Chapter 25 - Configuration Management and the Registry
This chapter provides some examples of problem-solving tasks that involve changes made to the Registry by using Registry Editor. The topics in this chapter include the following:
Caution Use extreme care if you follow any procedures described here for changing the Registry directly by using Registry Editor. Editing entries in the Registry is equivalent to editing raw sectors on a hard disk. You can easily make mistakes that prevent the computer from starting.
Wherever possible, use Control Panel, the tools in the Administrative Tools group, and Windows NT Explorer to change the system configuration.
Solving Users' Environment Problems by using the Registry
Using a Registry editor to view the contents of the Registry for a remote computer makes it easier for a system administrator to solve users' configuration problems.
Windows NT 4.0 includes two tools for viewing and editing the Registry, both called Registry Editor. The traditional tool, Regedt32.exe, is documented more thoroughly in these chapters. The new tool, Regedit.exe, has a Windows NT Explorer interface. It has many of the same functions as Regedt32 and an expanded search capability. Both tools are installed automatically when you install Windows NT on any computer.
You can use a Registry editor on your computer to view and edit the Registry of a remote computer. Then you can browse Registry entries to identify problems. To view and edit the Registry of a remote computer:
You can also load a copy of a hive from another computer to view and change entries, as described in "Loading Hives from a Remote Computer" in Chapter 24, "Registry Editors and Registry Administration."
Registry Editor is most useful as a tool to find the source of problems, not to edit value entries. After you find the source of a problem, Control Panel or other tools can be more safely used to solve the problem.
For example, you can easily check the user's desktop settings by examining the values under the Console and Control Panel subkeys for the user. The Console subkeys define settings for the command prompt and other character-based applications. The Control Panel subkeys in the Registry define the appearance and behavior of items in the Windows NT desktop.
To view a user's desktop settings
For example, suppose a user complains that their screen turns black whenever they click the shortcut icon for a utility that runs in a command prompt window. You can select this computer in a Registry editor, and then select the following subkey:
In this example, if the value of ScreenColors is 0, both the text and the screen background have been set to black, and this is the source of the user's problem. To fix this by selecting new colors, the user can double-click the shortcut icon, press ALT+SPACEBAR to display the Control menu, click Properties, then click the Colors tab.
Tip To change the colors or the bitmap that appear on the CTRL+ALT+DELETE logon screen, change the Wallpaper value entry under HKEY_USERS.DEFAULT\Control Panel\Desktop. For example, if you want a bitmap of your company's logo on the logon screen, change the value of Wallpaper to specify the path and filename of the logo bitmap.
Making Sure the System Always Starts
This section discusses:
The goal in all of these situations is to make sure a Windows NT system starts correctly each time you turn on the switch. Of course, you need to plan ahead for system safety by doing the following:
You can also rely on Windows NT to automatically recover from damages to startup data. Specifically, to protect the system from corrupted sectors in the System hive, Windows NT automatically creates a backup of the System hive—the System.alt file—which is stored in Systemroot\System32\Config. If any problems are encountered while reading the System hive during startup, such as damage to the file, the Boot Loader automatically switches to the System.alt file to continue startup. For more information about the System.alt file, see "Hives and Files" in Chapter 23, "Overview of the Windows NT Registry."
Starting a System with Configuration Problems
This section describes how to start a computer when hardware or software problems prevent normal system startup.
For a computer running Windows NT, the Registry includes several control sets. Each control set is a complete set of system parameters that define startup, system recovery, and driver load controls plus service parameters and other system configuration data. The control set that appears under the CurrentControlSet key is the one used to start the system for the current session. For details about control sets, see "HKEY_LOCAL_MACHINE \System Key" in Chapter 23, "Overview of the Windows NT Registry."
Whenever you start Windows NT, the Boot Loader automatically tries to boot by using the current control set described under the HKEY_LOCAL_MACHINE \System \Select subkey. If the system cannot start by using this control set (because of erroneous user changes or bad-sector errors on a file), the Boot Loader automatically tries the LastKnownGood control set, as defined in the Select subkey.
You can also switch to the Last Known Good configuration manually, bypassing the automatic process.
To manually switch to a previous system configuration
Note If you select the LastKnownGood option at startup, the system discards any configuration changes to the HKEY_LOCAL_MACHINE \System \CurrentControlSet subkey made since the computer's last successful startup.
During system startup, you can choose between the default and the LastKnownGood control set only. For information about how the LastKnownGood control set is selected and stored, see "HKEY_LOCAL_MACHINE \System Key" in Chapter 23, "Overview of the Windows NT Registry."
If you have created more than one hardware profile, you can also choose a hardware profile. A hardware profile is a set of changes to the standard configuration of services (including drivers and Win32 services) and devices loaded when Windows NT starts.
For more information on hardware profiles, double-click System in Control Panel, click the Hardware Profiles tab and open Help. See also "Hardware Profiles Subkey for All Control Sets" in Chapter 23, "Overview of the Windows NT Registry."
Reconstructing a System with Damaged Files
You might need to restore a user's system configuration and working environment if hardware fails or is being replaced, or if files have been damaged on the hard disk. You can use the Emergency Repair Disk created during Windows NT installation to restore the system files. However, you lose any changes that were made to the system after installation when you use the Emergency Repair Disk to repair files such as the Registry hives unless you updated hive files on the Emergency Repair Disk. To update the Emergency Repair Disk with a current copy of the Registry hive files, use Repair Disk Utility (Rdisk.exe), a tool installed with Windows NT.
You can use one of the following methods to reconstruct the system from backups (as described in "Backing Up and Restoring Registry Hives" in Chapter 24, "Registry Editors and Registry Administration"):
Creating a Custom Startup Verification Program
System startup is usually declared "good" if the following two procedures are complete:
This basic standard for verifying system startup suits the needs of most situations; however, your site might require additional steps before considering a computer to be successfully started and ready to participate in the network.
For example, you can redefine startup validation for a server no one normally logs on to, or for which you want system startup to be validated as successful only after a particular process has started.
Or, for a server running Microsoft SQL Server, you might want a system startup to be marked as good only after the server responds to a request. To do this, you can write a program that queries the SQL database and checks the response. If the response is not as expected, the program can call the NotifyBootConfigStatus() function with a value of FALSE, prompting the system to restart by using the LastKnownGood control set. Or, the program can direct the system to run without saving the current configuration as the LastKnownGood control set. Conversely, if SQL Server responds as expected, the program can call the NotifyBootConfigStatus() function with a value of TRUE, which prompts the system to save the current configuration as the LastKnownGood control.
You can run such a verification program from the command prompt. Or you can have the program run automatically during startup by specifying value entries under the BootVerificationProgram subkey in the Registry.
To create a custom startup verification program
As another example, a computer setup for a turnkey application is a candidate for a custom startup verification routine: The computer does not usually interact directly with users and you therefore do not want a successful user logon to be part of the system startup.
If you want a good system startup to be accepted from a remote computer (either manually or automatically), you can use the Bootvrfy.exe program that is supplied with Windows NT. In this case, the remote computer accepts the system startup by starting the Bootvrfy service. You can also write your own verification service, which can reject the system startup and revert to the LastKnownGood control set to restart the computer.
To verify system startup from a remote computer
Important You cannot use the Bootvrfy service in conjunction with settings in the BootVerificationProgram subkey. These are mutually exclusive methods.
You might also want a good system startup to depend on whether a specific service or driver loads. For example, for a server you can program the Boot Loader to choose the LastKnownGood control set if the Server service doesn't start on the computer.
To change system startup to depend on a service or driver
Customizing Windows NT Logon
You can change the Windows NT logon process in either of the following two ways:
During Windows NT logon, the first message that appears instructs the user to press CTRL+ALT+DELETE to log on. Then, when the Welcome dialog box appears, the user can type a user name, domain, and password.
You can define a custom message to display after the user presses CTRL+ALT+DELETE. For example, you can warn users that a particular computer is restricted to only certain users. Or, for all computers on the network, you can warn against unauthorized attempts to log on.
To create a custom logon message
If either LegalNoticeCaption or LegalNoticeText is defined in the Registry, a user cannot log on to the computer without acknowledging the message by clicking OK.
For a computer used as a print server and another special-use system, you might enable system startup without a user having to supply a user name or password. You can define automatic logon for a computer by adding some value entries in the Registry.
To allow automatic logon for a computer
Changing Driver and Service Configuration Data
The hardware detected on a computer is stored in the volatile HKEY_LOCAL_MACHINE \Hardware key. Because this key is destroyed each time the system stops and recreated each time the system starts, you cannot usefully edit hardware settings.
You can use Windows NT Diagnostics to view hardware data in an easy-to-read format. Based on this information, you can discover conflicts and their causes or determine how to set up new hardware before installing it. You can also get information about conflicts by looking at the System event log in the Event Viewer.
This section presents some suggestions for solving hardware and related driver problems by using Registry Editor.
To carry out some procedures described in this section, you need to follow the instructions for saving keys in "Saving and Restoring Keys" in Chapter 24, "Registry Editors and Registry Administration."
Recovering from an Unsuitable Video Display Choice
You can use the Windows NT Setup Display option in Control Panel to change the type of video driver, the color depth, or the resolution for a display adapter. If you make an unsuitable setting, one of the following two events occurs:
If you cannot see anything on the screen after changing the display settings, do not attempt to log on. Instead, wait for the disk activity to stop, then use the power switch to restart the computer. When you restart, choose the VGA Mode version of Windows NT. If this does not work, follow the instructions in "Starting a System with Configuration Problems," earlier in this chapter. Then you can use the Display option in Control Panel to try another selection.
Changing Driver Loading Controls in the Registry
Under most circumstances, you should define the startup behavior of a device or a service by using the Devices option or the Services option in Control Panel, or by using Server Manager under Windows NT Server. Use these methods in specific cases where you cannot define behavior by using the other administrative tools.
You can change the basic value entries in the Registry to control driver loading for a specific driver. For example, you can change:
To change the behavior of a driver or service
For details about Start and ErrorControl values, see their definitions in Regentry.hlp, the Registry Help file on the Windows NT Workstation Resource Kit CD.
Controlling Multiport Serial I/O Cards
The Microsoft serial driver can be used to control many dumb multiport serial cards. Dumb indicates that the control includes no on-board processor. Each port of a multiport board has a separate subkey under the CurrentControlSet\Services\Serial subkey in the Registry. In each of these subkeys, you must add values for DosDevices, Interrupt, InterruptStatus, PortAddress, and PortIndex because these are not detected by the Hardware Recognizer. (For descriptions and ranges for these values, see Regentry.hlp, the Registry help file on the Windows NT Workstation Resource Kit CD.
For example, if you have a four-port COMTROL Hostess 550 board configured to use address 0x500 with an interrupt of 0x2, the values in the Registry are:
Certain multiport boards, such as Digiboard non-MCA bus cards, use a different scheme to determine which port is interrupting. These boards should include the Indexed value entry in the configuration data for each port under its subkey in CurrentControlSet\Services\Serial. This entry indicates that the board uses an indexed interrupt notification scheme as opposed to a bitmapped method.
For example, if you have an eight-port Digiboard communications board configured to be at address 0x100 with an interrupt of 0x3, the values in the Registry are:
Deleting Serial Ports
You can configure communication ports as described in the previous section. You might also need to delete one or more COM ports. Communication ports should be deleted by using the Ports option in Control Panel.
To delete a COM port by using Control Panel
Sometimes, if you use Control Panel to delete a COM port that was created manually, the process leaves unwanted data in the Registry. If the deleted COM port is generating error events in the Event Log, you can remove the port directly from the Registry.
To delete a COM port by using a Registry editor
If the communication port is active and detected by the Hardware Recognizer, the port reappears in the Control Panel Ports list when the system is restarted. If you do not want a built-in serial port to be active in Windows NT, you must disable the hardware by using a tool such as the computer's CMOS setup program.