Registry Hack – Getting Started

Getting Started with Regedit

Here are simple instructions to help you launch regedit and start editing your registry.  Do remember to select File, Export, Selected Branch, before you make any changes.

• Windows 7 Regedit
• Vista’s Regedit
• XP or Windows Server 2003
• PowerShell Registry Editing

Getting Started with Regedit in Vista

1. Click on the Vista Start Button
2. Click in the Start Search Dialog Box
3. Type regedit
4. Press enter (or double click Program: regedit)

Note 2: Unlike other Vista executables, if you just type the first few letters, ‘reg’ or ‘reged’, this does not reveal the name of the program, you have to type the full name – regedit.

Note 3: Another clue that amateurs are not supposed to open the registry, is that the special editor, Regedit, does not appear on any Vista menu. 

Note 3: The actual executable is called regedit, but for backwards compatibility it also responds to the name of regedt32.

See a whole section of Vista’s Registry

Getting Started with Regedit in Windows Server 2003 (and XP)

The best executable to hack the registry is Regedit.  (Rather than Regedt32)

Click on the START (Button), RUN, REGEDIT (Type), Click on the OK (Button).

Note 1: In Windows 2003 and XP Regedit remembers the last place you visited which is useful. 

Key Registry Editing Skills

• Starting Regedit.exe
• Finding Values
• Changing Values (easy)
• Adding new String Values, DWords or Keys

Monitor Your Network with the Real-time Traffic Analyzer

The main reason to monitor your network is to check that your all your servers are available.  If there is a network problem you want an interface to show the scope of the problem at a glance.

Even when all servers and routers are available, sooner or later you will be curious to know who, or what, is hogging your precious network’s bandwidth.  A GUI showing the top 10 users makes interesting reading.

Another reason to monitor network traffic is to learn more about your server’s response times and the use of resources.  To take the pain out of capturing frames and analysing the raw data, Guy recommends that you download a copy of the SolarWindsfree Real-time NetFlow Analyzer.

Structure of the Registry

The registry is made up of two main parts HKEY_USERS and HKEY_LOCAL_Machine

HKEY_USERS

This has a subset called HKEY_CURRENT_USER which is stored in the user’s profile under the Documents and Settings folder.

HKEY_LOCAL_MACHINE (HKLM)

This has two subsets HKEY_CLASSES_ROOT – this branch contains all of your file types and HKEY_CURRENT_CONFIG which stores the current hardware profile information.  I generally ignore the subsets and deal exclusively with the HKLM.

The physical files are stored in the %systemroot% (winnt)\system32\config folder and are called, software, security, and system.  These files are backed up if you select ‘System State’ during the backup proceedure.

Watch out for the different types of values; REG_SZ (String) and REG_DWORD are the most common and can be created or edited with Regedit.exe.  Occasionally you need to find the other types Binary, Reg_Expand or Reg_Multi for these use Regedt32.exe

The Two Registry Editors

• Regedit – Wonderful FIND easy to use.   Start Run regedit
• REGEDT32 – In Windows 2000 (as opposed to XP and Windows Server 2003) REGEDT32 was useful for checking security settings and editing REG_EXPAND or REG_MULTI  Start Run Regedt32
• Have fun with Regedit.

Guy Recommends:  SolarWinds’ Log & Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

Windows Vista Registry Tweaks: