a look under the hood chapter 8 the registry is a database that includes settings for: device...

A Look under the Hood

Chapter

8

The registry is a database that includes settings for: • Device drivers• Services• Installed applications• Operating system components,• User preferences

Avoid directly editing the registry, because you can cause severe damage. The Control Panel applets provide a safe way to edit the registry.

2

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.

Understanding the Registry

Automatic registry changes occur when: Created during Windows Setup and modified

Windows starts up or shuts down Changes are made with a Control Panel applet A new device is installed Changes to Windows configuration Changes are made to user desktop preferences An application is installed or modified Changes are made to preferences in any application

3



Viewing the Registry Structure View as a hierarchical structure Use REGEDIT.EXE or REGEDT32.EXE Navigation similar to disk folders root keys — five folders at the top subtrees — root keys and their contents subkey — key that exists within another key value entries — settings within a key

4



Most of the registry is saved in several Registry files, called hives: SYSTEM, SOFTWARE, SECURITY, SAM, DEFAULT, and NTUSER.DAT. SYSTEM

Information used at startup, including device drivers to be loaded, the order of their loading and configuration settings, the starting and configuring of services, and other settings

SOFTWARE Configuration settings for software installed on the

local computer SECURITY

Local security policy settings for the computer

5



Registry Files (continued) SAM

Local security accounts database DEFAULT

User desktop settings used when no user is logged on NTUSER.DAT

User profile for a single user The first time a user logs on the NTUSER.DAT file

from the DEFAULT USER folder is used File is saved in the top-level personal folder

6



Data Types in Value Entries Format of the data within a key Page 383

The Short List REG_BINARY (raw binary shown in Hex) REG_DWORD (double word 4 bytes) REG_EXPAND_SZ (single string) REG_MULTI-SZ (multiple strings REG_SZ (sequence of characters, human readable)

7



Permanent Portions of the Registry: Registry Hives HKEY_LOCAL_MACHINE\SYSTEM HKEY_LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\SECURITY HKEY_LOCAL_MACHINE\SAM HKEY_USERS\.DEFAULT HKEY_CURRENT_USER and HKEY_USER

Page 383

8



Temporary Portion of the Registry HKEY_LOCAL_MACHINE\Hardware

contains the temporary portion of the registry, the information gathered during hardware detection during each Windows startup.

It is not saved to a file

9


Working with Device Drivers

Working with Signed vs. Unsigned Device Drivers Code signing of device drivers (driver signing)

Windows uses file signature verification Administrator can control how Windows reacts

to unsigned drivers

Driver Signing Options Ignore Warn Block

10



Disconnecting a Plug-and-Play Device Can disconnect USB and IEE 1394 external

plug-and-play devices while powered up First warn Windows using the Safely Remove

Hardware icon in the System Tray Safely Remove Hardware dialog box Stop a Hardware Device dialog box

11



Using Device Manager to Manage Device Drivers View and change device properties Update device drivers Configure device settings Uninstall devices Available since Windows 95 (except NT) Roll back a driver update in Windows XP System | Hardware | Device Manager button

12


Device Drivers

Working with Device Drivers Code signing is designed to avoid problems caused by badly

written code. It involves a digital signature, provided by Microsoft as a seal of approval of program code.

Windows uses a process called file signature verification to check for code signing, and an administrator can configure what action Windows takes when it detects code that does not contain a digital signature. Configure with the Driver Signing button located on the Hardware page of the System applet.

Step-by-Step 8.01

Getting to Know Device Manager

Page 389

13



Hardware Profiles Include registry keys that contain:

Settings defining the devices that must be started during Windows startup

The list of files associated with each device Configuration settings for each device

Profile 1 is created during Windows installation Defines all the existing hardware at the time of

installation Every device is enabled

14



Hardware Profiles (continued) On a desktop computer, you will probably always have a

single hardware profile View, create, copy, rename, and modify hardware profiles by

clicking the Hardware Profiles button on the Hardware page in System Properties

If two or more hardware profiles, Windows startup pauses and displays the Hardware Profile /Configuration Recovery menu

Useful on a laptop with a docking stationStep-by-Step 8.02

Experiment with Visual Effects Page 395

15


Managing Performance in Windows

Windows Performance Settings (continued) Processor Scheduling

Programs Background Services

Memory Usage Programs System Cache

Virtual Memory Custom size System managed size No paging file

16


Managing Performance in Windows

Performance Monitoring Frequently done on network servers Not usually done on Windows desktop computers Few performance monitoring tools in desktop Oss

System Monitor Gathers and displays performance data Monitors counters belonging to objects Displays results in report, graph, or histogram

Performance Logs and Alerts Create alerts Create counter logs Create trace logs

17


Windows File Systems

Windows NTFS File System Available since Windows NT, excluding Windows 9x Logical structure: Master File Table Includes a transaction processing system Allocates disk space more efficiently than FAT NTFS5 theoretically supports a volume size of 256TB Actual hardware limit is 2TB Offers file and folder security through permissions Pre-Windows 2000 NTFS is now called NTFS4 Since NTFS4 is supports file compressions NTFS5 supports file encryption and indexing

18


Windows File Systems

File Systems for CDs and DVDs CD-ROM File System (CDFS) for

CD-ROMS Writeable CDs (CD-R) Rewriteable CDs (CD-RW)

Universal disk format (UDF) DVD ROMs DVD-R DVD-RW

DVD-RAM driver (new in Windows XP) Supports 4.7GB DVD-RAM disk standard

19


The Windows Startup Process

Windows Boot and System Files Boot files — reside in the root of drive C: System files — reside in the folder in which Windows is

installed (default location is C:\Windows or C:\WINNT) System partition — contains the boot files Boot partition — contains the system files In most cases they are both drive C: Sometimes C: is system and D: or E: is boot

20



Windows Boot Files Located in C:\

BOOT.INI BOOTSECT.DOS (not always present) NTBOOTDD.SYS (not always present) NTDETECT.COM NTLDR

Windows System Files CSRSS.EXE systemroot\SYSTEM32\ Device drivers systemroot\SYSTEM32\DRIVERS HAL.DLL systemroot\SYSTEM32\

21



Windows registry files loaded during system startup DEFAULT The default user profile until user logon SAM The security accounts data base SECURITY The security hive of the registry SOFTWARE The software hive of the registry SYSTEM The system hive of the registry

22



Phases of the Startup Process Phase I: Power-on Self-Test

CPU loads BIOS programs beginning with POST POST:

Tests system hardware Determines the amount of memory present Verifies devices required for OS startup are working Loads configuration settings from CMOS memory Briefly displays information on the screen

23



Phases of the Startup Process (continued) Phase II: Initial Startup

CMOS settings used to locate drive with boot files Loads MBR from first physical sector of the hard disk MBR code loads the boot sector from the primary

active partition of the first hard disk Boot code from the boot sector loads NTLDR

24



Phases of the Startup Process (continued) Phase III: Boot Loader Phase

NTLDR (the boot loader) takes control Switches the processor to protected mode Starts the files system code Reads the BOOT.INI file In some cases, displays the OS Selection menu If a Windows NT family OS is selected, NTLDR

remains in control and moves to the next phase

25



Phases of the Startup Process (continued) Phase IV: Detect and Configure Hardware

NTLDR starts NTDETECT.COM NTDETECT.COM scans the hardware and

gives the list to NTLDR for later inclusion in the registry

26



Phases of the Startup Process (continued) Phase V: Kernel Loading

NTLDR looks in BOOT.INI for location of NTOSKRNL NTLDR starts NTOSKRNL.EXE (the kernel) NTLDR passes on the hardware information NTLDR loads HAL.DLL NTLDR loads SYSTEM NTLDR loads drivers required at startup Kernel scans the registry for other components

27



Phases of the Startup Process (continued) Phase V: Kernel Loading (continued)

Kernel loads and initializes the components Kernel starts SMSS.EXE SMSS.EXE loads the kernel-mode Windows subsystem Windows switches from text mode to graphics mode Session manager starts user-mode Windows subsystem Session manager creates pagefile.sys Session manager starts the Windows logon service

28



Phases of the Startup Process (continued) Phase VI: Logon

WINLOGON supports logging on and logging off WINLOGON starts SERVICES.EXE WINLOGON starts LSASS.EXE The Begin Logon prompt appears WINLOGON responds to Ctrl-Alt-Delete by displaying

the Logon to Windows dialog box

29



Phases of the Startup Process (continued) Phase VI: Logon (continued)

User enters a user name and password Logon scripts are run Startup programs for various applications are run Non-critical services are started Programs and services are started from several

locations Various registry settings Startup folders created in the profiles for All Users

and for currently logged on user

30



Modifying System Startup with the BOOT.INI File Contains the locations of systemroot Contains location for system files of an alternate OS Text file that can be edited directly or indirectly

31



Modifying System Startup with the BOOT.INI File (continued) Lines beginning with "Multi" provide location of systemroot.

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft XP" /fastdetect

32


Troubleshooting Windows Problems

Proactive Tasks Keeping Windows Updated

Windows XP Service Pack 2 Configuring Automatic Update Working with Windows Update

Using Runas Command-line program for running a single command using

a user account other than the one currently logged on. Use when logged on as an ordinary user, and needing to run

a single command requiring administrative rights Step-by-Step 8.03

Create and Test a Runas ShortcutPage 409

33



Create Startup Disks for Windows NT/2000/XP Only contain the boot files Cannot start up Windows completely unless the system files are

located on the hard disk Use when boot files are damaged on the hard drive Start with this disk to bypass the hard disk boot files Format floppy disk in Windows Copy to the floppy: NTLDR, NTDETECT.COM, BOOT.INI, and

NTBOOTDD.SYS (if present)

Step-by-Step 8.04

Creating and Testing a Windows Startup Disk

Page 411

34



Back up Data Files and the Registry Before making changes, back up data files and registry

Back up a portion of the registry using Regedit Back up entire registry using a backup program

Third-party backup programs More options; and a greater variety of media

Windows Backup (NTBACKUP) NT version only backs up to tape Windows 2000/XP versions back up to any hard disk or network

location (providing permissions allows)

Step-by-Step 8.05

Configuring an Alert

Page 414

35


Troubleshooting Windows Problems Troubleshooting with Event Viewer

Event Logs System Events

OS Components Drivers, services, etc.

Application events Office suites, etc. Windows components that run in the GUI Events recorded by Dr. Watson applet

Security events Only logged if auditing turned on and events selected

36



Troubleshooting with Event Viewer (continued) Configuring and Saving Event Logs Properties for each log file allow setting of maximum

size and action to take when the log file is full Actions: clear each log file, save log file to view

later, open a previously saved log file, and create multiple views

Use context menu of log file to access actions

37



Solving Problems by Modifying the Registry Modified automatically when …

Windows Setup is run A new device is installed A device is configured Changes are made though Control Panel applets A change is made in the OS or an application

Direct Registry modification is part of some problem solutions, only do this when there is no other choice

Step-by-Step 8.06Modifying the Registry

Page 420

38



Last Known Good Configuration Recovery Startup option in Windows NT family of OSs Selects the last configuration changes set before

the last successful user logon How to: Windows 2000 and Windows XP

Press F8 after the POST and before Windows “splash” screen appears

Select Last Known Good ConfigurationStep-by-Step 8.07Using Safe Mode

Page 424

39



Troubleshooting Device Problems Device manager shows a yellow exclamation mark next to

a device with a problem Problem may be hardware, driver, or the ability of the OS

to automatically configure it Double-click device icon to open Properties Use Troubleshoot button to find problem resolution

Step-by-Step 8.08

Working with Device Manager

Page 427

40


Troubleshooting Windows Problems Recovery Options

Advanced options beyond Safe Mode Emergency Repair Process Recovery Console System Restore Automated System Recovery (ASR)

a look under the hood chapter 8 the registry is a database that includes settings for: device...

Documents

mcgrawhill companies

registry hiveshkey

registry structureview

hoodchapter8the registry

default hkey

machinesam hkey

machinesecurity hkey

machinesoftware hkey