Standard Code for Information Interchange (ASCII) text. So, if you're searching for data entries, Registry Editor will search only string values (REG_SZ, REG_EXPAND_SZ, and REG_MULTI_SZ) for the specified text. Use the Look At options to control where Registry Editor looks for the text you want to find. You can search on key names, value names, and text within data entries. If you want to match only whole strings instead of searching for text within longer strings, select Match Whole Strings Only. After you make your selections, click Find Next to begin the search. If Registry Editor finds a match before reaching the end of the Registry, it selects and displays the matching...
Following the steps in Exercise 7.2 takes care of the NTLM version 2 concerns for Windows 95 and Windows 98 clients. However, that still leaves Windows NT 4 as a potential problem. If you have Service Pack 4 or later installed, you can use NTLM version 2. To disable LM authentication in Windows NT 4, you need to use the Registry Editor and configure the changes. You'll do so in Exercise 7.3.
The Registry is mostly contained in a set of files called the hives. ( Mostly because some of it is built automatically every time you boot up your system. For example, Windows 2000 doesn't know what devices are on a SCSI chain until you boot.) Hives are binary files, so there's no way to look at them without a special editor of some kind, like the Registry Editor. Hives are, however, an easy way to load or back up a sizable part of the Registry.
Using the registry editor, create a new key in the Web Element Database called TabsNetworkSample . Note that this key should be a child of the WebElementDefinitions key, and not of the TabsNetwork key. (Within the Web Element Database, all Web Elements are peers of one another. The hierarchy manifested in the Web UI is created via the Container value of each key.
In the Administrator e-mail account field, specify the e-mail address to which nondelivery notices should be sent for newsgroup articles that can't be delivered to the designated moderator. To enable sending NDRs, create the DWORD value MailFromHeader in the registry. Use Regedit or Regedt32 to add the DWORD value HKEY_LOCAL_MACHINE and set the value to 1.
You can use Regedit to perform all registry browsing and modification tasks. You can even back up the registry by exporting it to a registry script however, you should use Backup or a third-party backup utility that backs up other system data along with the registry. The following sections explain how to accomplish specific tasks in Regedit. You're most likely to modify the registry to change existing values, rather than create new ones or modify keys. To change the value of a registry entry, locate the value in the editor and then double-click the value. Regedit displays a dialog box (similar to the one shown in Figure 22-2) that varies according to the data type you're editing. Modify the data as needed, and then click OK. Figure 22-2 Regedit provides a dialog box tailored to the type of data value selected. Figure 22-2 Regedit provides a dialog box tailored to the type of data value selected. You can create a new value in an existing key. You might need to do this, for example, if...
You can make a backup of the entire Registry very easily at the command line. Simply type regedit e SaveFile, where SaveFile is the complete file path to the save location for the Registry data. Following this, you could save a copy of the Registry to C Backups Regdata.reg by typing regedit e c backups regdata.reg. You would then have a complete backup of the Registry.
You can configure WDS to use a multicast transmission to deploy a single install image to multiple computers. As Figure 11-3 shows, you can configure an auto-cast, which begins the transmission immediately, or configure a scheduled-cast in which you specify settings such as the number of clients that must connect prior to beginning the transmission, a time and date for the transmission to begin, or both. You can configure a multicast deployment to throttle the bandwidth it uses by selecting a network profile on the Network Settings tab of the WDS server's properties. The available profiles are 10 Mbps, 100 Mbps, 1 Gbps, and Custom. You can also throttle bandwidth by modifying the HKLM System CurrentControlSet Services registry key and setting the value to the percent of available bandwidth that the server will use.
Modify SIDs specified in the ACLs of files, shares, and registry keys. Grant access rights on objects to specified users and groups. (Include ShowAccs.exe, SIDWalk.exe, and SIDWalk.msc tools.) Display security descriptors for files, registry keys, or services. Change security information such as owner of an object, domain name, or SID
When you install an application, Terminal Services creates a compatibility flag registry key, which Figure 3.15 shows, that instructs Terminal Services about which type of program the application is (MS-DOS, 16-bit, 32-bit). If you're installing a legacy application that will not run on Terminal Services, you can adjust this flag so that Terminal Services makes adjustments when the application is launched.
You can also use group policy objects to enable auditing. Auditing is used to track authorized and unauthorized resource access, usage, and change. Administrators can audit the success and or failure for a number of tracked events. Examples of what can be tracked include logons, changes to policy, use of privileges, directory service or file access, and so forth. Some objects such as the Active Directory directory service, the file system, Registry keys, and printers require two steps to enable auditing. Administrators must enable auditing in group policy and on the specific objects they want to track. You can configure these resources to track individual and group accounts, as well as specific actions such as changing permissions on or deleting the object. Most objects have a sizable number of possible auditing options. Unlike the other items in the previous list, some Active Directory objects already have auditing configured for them. Despite this convenience, administrators should...
To do so you need to add the AvoidPdcOnWan value under the HKEY_LOCAL_MACHINE System registry key. If you set the value to 1, the domain controller will ignore sending password updates as a critical update when the PDC Emulator is located in another site. A setting of 0 restores normal operation.
The SETPATHS.CMD subscript checks to make sure that the registry keys for the user's application environment are in place. The registry keys for the current user variables can be found in the The next section of the script is designed to create a ROOTDRIVE. The concept of the ROOTDRIVE was created because most registry keys can't reference environment variables. For Joe uses an application that allows him to create personal templates for his documents, and there is a registry key that defines the path to store these template files. The registry can't reference environment variables, only absolute paths, so we cannot use HOMEPATH resolves to WTSRV Profiles Jane.Doe. Once again, we can't use variables in the registry key, so we don't have an easy way to reference Jane's profile directory.
registry key equal to 3 or 4 (the difference between the cases will be discussed later). This will help you to see all replication requests, the sequence of replicated directory partitions, and the result of the requests. (Two domain controllers from the same domain NETDC3 and NETDC4 are used in the following examples.) The following two events are logged after each directory partition has been successfully replicated (NETDC4 asks NETDC3 for the changes)
We prefer to use the registry to configure Shutdown Event Tracker in many cases (in comparison to the local Group Policy settings). The local Group Policy can dictate the shutdown policy for the domain. This is not feasible for a single machine configuration. Another reason is the lack of terminal server access to local Group Policy settings. You can use the Registry Editor to edit the remote computer's registry in this case. 1. Open the Registry Editor. (Click Start Run and type regedit.) Figure 9.36 Editing the Registry Key for Shutdown Event Tracker Figure 9.36 Editing the Registry Key for Shutdown Event Tracker 5. Click OK and close the Registry Editor. Restart the computer to apply the changes.
If the system is unable to start up correctly after you have installed a new device or made a configuration change, this option should be the first tool you use. It will restore the registry key to a copy of the one that was used during the last successful system startup. Note that this tool does not solve any issues with corrupt or missing driver files. To access this tool, perform the following steps
When you select the From Registry option for the Load Zone Data On Startup setting, the DNS server is initialized by reading parameters stored in the Windows Registry. When you select the From File option, the DNS server is initialized by reading parameters stored in a boot file, such as those used by BIND servers.
For this exercise, let's assume you want to limit the ability to run the Regedt32 command. Click Registry, and then on the menu, click Action Add Key. The dialog, Select Registry Key, is displayed as shown in Figure 9.16. 12. In the Select Registry Key, three keys are visible CLASSES_ROOT, MACHINE, and USERS. Click the + to the left of USERS to expand the tree. Select Registry Key Select Registry Key Expand the Software node, click the + to the left of the Microsoft node, and scroll down until you locate RegEdt32. Click RegEdt32 to select it and then click OK. The Database Security for Figure 9.18 View or Modify Permissions for Registry Key Figure 9.21 Modifying Permissions for the RegEdt32 Registry Key Figure 9.21 Modifying Permissions for the RegEdt32 Registry Key 23. In the MMC, you now have an object listed in the right pane, which should reflect the Registry key we just added USER DEFAULT Software Microsoft RegEdt32, as shown in Figure 9.22. Figure 9.22 Default Domain Policy...
The easiest way to configure the client to use Automatic Updates is through Control Panel System, Automatic Updates tab. However, you can also configure Automatic Updates through the Registry. The Registry is a database of all of your server's settings and can be accessed by clicking Start Run and typing Regedit in the Run dialog box. Automatic Updates settings are defined through WindowsUpdate AU. TABLE 1.4 Registry Keys and Values for Automatic Updates TABLE 1.4 Registry Keys and Values for Automatic Updates Registry Key To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found at WindowsUpdate.
For our script to locate these files, we must read some values from the registry of the domain controller. We can do this by using an instance of the RegistryClass class described in the previous section. We can find the location of the AD database and log files in the following registry key ' Registry keys pointing to the AD Database and log file locations.
You can also increase the amount of information logged to the Security Event log by asking for per packet drop events. You perform this task by increasing the audit level to 7. You can either use Netsh or set the following Registry key to a value of 7 HKEY_LOCAL_MACHINE SYSTEM Regardless of the method you use, you must restart the computer for the changes to take effect.
Objects include Registry keys, printers, files, folders, and so forth. Every Windows object has a security information object attached to it. It is referred as the security descriptor of the object. The security descriptor contains permission and auditing information on the object. The security descriptor holds information about the groups and individual users that are authorized to manipulate the object, and defines what level of access each has to the object.This part of the security descriptor is referred to as Discretionary Access Control List (DACL).
The wireless hacker does not need many complex tools to succeed in spoofing a MAC address. In many cases, these changes either are features of the wireless manufacturers or can be easily changed through a Windows Registry modification. Once a valid MAC address is identified, the attacker needs only to reconfigure his device to trick the AP into thinking he or she is a valid user.
Click Start Run and type regedt32 in the Run dialog box. The 16-bit equivalent (for older Windows operating systems that use the registry) is the command is regedit. 2. The Registry Editor opens with the registry HKEYs displayed on the left and related values on the right. 11. Click the word Parameters under Tcpip. When you click on that registry key, a list of values is displayed in the right pane of the window, as seen in Figure 1.10. Figure 1.10 Using the Registry Editor Figure 1.10 Using the Registry Editor
All of these methods back up the items mentioned previously, but do not back up authentication credentials, registry settings, or other global DHCP configuration information such as log settings and database location. Instead, you need to back up the registry key HKEY_LOCAL_ Tip The easiest way to back up the DHCP registry key is to export the key from the Registry Editor. Open the Registry Editor, select the key, and export it to the same backup location as the other DHCP backup files. To change the interval for synchronous backups from its default setting of 60 minutes, open the Registry Editor and open the key Services DHCPServer Parameters. Modify the value BackupInterval as desired. If the DHCP server suffers a failure, you can quickly restore the DHCP service by restoring the DHCP database. Bring the server back online and install the DHCP service. If you backed up the DHCP registry key, stop the DHCP service, import the key, and restart the service then, open the DHCP console....
In your organization have implemented EFS. For example, if you have not implemented a formal data recovery policy but find that 80 of your users are implementing EFS, you might decide to implement recovery procedures. Although there is no way to determine if files are currently encrypted, there are registry keys that are present if EFS has ever been implemented. 2. Click Start, click Run, type regedit.exe and then press ENTER. 3. In the Registry Editor, navigate to the following path and look for the presence of the EFS key.
Before you attempt to make a backup, document the existing structure, including the resource registry keys that map to resources. We also suggest that you catalog your backups and create a repair disk for each node that you can use for restoring that node, if necessary. You should use the Backup tool to create emergency repair disks in case the system files become corrupted or damaged.
You can change the regional settings by specifying the settings in an answer file during an unattended setup, or you can set it manually. If you run the command control intl. cpl, you will notice that Server Core is not completely GUI-less (see Figure 7.12). After typing the previous command, the Control Panel applet regional and language options will appear. Because of some dependencies on a few low-level GUI DLLs, it is not yet possible to use a complete command-line version of this applet. Of course, it's also possible to edit the Registry with regedit, but why should you use it if a GUI is available
A path rule identifies software by its file path. For example, if you have a computer that has a default security level of Disallowed, you can still grant unrestricted access to a specific folder for each user. You can create a path rule by using the file path and setting the security level of the path rule to Unrestricted. Some common paths for this type of rule are userprofile , windir , appdata , programfiles , and temp . You can also create registry path rules that use the registry key of the software as the path. Because these rules are specified by the path, if a software program is moved, the path rule no longer applies.
The easiest way to configure the client to use Automatic Updates is by choosing Control Panel System and clicking the Automatic Updates tab. However, you can also configure Automatic Updates through the Registry. The Registry is a database of all of your server settings and can be accessed by choosing Start Run and typing regedit in the Run dialog box. Automatic Updates settings are defined through Windows WindowsUpdate AU. TABLE 3.16 Registry Keys and Values for Automatic Updates TABLE 3.16 Registry Keys and Values for Automatic Updates Registry Key To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found at WindowsUpdate
You can edit the registry of a remote computer, subject to your permissions and rights on the remote computer, as well as how the remote system is configured. To open the registry from another computer in Regedit, click File O Connect Network Registry and specify the computer name or browse for it. The registry for the remote computer appears as a separate branch in the tree pane. You can view and modify settings just as you would for the local computer, although the tree includes only the HCLM and HKU keys for the remote computer the others are not displayed. When you're finished, click File O Disconnect Network Registry, and the computer's registry disappears from the tree. You can connect to multiple remote systems concurrently, if needed.
You use the Ntdsutil command-line tool in Directory Services Restore Mode to move the database from one location to another location on a disk. If the path to the database files changes after you move the files, you must always use Ntdsutil to move the files, instead of simply copying them. This way, you ensure that the registry key is updated with the path to the new location, and Active Directory restarts from the new location. Note You can also move transaction log files to another location. The Move logs to command moves the transaction log files to the new directory that is specified by and updates the registry keys, which restarts the directory service from the new location.
Press F8 as the system restarts and select the Last Known Good Configuration. This option restores the registry key HKLM System CurrentControlSet to the state of the key at the last successful logon. This key contains most hardware configuration. Therefore, the effect of Last Known Good Configuration is similar to driver rollback, except that all configuration, not just the driver, is rolled back for all devices and services. The Last Known Good Configuration will not be useful if, following a device configuration change, you have logged on at least once because successful logon will mark the registry with the misconfiguration as the Last Known Good.
Configuring WSUS settings via registry settings can be performed on an individual basis, via login scripts, or through NT 4.0 system policy.Table 9.3 lists the registry entries for the WSUS environment options. These entries can be found under the registry key Additional configuration of the Automatic Update agent can be also be made via registry settings that can be made on an individual basis, set by login scripts, or through NT 4.0 system policy.Table 9.4 lists the registry entries for the Automatic Update agent options. These entries can be found under the registry key
Enabling auditing of object access doesn't configure auditing for a particular object, but instead simply makes it possible (that is, turns on the capability to audit object access). You then need to configure auditing for each object you want to audit. In the case of the registry, this means you need to configure auditing for each key you want to track. To do so, open Regedit. Locate and select the key you want to configure and choose Edit O Permissions. Click Advanced, click the Auditing tab, click Add to select the user or group whose access you want to audit for the selected key, and click OK. Regedit displays the Auditing Entry dialog box, shown in Figure 22-5. Select Successful Failed as desired. Table 22-2 lists audit events you can configure for registry access.
Process does not perform any other tasks other than copying files to a set of folders and modifying the registry. Changes such as registering DLLs cannot be duplicated with a simple registry copy. Therefore, running the installation process on the target servers is, in many cases, the only way to install an application. Even so, migrating the registry keys could enable you to duplicate the configuration of an application after installation. With Regedit, you can save a key and its contents to a binary file that you can later load into a registry. To do so, select the key and choose File O Export, and then specify a filename. From the Save as Type drop-down list, choose Registry Hive Files. Click Save to save the file. You also can use Regedit to export a selected branch or export the entire registry to a registry script. There are other ways to back up the registry, so let's assume you want to export only a single branch (you use the same process either way). Locate and select the...
Regardless of the front end, almost all software configurations ultimately end up manipulating the Windows registry for final client configuration commitments. That being said, you can edit the registry directly to configure your WSUS-specific client configuration needs. In situations where Group Policy is not available due to the lack of an active Directory domain and where configuring local policy becomes too tedious because of each logical machine visit, a few scripting techniques might help you roll out the needed registry keys. Table 7.4 and Table 7.5 outline each of the possible registry key combinations, their possible key partners (if necessary), the registry key data type, and the corresponding Group Policy and Local Policy. The tables are divided to show you each key separately, the first showing the WSUS client environment variables and the latter showing the AU client's own configuration options. Table 7.4 Windows Update Agent Environment Registry Keys Table 7.4 continued...
The process of backing up all DHCP settings and restoring them onto the same (or a different) server has been streamlined in Windows Server 2003. No longer do you need to export Registry keys and manually move databases between servers to migrate DHCP because the Backup and Restore process can be accomplished directly from the MMC. The process for backing up and restoring a DHCP database is as follows
The easiest way to configure the client to use Automatic Updates is by choosing Control Panel System and clicking the Automatic Updates tab. However, you can also configure Automatic Updates through the Registry. The Registry is a database of all of your server settings and can be accessed by choosing Start Run and typing regedit in the Run dialog box. Automatic Updates settings are defined through WindowsUpdate AU. TABLE 3.16 Selected Registry Keys and Values for Automatic Updates TABLE 3.16 Selected Registry Keys and Values for Automatic Updates Registry Key To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found at WindowsUpdate
Http www.threatcode.com for some well known examples. But most programs, even those that don't work well from a simple local user account by default, can be made to work with some patience and careful investigation. The basic solution is to install the software as an administrator, then change to an account that is only a local user account, and try to run the software. Observe where it fails, and try to correct it. The correction may require change where the software writes its logs, or changing the permissions on a registry key, for example. The process isn't simple, but if you're patient you can usually resolve the problems. And the payback is a much more secure and safe computer.
Setting up computer groups takes three steps. First, specify whether you intend to use server-side targeting, which involves manually adding each computer to its group by using WSUS, or client-side targeting, which involves automatically adding the clients by using either Group Policy or registry keys. Next, create the computer group on WSUS. Finally, move the computers into groups using whichever method you chose in the first step.
By using client-side targeting, WSUS can figure out how to assign computers to different groups by looking at Group Policy or Registry keys on each machine to automatically collect computers into a group. Client-side targeting saves you the trouble of manually adding computers, moving them around in groups, and generally resorting to tedious administrative methods.
The last file that Windows 3.1x used for system configuration was reg.dat. This was the Windows 3.1 Registration Database and is the direct predecessor of the registry. (It didn't take long for users to shorten the name Registration Database to registry.) This database, which contained nested structures from a single root (HKEY_CLASSES_ROOT), held the information needed to maintain file extension associations and Object Linking and Embedding (OLE) drag-and-drop support. Unlike .ini files, which are simple ASCII text files that you can edit in any text editor, the reg.dat file was a binary file and came with its own editing application, the Registration Information Editor (Regedit.exe). This first registry had some serious limitations, in the form of a single hierarchy and a size limit of 64KB for the reg.dat file.
The quickest way to identify WSUS client settings is to create a simple script file that can be used to query the registry keys you are interested in, and pipe them to the console for quick review. This can be used for troubleshooting purposes or for random audits of your WSUS clients, to make sure that you are not having GPO inheritance, blocking, or conflict problems. To remotely query your WSUS computer's registry, you need the reg.exe command-line utility, which is part of the Windows Server 2003 and Windows XP source codeof. It is also part of the Windows 2000 Resource Kit Supplement 1 for Windows 2000 machines. The version included in Windows Server 2003 and XP can be used on Windows 2000 machines. The following code quickly enumerates the values of the registry key and its AU subkey and values. From a command prompt window, type the following (note that WSUSClient is the Network Basic Input Output System (NetBIOS) name of your WSUS client host). View the wsusaudit.log on the c...
Next, open the registry editor.Type regedit in the Run window. Figure 8.16 WSUS Registry Keys Figure 8.16 WSUS Registry Keys 7. Close the registry editor. Importing a Registry Key If walking around to each client sounds painful, you can always export the appropriate keys from a sample system and import them into the rest of your clients. You could try e-mailing the key, but most e-mail clients strip registry keys. Alternatively, you could write a simple batch file for importing.
Right-click Registry and choose Add Key from the context menu. You will see the Select Registry Key dialog box shown in Figure 7.29. Figure 7.29 The Select Registry Key Dialog Box Figure 7.29 The Select Registry Key Dialog Box 4. The Database Security dialog box, seen in Figure 7.30, opens. Use this window to choose the permissions that will be assigned to the secured Registry key. After customizing the permissions, click OK.
The vast majority of Registry items correspond to some setting in the Control Panel, Active Directory Users and Computers, or some other MMC snap-in. For example, you just saw where we could change the RegisteredOrganization directly via the Registry Editor. I only picked that example, however, because it was fairly illustrative and simple to understand. In general, don't use the Registry Editor to modify a value that can be modified in some other way. For example, suppose I choose to set a background color on my screen to medium gray. That color is represented as a triplet of numbers 128 128 128. How did I know what those color values meant Because they're the same as Windows 3.x color values. Color values in Windows are expressed as number triplets. Each number is an integer from 0 to 255. If I input a value greater than 255, the Registry Editor would neither know nor care that I was punching in an illegal color value. Now, in the case of colors, that probably wouldn't crash the...
Click Start Run and then type regedt32 in the Open text box. Click OK to launch the Registry Editor. 2. Click File on the Registry Editor menu. Notice there is no Save or Save As function. This is because any changes you make in the various dialogs are applied immediately. Exiting closes the Registry Editor with whatever settings currently exist. There is no way to exit without saving changes. This is why it's critical to save the Registry before working on it, and use care when working in it. 3. In the Registry Editor, the left pane displays the nodes and the right pane displays any nodes or keys beneath the one selected on the left. Depending on the state of your Registry tree, you might only see one node, My Computer. If so, click the + to the left of My Computer to expand the tree. In most cases, you'll see My Computer listed with five nodes beneath it Figure 9.11 Modifying Default Permissions on Registry Key Click File on the Registry Editor menu, and select Exit to close the...
So how can you prevent these types of problems One method is to strictly enforce the types of actions that users can perform. Because most settings for the Windows Server 2003 interface can be configured in the Registry, you could edit the appropriate settings using the RegEdit command. However, this process can become quite tedious. Furthermore, manually modifying the Registry is a dangerous process and one that is bound to cause problems due to human error. In order to make the creation and application of security settings easier, Microsoft has included the Security Configuration And Analysis tool with Windows Server 2003. These template files offer a user-friendly way of configuring common settings for Windows Server 2003 operating systems. For example, instead of searching through the Registry (which is largely undocumented) for specific keys, a systems administrator can choose from a list of common options. The template file provides a description of the settings, along with...
It is importann lo nore that a useful third-party tool is available to resolve some of the typical application installation problnms with aoplination compatibility, DLL conflicts, and Windows registry conflicts. Softricity (www.softricity.com products ) offers a product called SoftGrid for Terminal Servers that Cramatically changes th eepplication installation and deployment approach. With the SoftGrid solution, applications are never installed on the Tetminal Servers. Instead, applications run inside Softricity's SystemGuard virtual onvironment, which protects the computer's operating system from any alterations and enablas the application to run intact
APIPA might be problematic in larger networks because it forces clients to assign themselves addresses in a range that is normally not part of a local company subnet. If a DHCP server is down, clients that are attempting to renew a lease with the server will fail and automatically assign themselves an APIPA address. When the server comes back online, they will not immediately re-register themselves and will effectively be cut off from the network. Subsequently, Microsoft supplies a Registry key that will disable APIPA in this situation. The key to be created is
After using Regedt32 to edit the registry of your Windows 2000 Server to insert a new value, and remove an unused key, your computer stops responding before the logon screen appears after you reboot. What should you do to return the computer to its previous configuration
You can turn debugging on or off at run time, and specify the output of the trace, by setting values for registry keys in the following location HKEY_LOCAL_MACHINE You can turn debugging on or off at run time, and specify the output of the trace, by setting values for registry keys in the following location HKEY_LOCAL_MACHINE The following table shows the debugging registry keys available to help you locate errors and bugs.
Microsoft recommends that you do not use .adm files from Windows NT 4.0 on Windows 2000 clients because the registry keys may not match, so the effect will not be what you expect. It is also possible that if the registry keys do match, it may lead to registry settings that are persistent. Another item to note is that the .adm files that ship with Windows 2000 have more options available than was present in the Windows NT 4.0 .adm files.
A good security step to take to prevent hackers and others from making unauthorized changes to a system's registry is to prevent remote access to a system's registry. When a user attempts to connect to a registry remotely, Windows Server 2003 checks the ACL for the following registry key
When you've enabled static routing via the registry key value, add the appropriate routes to your routing table through Routing and Remote Access administrative tool or via the route add command at the command prompt. For parameters used in the route add command, type route (there is a space between the word route and the question mark) at the command prompt (cmd) for a list of the available commands.
Well, cool except for the fact that to change these important Registry entries on a bunch of machines, it seems like you'd have to walk around the building, sit down at each computer, and run REGEDT32 or REGEDIT to modify its Registry. Don't worry there's The system policy files are created for Windows NT and Windows 95 98 with programs named System Policy Editor. I say programs, plural, because there is a version for Windows NT and a version for Windows 95 98. Actually, Windows 2000 includes one, as well. All of the System Policy Editors are actually user-configurable Registry Editors. But unlike REGEDT32 and REGEDIT, they do not show all of the Registry You essentially program them to work with the small subset of Registry entries that you care about, using files called templates. Fortunately, you don't typically need to do any of that programming because Microsoft includes some prebuilt templates that will serve most people's needs.
Whether you are upgrading servers or simply migrating the DHCP service to another computer for performance reasons, moving the DHCP database is relatively easy. On the source server, open the DHCP console and back up the DHCP database to a location accessible by the target server. Stop the DHCP service on the source server and, if needed, export the DHCP registry key to a file, as explained in the preceding section.
Just as you sometimes must import or export Registry data, you'll sometimes need to work with individual hive files. The most common reason for doing this, as discussed previously, is when you must modify a user's profile to correct an issue that prevents the user from accessing or using a system. Here, you would load the user's Ntuser.dat file into Registry Editor and then make the necessary changes. Another reason for doing this would be to change a particular part of the Registry on a remote system. For example, if you needed to repair an area of the Registry, you could load the related hive file into the Registry of another machine and then repair the problem on the remote machine. After you select either HKEY_LOCAL_MACHINE or HKEY_USERS in Registry Editor, you can load a hive for the current machine or another machine by selecting Load Hive on the File menu. Registry Editor then prompts you for the location and name of the previously saved hive file. Select the file, and then...
By using Registry Editor, it is fairly easy to import and export Registry data. This includes the entire Registry, branches of data stemming from a particular root key, and individual subkeys and the values they contain. When you export data, you create a .reg file that contains the designated Registry data. This Registry file is a script that can then be loaded back into the Registry of this or any other computer by importing it. Note Because the Registry script is written as standard text, you could view it and, if necessary, modify it in any standard text editor as well. Be aware, however, that double-clicking the .reg file launches Registry Editor, which prompts you as to whether you want to import the data into the Registry. If you are concerned about this, save the data to a file with the .hiv extension because double-clicking files with this extension won't start Registry Editor. Files with the .hiv extension must be manually imported (or you could simply change the file...
Rooslan should create a security template and add the registry key MACHINE. In the Database Security dialog box, he should change the security setting of the USERS group to Full Control Allow. He should then select the permissions to Propagate Inheritable Permissions To All Subkeys. He should save the security template as TST-DEV. He should create a GPO and import the security template. He should then apply the GPO to the EASTDEV OU. B. Rooslan should create a security template and add the registry key MACHINE. In the Database Security dialog box, he should change the security setting of the USERS group to Full Control Allow. He should then select the permissions to Propagate Inheritable Permissions To All Subkeys. He should save the security template as TST-DEV. He should create a GPO and import the security template. He should then apply the GPO to the Domain that hosts the EASTDEV OU. C. Rooslan should create a security template and add the registry key MACHINE. He should add...
Well let's use the old fashioned way. We can change the background color to (for instance) red. Type regedit in the console, browse to the key HKEY_CURRENT_ USER Control Panel Colors Background , and change the value to 255 0 0. Don't forget to log off and log on again so your Registry changes are applied. The default background is now changed to red. If you want to disable the screensaver, again type regedit at the command prompt and go to HKEY_CURRENT_USER Control Panel Desktop ScreenSaveActive. Then, change the value from 1 to 0. But maybe you want to do the opposite and add a screensaver with a warning text that says Don't touch my Web server The Web servers are still your companies' core business, right The screensaver we're taking about is called Marquee and the screensaver file is not available on Server Core by default, so we have to copy it. Locate the file ssmarque.scr (c windows system32 ) on an XP machine and copy it to the same location on a Server Core machine. On the...
He needs to run regedit on the member server running Windows Server 2003. He then needs to set the value of the HKEY_LOCAL_MACHINE System CurrentCon DWORD to 0. He should then restart the IPSec service. E. He needs to run regedit on the member server running Windows Server 2003. He then needs to set the value of the HKEY_LOCAL_MACHINE System CurrentCon DWORD to 1. He should then restart the IPSec service.
Warning This section refers to modifying the Windows registry file. Using Registry Editor incorrectly can cause serious problems that may make the system unstable or unusable and that may require you to reinstall the Windows operating system. There is no guarantee that problems resulting from the incorrect modification of the Registry file can be solved. Edit or modify the Registry at your own risk and do not do this on a live server unless you know exactly what you're doing and have a backup of the Registry. Always make a backup of the Windows Registry file before you modify any settings. You can back up the entire Registry or a single portion of the Registry using REGEDIT. For more information on backing up and restoring the Registry file, visit http support.microsoft.com kb 136393. As mentioned previously, support for the Message Digest (MD5) hash has been discontinued in L2TP IPsec. Now, Windows Server 2008 supports only 3DES encryption and the Secure Hash Algorithm-1 (SHA1)...
You use the Registry node to configure both access control entries and auditing values for specific Registry keys. To modify the Registry settings, first select the Registry node in the left pane. Some templates may not display anything in the right pane, but those that can modify the Registry entries will display a list of Registry settings in the right pane. The hisecdc template does not show the registry settings (see Figure 1.12). Use the compatws template, for example, to show the registry settings. In the left pane, right-click Registry and then select Add Key and browse the registry to the section you would like to select. Click OK. Verify that the security settings are appropriate and click OK again. In the Add Object window, you can configure the settings for the new permissions for that Registry key (see Figure 1.13). From here, you can configure the key and then do the following File system permissions work exactly the same way as described for the Registry permission...
Regedit provides the capability to load and unload individual hives, which is useful for managing individual hives from another system or managing user registries. For example, you might use Regedit to edit the hive of a system that won't boot, repairing the damage so you can replace the hive on the target system and get it running again. You also can load a user's copy of Ntuser.dat to modify the user's registry settings. To load a hive, open Regedit and choose File O Load Hive. Regedit prompts you for the location and name of the previously saved hive. Select the file and click Open. Specify a name for the key under which the hive will reside and click OK. To unload a hive, select File O Unload Hive.
Registration files work by merging the contents of the .reg file with the registry, via Regedit.exe. There are three ways to send the contents of the file to the registry Enter Regedit filename.reg at the command line. Choose File Import from the Regedit menu bar. If you want to run .reg files from the command line in quiet mode, or write batch files that merge.reg files without user intervention, use the Regedit command with the following syntax Regedit s filename.reg.
|WiseFixer Registry Cleaner|
|RegistryMum Registry Cleaner||www.maxutilities.net|
|Regserve Registry Cleaner||ww1.regserve.com|
|Reginout System Utilities|
|RegGenie Fix Errors And Speed Up PC|
Where To Download PC Repair Tools
PC Repair Tools will be instantly available for you to download right after your purchase. No shipping fees, no delays, no waiting to get started.