Advanced Registry Cleaner PC Diagnosis and Repair

PC Repair Tools

Layer Solutions is an amazing team that created PC Repair Tools. Their exclusive optimizers built into PC Repair Tools are sure to make your system run faster, smoother, and better than ever. PC Repair Tools 2018 is Microsoft Certified for Windows 10 and also actively supports Windows 8, 7, Vista, & XP (32 and 64bit). It is designed to repair and optimize all versions of Windows, no other product on the market has ever come close to the capability of their PC Repair Tools. If your computer doesn't feel as fast as it used to, its because software causes your system to be bloated with junk. PC Repair Tools specializes in removing this junk and debloating your system. ThePC Repair Tools 2018 speed up Windows thereby saving you time, targets specific errors in Windows and gives you freedom from Frustration. Continue reading...

PC Repair Tools Summary

Rating:

4.6 stars out of 11 votes

Contents: Software
Official Website: www.pcrepairtools.net
Price: $29.95

Access Now

PC Repair Tools Review

Highly Recommended

Some users might complain that the default interface is more complicated than it needs to be. If you just panicked grab a quick drink and relax because this baby has a full customizable interface.

However, PC Repair Tools is a fairly good program considering the standard and depth of the material it provides. In addition to being effective and its great ease of use, this software makes worth every penny of its price.

Read full review...

Using the Registry Editor

The Registry is a database that the operating system uses to store configuration information, including hardware configuration. The Registry Editor program is used to edit the Registry. Normally, when you make changes to your configuration, you use other utilities, such as Control Panel. This utility is designed for advanced configuration of the system. Only experienced administrators should use the Registry Editor. It should only be used to make configuration changes that cannot be made through more conventional means. For example, you might edit the Registry to specify an alternate location for a print spool folder. Improper changes to the Registry can cause the computer to fail to boot. You should use the Registry Editor with extreme caution. Previous versions of Windows shipped with two versions of the Registry Editor, but Windows Server 2003 only ships with a single version, Regedit. To start the Registry Editor, Select Start > Run, and type regedit in the Run dialog box. You...

Applying permissions to registry keys

Another way to protect the registry or portions thereof is to apply permissions on individual keys to restrict access to those keys. In this way, you can allow certain users or groups access to certain parts of the registry and deny access to others. However, use this capability sparingly. Changing the Access Control List (ACL) for a registry key incorrectly could prevent the system from booting. Either avoid configuring the ACL for pre-existing keys and change only those keys you create yourself or be very careful with the changes you make. In Regedit, select the key or subkey on which you want to set permissions. Choose Edit O Permissions to access the Permissions dialog box (see Figure 22-4). Add and remove users and groups as needed, and then set permissions for each. For more information about setting permissions, see Chapter 27. Figure 22-4 Use the Permissions dialog box to configure access permissions on registry keys.

Controlling the Backend with the Windows Registry

Because much of this chapter has been devoted to customizations related to installing the Windows Server 2003 operating system, it seems appropriate to end with a discussion of that component through which Windows operating systems can be customized to the greatest degree. That component is of course the Registry. The Windows Registry has been around since Windows 95. It is the database containing hardware, operating system, policy, file association, application, and user configuration.

The Registry Editor

Windows Server 2003 provides one Registry Editor (Regedit), regedit.exe, for viewing and modifying the registry. Windows 2000 and previous versions of Windows NT included an additional Registry Editor, regedt32.exe, which provided a few features that Regedit lacked. These features have been merged (finally ) into a single editor. Regedit enables you to connect to, view, and modify a registry on a remote computer. Before you go tromping through the registry, however, keep two things in mind You need a good backup copy of the registry, and you need to be careful with changes you make because you could introduce changes that might prevent the system from booting. That's why a backup copy is so important. In addition, before you start playing with the Registry Editor, keep in mind that most changes, whether for the system, user, service, application, or other object, should be made with the administration tools for that object. Only use the Registry Editor to make changes not

Regeditexe

The only registry editor in Windows Server 2003 is Regedit.exe regedt32 is gone. (If you open Start Run and enter regedt32, Regedit.exe opens). Most of us who work in the registry frequently have always preferred the interface of Regedit.exe, and only used regedt32 to set security settings. Now, the security settings are available in Regedit.exe, so we won't miss regedt32. Prevent Regedit from Displaying the Last Accessed Key One thing I dislike about Regedit in Windows Server 2003 (and in Windows 2000) is the fact that when you open the editor, it displays the last key you accessed. Sometimes that's a key way down the tree, and it's a lot of work to scroll, unexpand, and otherwise wend your way through the left pane in order to get to the key you want to use this time. To change the behavior, you have to perform two steps 1. Go to Applets Regedit. 4. Right-click the Regedit key in the left pane again, and choose Permissions from the shortcut menu. 8. Select that new Deny < your...

Registry Keys

In Figure 3.1, you saw the Registry Editor display five cascaded windows, one for each subtree. HKEY_LOCAL_MACHINE was on top you can see the other four subtrees' windows too. HKEY_CURRENT_USER's window has a right and left pane. The pane on the left looks kind of like a screen from the Explorer or the old Windows 3.1 File Manager.

Regedit

Note the blank line between REGEDIT4 and HKEY you need that. Now open up a command line and tell REGEDIT to apply this change by typing regedit s cdfix.reg the s means be Silent, Regedit and so you won't get a message. But reboot your NT machine and you'll find that AutoRun is now disabled. Notice how what I could call the REGEDIT command language works the first line is REGEDIT4, then a blank line, then you indicate what key you want to work with, in brackets, and then the value entry. And that line starting with HKEY_LOCAL_MACHINE is just one line when typed, no matter how long. You can put a whole bunch of changes into a single file, or create different .reg files and apply them sequentially. As with msiexec.exe, be sure to put regedit.exe in the OEM folder, or this won't work. And you may be wondering, how did I figure out how to create a file in REGEDIT format Simple. I just highlighted a key that I wanted to apply and then exported it. The exported file turned out to be a simple...

Supporting Legacy Clients

Environment (workgroup or NT 4.0 domain), there are several ways to configure registry keys for the SUS client settings. The most common ways to set the registry keys in a non-Active Directory environment are Manually editing the registry using regedit.exe Centrally deploying these registry key changes using Windows NT 4.0 System Policy 1. Open the Registry Editor. Click Start Run and type regedit.exe. Press OK. After the Critical Update software has been upgraded, it is time to configure the software. Let's take a look at one of the methods used to update the registry on older client systems.To modify the Registry with regedit.exe, add the following settings to the Registry at this location HKEY_LOCAL_MACHINE Software Policies Microsoft Windows WindowsUpdate AU

Change Ownership of a

The owner of a registry key can specify the users and groups that can manipulate that key, which gives an individual complete power. Taking ownership of a registry key is not a common task, and should only be performed by an administrator who is having a problem gaining access to the key (usually as a result of previously changing ACLs inappropriately). By default, for Windows Server 2003 computers, ownership is set as follows

Exam Objectives Fast Track

0 Registry Policy sets permissions on Registry keys. folder, printer, or registry key that has its own SACL configured. To configure auditing for object access, the network administrator also needs to configure auditing specifically on each object they want to perform auditing on.

Click OK when youre finished Using a Command Line Interface

To configure this setting via the command line, you first need to create a .reg file containing the Registry key described in the next section, and then use Regedit to import the file into your local Registry. You can use a shell script to automate the process of creating the Registry key as follows echo Windows Registry Editor Version 5.00 > TFILE echo > > TFILE regedit s TFILE

From the Client Computer

The client's version is stored in the following registry key On the Advanced Client, this client's version registry key value is set to 99.9.9999.9999. This value ensures that the Advanced Client software is never overwritten by the Legacy Client software. To determine the client's software version, you can check WMI. The client's software version is stored in the ClientVersion property of the SMS_Client class in the root CCM namespace.

Optimizing Server Processing Power

Windows NT Server 4 and NT Workstation had several obvious differences, but one of the major differences wasn't obvious. The core files required to run NT Server and NT Workstation were and are the same, but at boot time the OS looks in the Registry key Run REGEDT32 and look in that key on a Win2K system, and, among other information, you'll see a value for Product Type. That value was (and is this hasn't changed) WinNT for Windows NT Workstation Win2K Professional computers, LanmanNT for domain controllers, and ServerNT for server computers.

Controlling Remote Registry Access

Hackers and unauthorized users can attempt to access a system's Registry remotely just like you do. If you want to be sure they are kept out of the Registry, you can prevent remote Registry access. Remote access to a system's Registry is controlled by the Registry key If you want to limit remote access to the Registry, you can start by changing the permissions on this key.

Using a Command Line Interface

The following command will disable a particular network adapter in a Windows Server 2003 computer. This command uses the devcon.exe utility, which you can download from the Microsoft website from KB 311272. Devcon.exe requires the value of the PnpInstanceID REG_SZ key found in the GlffD> Connection Registry key referenced in Recipe 1-21.

Auditing Object Access

In Windows Server 2003, objects include Registry keys, printers, computers, files and folders. Each object has a security information object, which is called the security descriptor, attached to it. The security descriptor contains information about the groups or users that can access an object, and the types of access, i.e., the permissions, granted to those groups or users. This part of the security descriptor is called the Discretionary Access Control List (DACL). In other words, the DACL is the part of the security descriptor that grants or denies access to the object to groups or users.

Lesson Understanding Authorization

Authorization is the process of determining whether an authenticated user is allowed to perform a requested action. Each time you open a file, Windows Server 2003 verifies that you are authorized to open that file. Each time you print, Windows Server 2003 verifies that you have Print permissions to that printer. In fact, Windows Server 2003 verifies your authorization to access just about every object you can imagine files and folders, shared folders, printers, services, Active Directory directory service objects, Terminal Services connections, Windows Management Interface objects, and registry keys and values.

Creating a Userdefined Data Collector

In the next screen, you are asked which template you would like to use. Because ours is called AD DS Set, we obviously want to select Active Directory Diagnostics, so we'll select that and click Next. The Active Directory Diagnostics will collect data on this local server that includes Registry keys, performance counters, and trace events that are helpful in troubleshooting Active Directory Domain Services performance issues.

Securing Application Servers

Tip In addition to file system permissions, you can also use a GPO to configure registry permissions on a computer running Windows Server 2003. Browse to the Registry container and, from the Action menu, choose Add Key. The process resembles configuring file system permissions, except that you select a registry key instead of a file or folder.

Permission Compatibility

In Win2K, you were prompted to select a compatibility mode when installing Terminal Services. The options were Permissions compatible with Windows 2000 Users and Permissions compatible with Terminal Server 4.0 users. In line with Microsoft's new focus on security, WS2K3 defaults to Full Security mode. This mode is similar to the Win2K Users mode. Under WS2K3 Full Security mode, non-administrators cannot modify the HKEY_LOCAL_MACHINE registry key nor write files to anywhere on the server's hard drive other than their profile directory.

Microsoft Baseline Security Analyzer Graphical Interface

MBSA can determine which critical security updates are applied to a system by referring to an XML file that is continuously updated by Microsoft. The XML file contains information about which security updates are available for particular Microsoft products. This file contains security bulletin names and titles, and detailed data about product-specific security updates, including the files in each update package and their versions and checksums, registry keys that were applied by the update installation package, information about which updates supersede others, related Microsoft Knowledge Base article numbers, and much more.

Control Strategy for the Registry

While permissions can be modified for the Registry using the Registry Editor (by using the regedt32.exe command at Start Run), it makes sense in a larger organization to apply security to the Registry via group policy. Although this topic has been touched on earlier in this book, let's look again at the tools you have at your disposal for securing the Registry across the enterprise. We'll review the use of regedt32.exe and then we'll look at group policy. When you launch the Registry Editor, you can view or modify any Registry keys to which you have access. As you're well aware, modifications to the Registry can cause a system to crash and can make recovery difficult and time consuming unless you've recently backed up the Registry. Use care when viewing or modifying the Registry and, if in doubt, always export a current copy of the Registry or make sure your Automated System Recovery (ASR) disk is up to date before making any changes. Exercise 9.03 steps through viewing Registry...

Restore Active Directory Services

You discovered some traces of a potentially harmful virus on one of the domain controllers. You launch antivirus software, and it reports successful cleanup, but you still observe some Registry keys that belong to the virus code. Which system state restore method is the most appropriate in this situation

What Are Group Policies

Security Policies These policies provide many different ways of securing the computing environment, ranging from restricting access to files, folders, and Registry keys to controlling system services and applications running on computers, limiting certain privileges to selected users or groups, and determining domainwide password settings.

Unseen administrative shares

Each time Windows 2003 boots, a hidden administrative share is created for every drive. These shares are backup paths for the system just in case direct access to system files is somehow interrupted. In other words, it's a redundancy you don't need The administrative shares are disabled by adding AutoShareServer to the following Registry key

Changes since Windows

Earlier versions of IIS have been popular security targets, and vulnerabilities in IIS have caused many Windows computers to be compromised. In order to reduce the Web infrastructure attack surface, IIS 6.0 is not installed by default on Windows Server 2003. You must explicitly select and install IIS 6.0 on all members of the Windows Server 2003 family, except for Windows Server 2003, Web Edition. This means that now it does not need to be uninstalled after Windows has been installed. IIS 6.0 will also be disabled when a server is being upgraded to Windows Server 2003, unless the IIS 5.0 Lockdown Tool has been installed prior to upgrade, or unless a registry key has been configured. If IIS isn't being used, you should explicitly disable it by using Group Policy settings.

Leveraging Standalone EFS

Build machines using sysprep and custom scripts to configure a central recovery agent. This can be achieved via a run-once Registry key that removes the existing local DRA and inserts a centralized DRA. This change must be performed after the sysprep mini-setup that generates the default DRA. The preferred practice is to use a Microsoft CA to issue a DRA certificate for the central recovery agent.

Monitoring Compliance to a Security Template

Tip You should add most template settings using the Security Templates snap-in. The template file is a text file, but the required syntax might be confusing, and using the snap-in ensures that settings are changed using the proper syntax. However, the exception to this rule is adding Registry settings that are not already listed in the Security Option portion of the template. As new security settings become known, if they can be configured using a Registry key, you can add them to a security template. To do so, you add them to the Registry Values section of the template. The article How to Add Custom Registry Settings to Security Configuration Editor helps you understand how to perform this task. You can find it at

Application Setup Progress

At the end of a given installation, the client is queried for a successful installation of the application. In the event of an installation failure, the application should roll back completely so that the client remains in a state equal to its state before the application was installed. This will depend on the individual applications, which may be limited by the installer technology of the client application. Even if the application fails, the registry key above is incremented. The success and failure to install each application is reported in the Completing the Client Setup Wizard page. The installation order is as follows

Answers to Review Questions

Because the Windows 98 workstations are in a child OU, you need to block policy inheritance and then assign the correct Registry keys to the Windows 98 workstations via a Windows 98 Group Policy. All other answers are actions that you would need to take in order to implement IPSec in your environment.

Creating Registry Entries for Applications

Some applications save configuration information in the Windows registry. If the setup program or provisioning script creates the registry entries, run the setup program or provisioning script on the target server. Otherwise, you must manually identify the registry entries and then re-create them on the target server. Caution Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing 2. Back up the registry entries on the source server that you identified in the previous step by using the registry editor Regedit.exe.

Managing the Active Directory Schema

The schema is to the Active Directory what the Registry is to the Windows operating system. The schema is a database of definitions for all object types within the directory structure, which determines how all Active Directory objects can and are configured. Just as care is extended to managing and modifying the Windows Registry, extreme care should be extended to the administration of the schema. Changes to the schema affect the entire Active Directory environment. As such, the schema is not a database that should be modified casually. If modifications will be made, either for troubleshooting or development purposes, it is important to test these modifications in a test lab environment before implementing them in production.

Using Computer Imaging

If the logged-on users at the client computers that you deploy the Advanced Client to through software distribution have administrative credentials, you have the option of preconfiguring the client computers with specific Advanced Client options. These options are configurable through the Windows registry

Chapter ll Implementing Microsoft Windows Server

Best Practices for Successful Server Deployments Licensing and Activating Windows Server 2003 Automating Deployment with Remote Installation Service Using Sysprep for Servers to Maximize Consistency Customizing Setup Using Unattend and Setup Manager Creating Custom Bootable CDs for Rapid Deployment Optimizing Standard Server Configurations Customizing Servers with Setup Wizards Controlling the Back-end with the Windows Registry

Managing the Registry

Everyone who accesses a computer, whether in a workgroup or on a domain, at one time or another has worked with the Microsoft Windows Registry whether the person realizes it or not. Whenever you log on, your user preferences are read from the Registry. Whenever you make changes to the system configuration, install applications or hardware, or make other changes to the working environment, the changes are stored in the Registry. Whenever you uninstall hardware, applications, or system components, these changes are recorded in the Registry as well.

Preventing access to the registry

Perhaps the best way to protect the registry from unauthorized changes is to keep users out of it altogether. In the case of a server, keeping the server physically secure and granting only administrators the right to log on locally is the first step. For other systems, or where that isn't practical for a given server, you can secure the Registry Editor. Either remove the Registry Editor from the target system or configure the permissions on Regedit.exe to deny permission to execute for all except those who should have access. If you've removed the Registry Editor from a system and need to modify its registry, you can do so remotely from another computer that does contain a Registry Editor. See the section Securing remote registry access, later in this chapter if you want to prevent remote editing of the registry. Note Simply removing the Registry Editor from a server doesn't prevent registry changes. Someone

Configuring Your Own NT User Profile

The NTUSER.DAT file for the user currently logged in may be edited using a Registry editing tool such as REGEDT32.EXE or REGEDIT.EXE, although these tools are not particularly intuitive (an understatement if I have ever heard one). The System Policy Editor (POLEDIT.EXE, covered in the upcoming section on system policies) that comes with Windows NT Server and Win2K Server is more user-friendly and can be used to directly edit several selected settings in the local Registry. The System Policy Editor is a selective Registry editor and is easier to use, as it does not require any knowledge of Registry syntax or structure. While this application offers several options that are not available in the graphical interface, very little would be of interest to normal users setting up their own profiles, even assuming that they have access to the application (it's not included with NT Workstation). Even though the System Policy Editor can be used to edit the machine's local Registry, as shown in...

Configuring the Shortcut Menu

In this exercise, you will edit the Registry. It's good practice to back up the Registry before you start. Be careful and follow the steps exactly. There is no Undo function in the Registry Editor. 1. Choose Start > Run to open the Run dialog box. In the Open box, type regedit and press Enter to open the Registry Editor.

Preventing Access to the Registry Utilities

One of the best ways to protect the Registry from unauthorized access is to make it so users can't access the Registry in the first place. For a server, this means tightly controlling physical security and allowing only administrators the right to log on locally. For other systems or when it isn't practical to prevent users from logging on locally to a server, you can configure the permissions on Regedit.exe and Reg.exe so that they are more secure. You could also remove Registry Editor and the REG command from a system, but this can introduce other problems and make managing the system more difficult, especially if you also prevent remote access to the Registry. To modify permissions on Registry Editor, access the SystemRoot folder, right-click Regedit.exe, and then select Properties. In the Properties dialog box, select the Security tab, as shown in Figure 14-9. Add and remove users and groups as necessary, then set permissions as appropriate. Permissions work the same as with other...

The Registry Structure

The registry forms a hierarchical (tree) database with five primary branches called subtrees. A subtree can contain keys, which function as containers within the subtree for subkeys and values. Subkeys are sub-branches within a key. Values are the individual settings within a key or subkey. Perhaps the best way to understand the registry structure is to view it through the Registry Editor, as shown in Figure 22-1. (You'll find detailed information about the Registry Editor later in this chapter in the section The Registry Editor.) Q' Registry Editor

NT System Policy Editor to the Rescue

Instead of trying to hack everything out in REGEDT32.EXE, you can use the System Policy Editor to place restrictions directly on the profile. (I know we haven't covered the System Policy Editor yet, but we will soon forgive me for jumping the gun, but this won't take long.) Run the System Policy Editor (POLEDIT.EXE) while logged in as the template user SNEEZY. In this scenario, you will be using the Policy Editor as a user-friendly Registry Editor, instead of as a tool to impose system policies on your network.

Working with the Registry An Example

In any case, let's try something out, something relatively harmless. Let's change the name of the company that you gave Windows 2000 when you installed it. Recently my firm changed names from TechTeach International to MR& D. Suppose I'd already installed a bunch of Windows 2000 machines and filled in TechTeach International when prompted for an organization. Suppose also that I want to change that so the Help About dialog boxes say that I'm Mark Minasi of MR& D, but I don't feel like reinstalling. Fortunately, the Registry Editor lets me change company names without reinstalling 1. Open the Registry Editor. From the Start menu, choose Run. 2. In the command line, type REGEDT32 and press Enter.

Searching the Registry

One of the common tasks you'll want to perform in Registry Editor is to search for a particular key. You can search for keys, values, and data entries using the FIND command on the Edit menu (see the following screen). Type the text you want to find in the Find What box. You can search only for standard American Standard Code for Information Interchange (ASCII) text. So, if you're searching for data entries, Registry Editor will search only string values (REG_SZ, REG_EXPAND_SZ, and REG_MULTI_SZ) for the specified text. Use the Look At options to control where Registry Editor looks for the text you want to find. You can search on key names, value names, and text within data entries. If you want to match only whole strings instead of searching for text within longer strings, select Match Whole Strings Only. After you make your selections, click Find Next to begin the search. If Registry Editor finds a match before reaching the end of the Registry, it selects and displays the matching...

Configuring Authentication in a Windows NT Environment

Following the steps in Exercise 7.2 takes care of the NTLM version 2 concerns for Windows 95 and Windows 98 clients. However, that still leaves Windows NT 4 as a potential problem. If you have Service Pack 4 or later installed, you can use NTLM version 2. To disable LM authentication in Windows NT 4, you need to use the Registry Editor and configure the changes. You'll do so in Exercise 7.3.

Keeping People from Using the Registry Editing Tools

After restricting the Explorer, you don't want people using the Registry Editors to undo your work. You can do that by adding an entry in HKEY_CURRENT_USER Software for a particular user. The entry's name is DisableRegistryTools and, when set to 1, will keep the user from running either REGEDIT or REGEDT32. Be aware though, that this setting will not keep the user from running POLEDIT, the System Policy Editor that we'll be working with in a few pages. POLEDIT can modify the Registry, so either keep it off the approved list of programs (assuming you're using RestrictRun), or just make sure it's not residing anywhere that a user can easily get to.

Where the Registry Lives Hives

The Registry is mostly contained in a set of files called the hives. (Mostly because some of it is built automatically every time you boot up your system. For example, Windows 2000 doesn't know what devices are on a SCSI chain until you boot.) Hives are binary files, so there's no way to look at them without a special editor of some kind, like the Registry Editor. Hives are, however, an easy way to load or back up a sizable part of the Registry.

Step Add a New Element to the Web Element Database

Using the registry editor, create a new key in the Web Element Database called TabsNetworkSample. Note that this key should be a child of the WebElementDefinitions key, and not of the TabsNetwork key. (Within the Web Element Database, all Web Elements are peers of one another. The hierarchy manifested in the Web UI is created via the Container value of each key.

Refresh Intervals for Group Policy

In NT 4, it was possible to use the System Policy Editor to view and edit those Registry entries for the local machine (rather than creating or editing a policy, you chose to open the Registry). As such, the System Policy Editor served as a more user-friendly Registry editing tool than either REGEDIT.EXE or REGEDT32.EXE. Similarly, the Group Policy snap-in provides the ability to view local policy settings on a machine.

Moderating newsgroups

In the Administrator e-mail account field, specify the e-mail address to which nondelivery notices should be sent for newsgroup articles that can't be delivered to the designated moderator. To enable sending NDRs, create the DWORD value MailFromHeader in the registry. Use Regedit or Regedt32 to add the DWORD value HKEY_LOCAL_MACHINE and set the value to 1.

Set Audit Options in the Registry

After you've enabled auditing, you can specify the actions you want to audit. Open Regedit, right-click the parent key you want to use as the top of the auditing process (by default, auditing is inherited by subkeys), and choose Permissions from the shortcut menu. Click Advanced and move to the Auditing tab. Click Add to begin adding the users and groups you want to audit, using the following guidelines

Modifying the registry

You can use Regedit to perform all registry browsing and modification tasks. You can even back up the registry by exporting it to a registry script however, you should use Backup or a third-party backup utility that backs up other system data along with the registry. The following sections explain how to accomplish specific tasks in Regedit. You're most likely to modify the registry to change existing values, rather than create new ones or modify keys. To change the value of a registry entry, locate the value in the editor and then double-click the value. Regedit displays a dialog box (similar to the one shown in Figure 22-2) that varies according to the data type you're editing. Modify the data as needed, and then click OK. Figure 22-2 Regedit provides a dialog box tailored to the type of data value selected. Figure 22-2 Regedit provides a dialog box tailored to the type of data value selected. You can create a new value in an existing key. You might need to do this, for example, if...

Specify Alert Recipients

You must tell Windows Server 2003 the names of the recipients when an alert is transmitted, which you accomplish by changing the registry. Open Regedit and travel to the Parameters subkey. In the right pane, double-click the data item named AlertNames, and add the names of all the computers and users on the network that should see

Choosing a Backup Method for the Registry

You can make a backup of the entire Registry very easily at the command line. Simply type regedit e SaveFile, where SaveFile is the complete file path to the save location for the Registry data. Following this, you could save a copy of the Registry to C Backups Regdata.reg by typing regedit e c backups regdata.reg. You would then have a complete backup of the Registry.

Changing the Cluster Name

As you can see in the Registry (go to start Run type REGEDIT), your Recent Cluster List has the old DOTNET-CLUSTER as a second cluster when it isn't the second cluster. I don't recommend you try to remove it because there's no recommended Registry hack for it at this time.

Configuring Deployment

You can configure WDS to use a multicast transmission to deploy a single install image to multiple computers. As Figure 11-3 shows, you can configure an auto-cast, which begins the transmission immediately, or configure a scheduled-cast in which you specify settings such as the number of clients that must connect prior to beginning the transmission, a time and date for the transmission to begin, or both. You can configure a multicast deployment to throttle the bandwidth it uses by selecting a network profile on the Network Settings tab of the WDS server's properties. The available profiles are 10 Mbps, 100 Mbps, 1 Gbps, and Custom. You can also throttle bandwidth by modifying the HKLM System CurrentControlSet Services registry key and setting the value to the percent of available bandwidth that the server will use.

Classification by Purpose

Modify SIDs specified in the ACLs of files, shares, and registry keys. Grant access rights on objects to specified users and groups. (Include ShowAccs.exe, SIDWalk.exe, and SIDWalk.msc tools.) Display security descriptors for files, registry keys, or services. Change security information such as owner of an object, domain name, or SID

Terminal Services Compatibility Flags

When you install an application, Terminal Services creates a compatibility flag registry key, which Figure 3.15 shows, that instructs Terminal Services about which type of program the application is (MS-DOS, 16-bit, 32-bit). If you're installing a legacy application that will not run on Terminal Services, you can adjust this flag so that Terminal Services makes adjustments when the application is launched.

Summary of Exam Objectives

You can also use group policy objects to enable auditing. Auditing is used to track authorized and unauthorized resource access, usage, and change. Administrators can audit the success and or failure for a number of tracked events. Examples of what can be tracked include logons, changes to policy, use of privileges, directory service or file access, and so forth. Some objects such as the Active Directory directory service, the file system, Registry keys, and printers require two steps to enable auditing. Administrators must enable auditing in group policy and on the specific objects they want to track. You can configure these resources to track individual and group accounts, as well as specific actions such as changing permissions on or deleting the object. Most objects have a sizable number of possible auditing options. Unlike the other items in the previous list, some Active Directory objects already have auditing configured for them. Despite this convenience, administrators should...

Controlling WAN Communication

To do so you need to add the AvoidPdcOnWan value under the HKEY_LOCAL_MACHINE System registry key. If you set the value to 1, the domain controller will ignore sending password updates as a critical update when the PDC Emulator is located in another site. A setting of 0 restores normal operation.

Application Compatibility Mechanisms

The SETPATHS.CMD subscript checks to make sure that the registry keys for the user's application environment are in place. The registry keys for the current user variables can be found in the The next section of the script is designed to create a ROOTDRIVE. The concept of the ROOTDRIVE was created because most registry keys can't reference environment variables. For Joe uses an application that allows him to create personal templates for his documents, and there is a registry key that defines the path to store these template files. The registry can't reference environment variables, only absolute paths, so we cannot use HOMEPATH resolves to WTSRV Profiles Jane.Doe. Once again, we can't use variables in the registry key, so we don't have an easy way to reference Jane's profile directory.

Logging Replication Events

registry key equal to 3 or 4 (the difference between the cases will be discussed later). This will help you to see all replication requests, the sequence of replicated directory partitions, and the result of the requests. (Two domain controllers from the same domain NETDC3 and NETDC4 are used in the following examples.) The following two events are logged after each directory partition has been successfully replicated (NETDC4 asks NETDC3 for the changes)

Using the Registry to Manage Shutdown Event Tracker

We prefer to use the registry to configure Shutdown Event Tracker in many cases (in comparison to the local Group Policy settings). The local Group Policy can dictate the shutdown policy for the domain. This is not feasible for a single machine configuration. Another reason is the lack of terminal server access to local Group Policy settings. You can use the Registry Editor to edit the remote computer's registry in this case. 1. Open the Registry Editor. (Click Start Run and type regedit.) Figure 9.36 Editing the Registry Key for Shutdown Event Tracker Figure 9.36 Editing the Registry Key for Shutdown Event Tracker 5. Click OK and close the Registry Editor. Restart the computer to apply the changes.

Last Known Good Configuration

If the system is unable to start up correctly after you have installed a new device or made a configuration change, this option should be the first tool you use. It will restore the registry key to a copy of the one that was used during the last successful system startup. Note that this tool does not solve any issues with corrupt or missing driver files. To access this tool, perform the following steps

Load Zone Data On Startup

When you select the From Registry option for the Load Zone Data On Startup setting, the DNS server is initialized by reading parameters stored in the Windows Registry. When you select the From File option, the DNS server is initialized by reading parameters stored in a boot file, such as those used by BIND servers.

Setting Registry Access Permissions via Group Policy

For this exercise, let's assume you want to limit the ability to run the Regedt32 command. Click Registry, and then on the menu, click Action Add Key. The dialog, Select Registry Key, is displayed as shown in Figure 9.16. 12. In the Select Registry Key, three keys are visible CLASSES_ROOT, MACHINE, and USERS. Click the + to the left of USERS to expand the tree. Select Registry Key Select Registry Key Expand the Software node, click the + to the left of the Microsoft node, and scroll down until you locate RegEdt32. Click RegEdt32 to select it and then click OK. The Database Security for Figure 9.18 View or Modify Permissions for Registry Key Figure 9.21 Modifying Permissions for the RegEdt32 Registry Key Figure 9.21 Modifying Permissions for the RegEdt32 Registry Key 23. In the MMC, you now have an object listed in the right pane, which should reflect the Registry key we just added USER DEFAULT Software Microsoft RegEdt32, as shown in Figure 9.22. Figure 9.22 Default Domain Policy...

Configuration for the SUS Clients

The easiest way to configure the client to use Automatic Updates is through Control Panel > System, Automatic Updates tab. However, you can also configure Automatic Updates through the Registry. The Registry is a database of all of your server's settings and can be accessed by clicking Start > Run and typing Regedit in the Run dialog box. Automatic Updates settings are defined through WindowsUpdate AU. TABLE 1.4 Registry Keys and Values for Automatic Updates TABLE 1.4 Registry Keys and Values for Automatic Updates Registry Key To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found at WindowsUpdate.

ADDatabase and Log File Free Space

For our script to locate these files, we must read some values from the registry of the domain controller. We can do this by using an instance of the RegistryClass class described in the previous section. We can find the location of the AD database and log files in the following registry key ' Registry keys pointing to the AD Database and log file locations.

Problem Making Your IPSec Policy Work

You can also increase the amount of information logged to the Security Event log by asking for per packet drop events. You perform this task by increasing the audit level to 7. You can either use Netsh or set the following Registry key to a value of 7 HKEY_LOCAL_MACHINE SYSTEM Regardless of the method you use, you must restart the computer for the changes to take effect.

Enabling Auditing of Object Access

Objects include Registry keys, printers, files, folders, and so forth. Every Windows object has a security information object attached to it. It is referred as the security descriptor of the object. The security descriptor contains permission and auditing information on the object. The security descriptor holds information about the groups and individual users that are authorized to manipulate the object, and defines what level of access each has to the object.This part of the security descriptor is referred to as Discretionary Access Control List (DACL).

Spoofing and Unauthorized Access

The wireless hacker does not need many complex tools to succeed in spoofing a MAC address. In many cases, these changes either are features of the wireless manufacturers or can be easily changed through a Windows Registry modification. Once a valid MAC address is identified, the attacker needs only to reconfigure his device to trick the AP into thinking he or she is a valid user.

Enabling Static Routing on a Multihomed Windows Server Computer

Click Start Run and type regedt32 in the Run dialog box. The 16-bit equivalent (for older Windows operating systems that use the registry) is the command is regedit. 2. The Registry Editor opens with the registry HKEYs displayed on the left and related values on the right. 11. Click the word Parameters under Tcpip. When you click on that registry key, a list of values is displayed in the right pane of the window, as seen in Figure 1.10. Figure 1.10 Using the Registry Editor Figure 1.10 Using the Registry Editor

Backing up and restoring the DHCP database

All of these methods back up the items mentioned previously, but do not back up authentication credentials, registry settings, or other global DHCP configuration information such as log settings and database location. Instead, you need to back up the registry key HKEY_LOCAL_ Tip The easiest way to back up the DHCP registry key is to export the key from the Registry Editor. Open the Registry Editor, select the key, and export it to the same backup location as the other DHCP backup files. To change the interval for synchronous backups from its default setting of 60 minutes, open the Registry Editor and open the key Services DHCPServer Parameters. Modify the value BackupInterval as desired. If the DHCP server suffers a failure, you can quickly restore the DHCP service by restoring the DHCP database. Bring the server back online and install the DHCP service. If you backed up the DHCP registry key, stop the DHCP service, import the key, and restart the service then, open the DHCP console....

Your instructor will demonstrate how to determine if EFS is being used on a computer

In your organization have implemented EFS. For example, if you have not implemented a formal data recovery policy but find that 80 of your users are implementing EFS, you might decide to implement recovery procedures. Although there is no way to determine if files are currently encrypted, there are registry keys that are present if EFS has ever been implemented. 2. Click Start, click Run, type regedit.exe and then press ENTER. 3. In the Registry Editor, navigate to the following path and look for the presence of the EFS key.

Backup and recovery plan

Before you attempt to make a backup, document the existing structure, including the resource registry keys that map to resources. We also suggest that you catalog your backups and create a repair disk for each node that you can use for restoring that node, if necessary. You should use the Backup tool to create emergency repair disks in case the system files become corrupted or damaged.

Changing the Regional Settings

You can change the regional settings by specifying the settings in an answer file during an unattended setup, or you can set it manually. If you run the command control intl. cpl, you will notice that Server Core is not completely GUI-less (see Figure 7.12). After typing the previous command, the Control Panel applet regional and language options will appear. Because of some dependencies on a few low-level GUI DLLs, it is not yet possible to use a complete command-line version of this applet. Of course, it's also possible to edit the Registry with regedit, but why should you use it if a GUI is available

Software Restriction Policies

A path rule identifies software by its file path. For example, if you have a computer that has a default security level of Disallowed, you can still grant unrestricted access to a specific folder for each user. You can create a path rule by using the file path and setting the security level of the path rule to Unrestricted. Some common paths for this type of rule are userprofile , windir , appdata , programfiles , and temp . You can also create registry path rules that use the registry key of the software as the path. Because these rules are specified by the path, if a software program is moved, the path rule no longer applies.

Configuring the SUS Clients

The easiest way to configure the client to use Automatic Updates is by choosing Control Panel > System and clicking the Automatic Updates tab. However, you can also configure Automatic Updates through the Registry. The Registry is a database of all of your server settings and can be accessed by choosing Start > Run and typing regedit in the Run dialog box. Automatic Updates settings are defined through Windows WindowsUpdate AU. TABLE 3.16 Registry Keys and Values for Automatic Updates TABLE 3.16 Registry Keys and Values for Automatic Updates Registry Key To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found at WindowsUpdate

Editing a remote registry

You can edit the registry of a remote computer, subject to your permissions and rights on the remote computer, as well as how the remote system is configured. To open the registry from another computer in Regedit, click File O Connect Network Registry and specify the computer name or browse for it. The registry for the remote computer appears as a separate branch in the tree pane. You can view and modify settings just as you would for the local computer, although the tree includes only the HCLM and HKU keys for the remote computer the others are not displayed. When you're finished, click File O Disconnect Network Registry, and the computer's registry disappears from the tree. You can connect to multiple remote systems concurrently, if needed.

How to Move the Active Directory Database and Log Files

Active Directory Database

You use the Ntdsutil command-line tool in Directory Services Restore Mode to move the database from one location to another location on a disk. If the path to the database files changes after you move the files, you must always use Ntdsutil to move the files, instead of simply copying them. This way, you ensure that the registry key is updated with the path to the new location, and Active Directory restarts from the new location. Note You can also move transaction log files to another location. The Move logs to < drive> < directory> command moves the transaction log files to the new directory that is specified by < drive> < directory> and updates the registry keys, which restarts the directory service from the new location.

Recovering from Device Disaster

Press F8 as the system restarts and select the Last Known Good Configuration. This option restores the registry key HKLM System CurrentControlSet to the state of the key at the last successful logon. This key contains most hardware configuration. Therefore, the effect of Last Known Good Configuration is similar to driver rollback, except that all configuration, not just the driver, is rolled back for all devices and services. The Last Known Good Configuration will not be useful if, following a device configuration change, you have logged on at least once because successful logon will mark the registry with the misconfiguration as the Last Known Good.

Configuring Dynamic DNS Registration Problem

To configure this setting via the command line, you first need to create a .reg file containing the Registry key in the following Using the Registry section, then use Regedit to import the file into your local Registry. A shell script to automate this process is as follows. This script takes the IP address of the interface you're trying to change as a command-line argument. It then grabs the GUID of the appropriate interface and sets the RegistrationEnabled Registry key programmatically echo Windows Registry Editor Version 5.00 > TFILE echo > > TFILE regedit s TFILE

Managing Computer Groups

Configuring WSUS settings via registry settings can be performed on an individual basis, via login scripts, or through NT 4.0 system policy.Table 9.3 lists the registry entries for the WSUS environment options. These entries can be found under the registry key Additional configuration of the Automatic Update agent can be also be made via registry settings that can be made on an individual basis, set by login scripts, or through NT 4.0 system policy.Table 9.4 lists the registry entries for the Automatic Update agent options. These entries can be found under the registry key

Auditing registry access

Enabling auditing of object access doesn't configure auditing for a particular object, but instead simply makes it possible (that is, turns on the capability to audit object access). You then need to configure auditing for each object you want to audit. In the case of the registry, this means you need to configure auditing for each key you want to track. To do so, open Regedit. Locate and select the key you want to configure and choose Edit O Permissions. Click Advanced, click the Auditing tab, click Add to select the user or group whose access you want to audit for the selected key, and click OK. Regedit displays the Auditing Entry dialog box, shown in Figure 22-5. Select Successful Failed as desired. Table 22-2 lists audit events you can configure for registry access.

Importing and exporting keys

Process does not perform any other tasks other than copying files to a set of folders and modifying the registry. Changes such as registering DLLs cannot be duplicated with a simple registry copy. Therefore, running the installation process on the target servers is, in many cases, the only way to install an application. Even so, migrating the registry keys could enable you to duplicate the configuration of an application after installation. With Regedit, you can save a key and its contents to a binary file that you can later load into a registry. To do so, select the key and choose File O Export, and then specify a filename. From the Save as Type drop-down list, choose Registry Hive Files. Click Save to save the file. You also can use Regedit to export a selected branch or export the entire registry to a registry script. There are other ways to back up the registry, so let's assume you want to export only a single branch (you use the same process either way). Locate and select the...

Local Machine Registry

Regardless of the front end, almost all software configurations ultimately end up manipulating the Windows registry for final client configuration commitments. That being said, you can edit the registry directly to configure your WSUS-specific client configuration needs. In situations where Group Policy is not available due to the lack of an active Directory domain and where configuring local policy becomes too tedious because of each logical machine visit, a few scripting techniques might help you roll out the needed registry keys. Table 7.4 and Table 7.5 outline each of the possible registry key combinations, their possible key partners (if necessary), the registry key data type, and the corresponding Group Policy and Local Policy. The tables are divided to show you each key separately, the first showing the WSUS client environment variables and the latter showing the AU client's own configuration options. Table 7.4 Windows Update Agent Environment Registry Keys Table 7.4 continued...

DHCP Database Backup and Restore Automation

The process of backing up all DHCP settings and restoring them onto the same (or a different) server has been streamlined in Windows Server 2003. No longer do you need to export Registry keys and manually move databases between servers to migrate DHCP because the Backup and Restore process can be accomplished directly from the MMC. The process for backing up and restoring a DHCP database is as follows

Configuring the WSUS Clients

Prescriptions

The easiest way to configure the client to use Automatic Updates is by choosing Control Panel > System and clicking the Automatic Updates tab. However, you can also configure Automatic Updates through the Registry. The Registry is a database of all of your server settings and can be accessed by choosing Start > Run and typing regedit in the Run dialog box. Automatic Updates settings are defined through WindowsUpdate AU. TABLE 3.16 Selected Registry Keys and Values for Automatic Updates TABLE 3.16 Selected Registry Keys and Values for Automatic Updates Registry Key To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found at WindowsUpdate

Real World Client Setup and Local Administrator

Http www.threatcode.com for some well known examples. But most programs, even those that don't work well from a simple local user account by default, can be made to work with some patience and careful investigation. The basic solution is to install the software as an administrator, then change to an account that is only a local user account, and try to run the software. Observe where it fails, and try to correct it. The correction may require change where the software writes its logs, or changing the permissions on a registry key, for example. The process isn't simple, but if you're patient you can usually resolve the problems. And the payback is a much more secure and safe computer.

Using Computer Groups

Setting up computer groups takes three steps. First, specify whether you intend to use server-side targeting, which involves manually adding each computer to its group by using WSUS, or client-side targeting, which involves automatically adding the clients by using either Group Policy or registry keys. Next, create the computer group on WSUS. Finally, move the computers into groups using whichever method you chose in the first step.

Using Client Side Targeting

By using client-side targeting, WSUS can figure out how to assign computers to different groups by looking at Group Policy or Registry keys on each machine to automatically collect computers into a group. Client-side targeting saves you the trouble of manually adding computers, moving them around in groups, and generally resorting to tedious administrative methods.

Overview of the Registry

The last file that Windows 3.1x used for system configuration was reg.dat. This was the Windows 3.1 Registration Database and is the direct predecessor of the registry. (It didn't take long for users to shorten the name Registration Database to registry.) This database, which contained nested structures from a single root (HKEY_CLASSES_ROOT), held the information needed to maintain file extension associations and Object Linking and Embedding (OLE) drag-and-drop support. Unlike .ini files, which are simple ASCII text files that you can edit in any text editor, the reg.dat file was a binary file and came with its own editing application, the Registration Information Editor (Regedit.exe). This first registry had some serious limitations, in the form of a single hierarchy and a size limit of 64KB for the reg.dat file.

Using the REG Command for a Quick Display of Client Setup

The quickest way to identify WSUS client settings is to create a simple script file that can be used to query the registry keys you are interested in, and pipe them to the console for quick review. This can be used for troubleshooting purposes or for random audits of your WSUS clients, to make sure that you are not having GPO inheritance, blocking, or conflict problems. To remotely query your WSUS computer's registry, you need the reg.exe command-line utility, which is part of the Windows Server 2003 and Windows XP source codeof. It is also part of the Windows 2000 Resource Kit Supplement 1 for Windows 2000 machines. The version included in Windows Server 2003 and XP can be used on Windows 2000 machines. The following code quickly enumerates the values of the registry key and its AU subkey and values. From a command prompt window, type the following (note that WSUSClient is the Network Basic Input Output System (NetBIOS) name of your WSUS client host). View the wsusaudit.log on the c...

Applying WSUS for Clients Manually

Windows Update Services Name

Next, open the registry editor.Type regedit in the Run window. Figure 8.16 WSUS Registry Keys Figure 8.16 WSUS Registry Keys 7. Close the registry editor. Importing a Registry Key If walking around to each client sounds painful, you can always export the appropriate keys from a sample system and import them into the rest of your clients. You could try e-mailing the key, but most e-mail clients strip registry keys. Alternatively, you could write a simple batch file for importing.

Configuring Registry Security

Right-click Registry and choose Add Key from the context menu. You will see the Select Registry Key dialog box shown in Figure 7.29. Figure 7.29 The Select Registry Key Dialog Box Figure 7.29 The Select Registry Key Dialog Box 4. The Database Security dialog box, seen in Figure 7.30, opens. Use this window to choose the permissions that will be assigned to the secured Registry key. After customizing the permissions, click OK.

Even More Cautions about Editing the Registry

The vast majority of Registry items correspond to some setting in the Control Panel, Active Directory Users and Computers, or some other MMC snap-in. For example, you just saw where we could change the RegisteredOrganization directly via the Registry Editor. I only picked that example, however, because it was fairly illustrative and simple to understand. In general, don't use the Registry Editor to modify a value that can be modified in some other way. For example, suppose I choose to set a background color on my screen to medium gray. That color is represented as a triplet of numbers 128 128 128. How did I know what those color values meant Because they're the same as Windows 3.x color values. Color values in Windows are expressed as number triplets. Each number is an integer from 0 to 255. If I input a value greater than 255, the Registry Editor would neither know nor care that I was punching in an illegal color value. Now, in the case of colors, that probably wouldn't crash the...

Viewing Registry Access Permissions

Click Start Run and then type regedt32 in the Open text box. Click OK to launch the Registry Editor. 2. Click File on the Registry Editor menu. Notice there is no Save or Save As function. This is because any changes you make in the various dialogs are applied immediately. Exiting closes the Registry Editor with whatever settings currently exist. There is no way to exit without saving changes. This is why it's critical to save the Registry before working on it, and use care when working in it. 3. In the Registry Editor, the left pane displays the nodes and the right pane displays any nodes or keys beneath the one selected on the left. Depending on the state of your Registry tree, you might only see one node, My Computer. If so, click the + to the left of My Computer to expand the tree. In most cases, you'll see My Computer listed with five nodes beneath it Figure 9.11 Modifying Default Permissions on Registry Key Click File on the Registry Editor menu, and select Exit to close the...

Using the Security Configuration And Analysis Utility

So how can you prevent these types of problems One method is to strictly enforce the types of actions that users can perform. Because most settings for the Windows Server 2003 interface can be configured in the Registry, you could edit the appropriate settings using the RegEdit command. However, this process can become quite tedious. Furthermore, manually modifying the Registry is a dangerous process and one that is bound to cause problems due to human error. In order to make the creation and application of security settings easier, Microsoft has included the Security Configuration And Analysis tool with Windows Server 2003. These template files offer a user-friendly way of configuring common settings for Windows Server 2003 operating systems. For example, instead of searching through the Registry (which is largely undocumented) for specific keys, a systems administrator can choose from a list of common options. The template file provides a description of the settings, along with...

Softricity Soft Grid for Terminal Servers

It is importann lo nore that a useful third-party tool is available to resolve some of the typical application installation problnms with aoplination compatibility, DLL conflicts, and Windows registry conflicts. Softricity (www.softricity.com products ) offers a product called SoftGrid for Terminal Servers that Cramatically changes th eepplication installation and deployment approach. With the SoftGrid solution, applications are never installed on the Tetminal Servers. Instead, applications run inside Softricity's SystemGuard virtual onvironment, which protects the computer's operating system from any alterations and enablas the application to run intact

Automatic Private IP Addressing APIPA

APIPA might be problematic in larger networks because it forces clients to assign themselves addresses in a range that is normally not part of a local company subnet. If a DHCP server is down, clients that are attempting to renew a lease with the server will fail and automatically assign themselves an APIPA address. When the server comes back online, they will not immediately re-register themselves and will effectively be cut off from the network. Subsequently, Microsoft supplies a Registry key that will disable APIPA in this situation. The key to be created is

Installing Configuring and Administering Windows Server Practice Questions

After using Regedt32 to edit the registry of your Windows 2000 Server to insert a new value, and remove an unused key, your computer stops responding before the logon screen appears after you reboot. What should you do to return the computer to its previous configuration

More Products

WiseFixer Registry Cleaner
RegistryMum Registry Cleaner
www.maxutilities.net
SmartPcfixer
Reginout System Utilities
RegGenie Fix Errors And Speed Up PC
Regserve Registry Cleaner

Where To Download PC Repair Tools

PC Repair Tools will be instantly available for you to download right after your purchase. No shipping fees, no delays, no waiting to get started.

Download Now