Five Stages of Registry Hacking – Which Stage Are You At?
While this learning progression occurs when editing Vista’s registry, you can equally apply the principles to other Windows operating systems.
At stage 1 of registry tweaking you are apprehensive about a new language and fear that you may destroy your machine. This is why you only experiment on a test machine. When it comes to making changes to the registry, you restrict your activities to just altering a few values from zero to one. What this does is to enable, a feature that such as AutoAdminLogon.
Mastering the registry will require you to pay attention to detail and spot new patterns; for example, do the instructions for the registry tweak start with HKEY_LOCAL_MACHINE, or HKEY_CURRENT_USER? Recognition of such differences leads us to think, ‘does this setting affect the whole computer, or does it just control the user’s configuration?’
After a few trips into the Vista registry, you begin to appreciate the sheer scale of the hives, folders, keys and values. Soon, you start to make sense of the data, for instance, you notice that the icon for String Value has a different pattern from the icon for DWORD. By now you realize that the names of the values are not case sensitive, the eccentric capitalization is just a way of making the names read more easily, for example AutoAdminLogon.
Whereas previously you only modified existing entries, as your confidence grows, you extend your repertoire by adding new values. However, at stage 2 you still remember to export your registry’s ‘Selected Branch’ BEFORE you make any changes.
At the third stage you reach the point where your little knowledge becomes dangerous. You discover Regedit’s Edit menu with its ‘Find’, fair enoughg. But more riskily, you learn how easy it is to import settings from a .reg files. This enables you to add lots of new settings to the registry quickly, just by double clicking a text file with .reg extension. By this stage you may have learned how to use regedit’s Favorites; consequently you find it easy to return to the most popular registry haunts. All this leads to complacency.
One chink of salvation is that discover Volume Shadow Copy. Thus you discover how to retrieve previous versions of the registry files from the %SystemRoot%\System32\config folder. Now the danger is that because you are having so much fun, you cannot imagine that anything can go wrong. You start taking more risks. Occasionally you forget to export the registry before one of your experiments.
One of life’s certainties is that complacency leads to disaster. Just as children who play with fire get their fingers burnt, so those who experiment with the registry without understanding the consequences, come unstuck. The biggest cause of registry tweaks that cripple a machine, is people changing settings that they don’t understand. As a result, one day they switch on the Vista machine only to be greeted by the message: Machine will not boot. Stop 0x0000051.
Stop messages like the above cause your heart to beat faster. You realize that you have gone too far this time and have deleted a vital hive in the registry. At this stage it is a question of do or die. Either you vow never to touch regedit again, and complete your penance by rebuilding the machine from scratch, or you stay calm, apply your problem solving skills, overcome the disaster, and thus reach the fifth and final stage of registry hacking.
Knowledge, power and respect form a triangle. If one side of this triangle is shorter than the others, then the whole structure topples over. In times of crisis remember your good practices, and run through your troubleshooting techniques. To repair a broken registry, as the Vista machine boots, press F8 and select ‘Last Known Good’. This is particularly effective at restoring settings in the HKEY_LOCAL_MACHINE section of the registry. If that does not work then try booting into ‘Safe mode’.
Provided you can get into the operating system, then you have a variety of tactics. Best would be to restore the registry from the system state backup, or a Regedit export. You did take precautions? Didn’t you?
If a restore is not possible, then I would attempt to boot into a second, parallel installation. Do do this you could install another copy of the operating system on the D: \drive. Where the stricken machine boots, but then hangs, one other possibility is to try and access the registry remotely from another machine. Remote registry editing is an art in itself and requires that you start the remote registry service, fortunately, you can do this remotely. As I say, remote registry is a black art which requires research outside this article.
Check out the SystemRoot%\System32\config folder, what you are particularly looking for is the .sav files, one day they could be your salvation. I once used a parallel installation to find this config folder, and then I renamed the ‘system.sav’ file to ‘system’, and thus repaired the Vista registry. Once the machine started, I was able to import a .reg file that I thoughtfully exported before trying a dodgy registry experiment.
In my humble opinion, you have to go through the catharsis of a registry disaster before you give this black art of tweaking the registry proper respect. Thereafter, you always have one eye on safety. You make those backups, and export that registry branch regularly.
The main reason to monitor your network is to check that your all your servers are available. If there is a network problem you want an interface to show the scope of the problem at a glance.
Even when all servers and routers are available, sooner or later you will be curious to know who, or what, is hogging your precious network’s bandwidth. A GUI showing the top 10 users makes interesting reading.
Another reason to monitor network traffic is to learn more about your server’s response times and the use of resources. To take the pain out of capturing frames and analysing the raw data, Guy recommends that you download a copy of the SolarWindsfree Real-time NetFlow Analyzer.
To become expert at any task you need to acquire a range of skills. Because the registry is live, with no ‘Simulate’ button, and no safety catch, I have arranged the following techniques as a progression. Here is my sequence for mastering the registry along with examples of how to develop the corresponding technique.
- Launch Regedit – Simple exercise to get started with regedit
- Find Settings, Values and Data – CachedLogonsCount
- Add setting to ‘Favorites’ – (Any, and every example)
- Export a registry key – (Before you make ANY change)
- Change an existing value – PaintDesktopVersion, RegisteredOwner
- Rename an existing value – Computer
- Create a new value – AutoAdminLogon
- Create a new key – ContextMenuHandlers, RemoveShortcut
- Import registry settings from a .reg file – Examples
- Remote Registry Editing – Get out of jail card
The Enigma of Tweaking the Registry
I have noticed that many registry components present a duality, I refer to this as: ‘The enigma of tweaking the registry’; here are the pairs of elements:
- Is tweaking the registry work, or is it play?
- In which hive do you start? HKLM or HKCU?
- Do you edit an existing setting, or create a new value?
- If we need to create a value, is it a DWORD or a REG_SZ?
- Will your tweak require a reboot, or merely a logoff / logon?
- Does the operating system setting teach you about the registry? Or does the registry setting teach you about the operating system?
- Before you make any changes to the registry settings, get into the habit of exporting at the branch of the registry that you are working with.
- Backup the system state before you try anything radical in the registry.
- Check out the .sav files in the \system32\config folder.
- Research Volume Shadow Copy, and test how it restores a previous version of your registry files.
- If your computer has a serious problem, which requires pressing F8 at boot-up, remember to try Last Known Good as your first recovery option.
- Seek alternative methods; think laterally. Instead of risking making changes with your registry editor, what else could you do? I urge you to consider configuring a Group Policy rather than tweaking the registry. Occasionally Vista may provide a new GUI to configure a setting, for example, instead of launching regedit and changing the value for AutoAdminLogon, you could launch the Control Panel –> Users and un-tick the setting called, ‘Users must enter a user name and password.’
- Learn how to perform a remote registry edit with: Connect Network Registry.
- As you work through my registry examples, make a point of studying each page’s ‘Key Learning Points’.
If you like this page then please share it with your friends