The Registry
Windows XP Registry Backup
The Registry is the central hierarchical database used by Windows for the storage of information needed to configure a system for one or more users, applications, and hardware devices to name ‘some’ of the things stored – the Registry is quite dense if you peruse it, you will see it keeps configuration information for just about everything on your PC. Applications for instance will write to the Registry upon installation. The Registry (a database) is stored on files on your local PC.
• User.dat – user specific information stored as profiles
• System.dat – system specific information stored as profiles
This is the Physical view of the Registry. Now we will look at the inside of these files. To do this, you need to use the Registry Editor tool. This is also known as Regedit.exe. To run this executable, you can to go to Start => Run => type Regedit => Hit enter.
You are now in the Registry Editor.
You have 6 keys in the Registry:
HKEY_LOCAL_MACHINE: system hardware profile
HKEY_CURRENT_CONFIG: current hardware profile used
HKEY_CLASSES_ROOT: file type associations (like *.doc)
HKEY_USERS: configuration information for all user profiles
HKEY_CURRENT_USER: configurations for the current user
HKEY_DYN_DATA: hardware device information kept in RAM
The files are opened by the Registry Editor (seen below) and allow you to granularly configure just about any setting in the Operating System all the way up to changing the wording on the Windows Desktop Start button. You can see that the keys somewhat resemble the structure of the files. You have keys like HKEY_LOCAL_MACHINE that hold hardware profile information while the HKEY_USERS holds user profiles information.
From the next graphic you can see that we are somewhere in the HKEY_LOCAL_MACHINE key.
The bottom of the Registry Editor Dialog Box shows your location within the Registry as you browse through it.
Before you learn how to backup your Registry let us first understand why. The Registry is a set of files that can be corrupted just like anything else. Its sure as heck gets cluttered, why not get corrupted too? It’s also very prone to adjustment errors and does not respond well to them at all. Making changes in the Registry without the proper wisdom or guidance from a good resource will surely cause damage every time. It’s because of this reason alone that you need to think about backing it up. The other reason to back it up (and the main reason for this article's existence) is to prepare you as Network and Systems Engineers to make adjustments to Windows Systems to change or enhance their use – but do it safely, without destroying your system in the process. I will be writing many future articles on tweaking Windows systems Registry settings for networking and security and want to ensure that the importance of the Registry is clear so that if any of these changes wreak havoc on your system, you can quickly use this guide to show you some things you may need to know to help get it restored.
Backup Your Registry
Many tools are used to back up your Registry. Some come with the Windows Operating System, others are third party software. Older operating systems like Windows 95 required a manual repair process (renaming files from *.dat to *.da0 and back again) if you wanted to restore an older version of the Registry. Windows automatically backed it up for you; you had to manually restore it. This was not fun. Now, we have System Restore which comes with Windows XP.
So now that we know a bit about the Registry and options for backup available, we need to cover how to back up XP’s Registry for our future tweaking. Hardening the TCP/IP Stack for Denial of Service Attacks (a future article’s story) will cover Registry tweaking such as this.
The Registry (as I said earlier) is the nervous system so If it’s damaged, it’s a good bet that Windows is going to start to experience critical errors and ruin your day for sure. With a solid backup in place, you don’t need to worry so much about making a mistake making changes. Its good to be careful, but at least you’re covered if you make a mistake. It’s so simple to backup the Registry; there is no way you can blow it!
• First, you should know that your Windows XP system *unless you disabled it* is covered under System Restore. Make sure you are logged on as the Administrator or at least have Administrative privileges to the XP system.
Start => all Programs => Accessories => System Tools => System Restore
• Walk through System Restore and make a backup.
• Next, remember that changes only take place once you reboot the system. When you do (after you make your Registry Hacks), that’s when you will see the fireworks… or should I say – the infamous BSOD?
• Exporting the Registry. You can export the registry in hives or you can export the whole thing. Either way, it all depends on the type of change you are making or if you think you will be able to recover from it or not enough to get it repaired. This is a quick way to backup the Registry but not perfect, System Restore is your best bet.
o Open the Registry Editor (Start => Run => Regedit).
o Go to File => Import or Export.
o If you Export, you can save this to a Registry file (*.reg)
• If you need to you can rename a key. If you were going to make a change to one key, make the duplicate key and rename it this way if you need to come back to the original setting, you have it there, if you just delete the key, you may have to reference another machine and if it’s an application specific setting, you may not be able to recover from it if you don’t have the install disks for it anymore. It happens.
• If these all fail or if you're planning on major surgery in your Registry, you should seriously consider using System Restore. This is the best option for XP only if XP will no longer boot. If that’s the case, then you will need to rely on the Automated System Recovery and Recovery Console.
Congratulations! Now you are ready to begin tweaking with your services.
Summary
Its good that the Registry backup process was covered, future articles will talk about cool networking and security tweaks and we need a way to get back to normal. Our next articles in this area will cover TCP/IP tweaks via the Registry – stay tuned.
No comments:
Post a Comment