Tải bản đầy đủ - 0 (trang)
Chapter 20. Windows Server 2003 System Registry

Chapter 20. Windows Server 2003 System Registry

Tải bản đầy đủ - 0trang

Regrettably,theRegistry'scapabilitiesandusesarerarelyfully

understoodbysystemadministrators,muchlessendusers.

ThisispartlybecauseoftheRegistry'scomplexityandalso

becauseofthefactthatmanyusersaresomewhatintimidated

bythewarningmessagesaboutmodifyingtheRegistry.

Althoughitistruethatmodificationscanhavedisastrouseffects

ontheentiresystem,Registrychangesoccurmoreoftenthan

yourealize.MostofthesechangestakeplacethroughtheGUI,

butsomesystemconfigurationscanhappenmoreefficiently

eitherthroughamanualRegistrymodification(insteadofgoing

throughaseriesofdialogboxes)oronlythroughamanual

change.

TheWindowsServer2003Registryisnotapieceofthe

operatingsystemtotakelightly.BecauseWindowsServer2003

reliesgreatlyontheRegistrytofunction,itiscriticalthatyou

understandtheRegistry'sapproachtosystemconfiguration.

Thischapterservestogiveyouthenecessaryinformationto

manipulatetheRegistrysothatyoumaintainsystemreliability

andperformance.Overall,thischapterfocusesonthefollowing

fourkeytopicsrelatedtotheWindowsServer2003Registry:

UnderstandingtheRegistry'sstructuraldesign

Properlyusingthetoolsavailabletomanageandmaintain

theRegistry

AdequatelyprotectingtheRegistry

BackingupandrestoringtheRegistry







WindowsServer2003RegistryArchitecture

TheWindowsServer2003Registryisawell-organizeddatabase

containinganassortmentofhardware-,software-,anduserrelatedinformation.Itsbasicstructureishierarchicalwith

multipleconfigurationlayers.Theselayersorlevelsaregrouped

fromthetopdownbyhives,keys,subkeys,valueentries,and

finallytheactualvalueforagivenconfigurationparameter.A

valueentryisaparameterwithinthekeyorsubkey,anda

valueisthespecificvaluefortheparameter.



Hives,Keys,andSubkeys

AtthetopmostleveloftheRegistry'sorganizationisarootkey

commonlyreferredtoasahive.Therearefivehiveswithinthe

Registry,asshowninFigure20.1,andtheyareallpermanent

(thatis,theyarehard-codedwithinWindowsServer2003).

Becausethesehivesarehard-coded,youcan'tdelete,modify,

oraddanotherhive.



Figure20.1.DisplayingthefiveRegistryhives

withtheRegistryEditor.



[Viewfullsizeimage]



Table20.1listsanddescribeseachofthesehives.

Table20.1.TheFiveRegistryHivesandTheirContent

RegistryRootKey

(Hive)



ContentDescription



HKEY_CURRENT_CONFIG Currenthardwareconfigurationinformation.

HKEY_CLASSES_ROOT



FileassociationsandOLEinformation.



HKEY_CURRENT_USER



Informationabouttheusercurrentlylogged

on,suchasdesktopsettingsandnetwork

connections.



HKEY_USERS



Localuseraccountinformation.Information

oneachuserisstoredinaseparatesubkey.



HKEY_LOCAL_MACHINE Systemconfigurationinformationand

parameters,suchashardware,software,and

securitysettings.



Coincidentally,someofthehivesarealsosubkeysofother

hivesandarelinkedtooneanother.Thesehivesandtheir

correspondinglinkedpathsarelistedinTable20.2.

Table20.2.RegistryHiveLinks

Hive(RootKey)



LinkedPath



HKEY_CLASSES_ROOT



HKEY_LOCAL_MACHINE\SOFTWARE\Classes



HKEY_CURRENT_CONFIG HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware

Profiles\Current

HKEY_CURRENT_USER



HKEY_USERS(currentuserloggedon)



Thenextorganizationallevelisakey.Eachkeycontainsvalue

entriesorvaluesandcanalsohavesubkeysbranchingoffit.

Thosesubkeyscanthenbeconsideredkeysforthe

configurationinformationbranchingoffit.



RegistryLocationandStorage

TheWindowsServer2003Registryisstoredintwoseparate

places:inmemoryandondisk.Atstartup,theentireRegistryis

loadedintopaged,pooledmemorysothatWindowsServer

2003canquicklyretrieveinformation.

It'salsostoredinvariousfileslocatedwithinthe

%SYSTEMROOT%\System32\Configdirectory.You'llalsonotice

the.savand.logfilesinthisdirectory.Theyserveasbackup

filesfortheRegistry.



HKEY_LOCAL_MACHINE

TheHKEY_LOCAL_MACHINEhivecontainsavarietyof

informationpertainingtohardwaredevices(forexample,

memory,bustypes,devicedrivers,andmore)andthesoftware

installedonthesystem.AsyoucanseeinFigure20.2,thehive

containsthefollowingfivesubkeys:



Figure20.2.HKEY_LOCAL_MACHINEsubkeys.



[Viewfullsizeimage]



HARDWARE

SAM

SECURITY



SOFTWARE

SYSTEM

Thesefivesubkeysareexplainedinthefollowingsections.



TheHARDWARESubkey

Asthenameimplies,theHARDWAREsubkeycontainsallthe

hardwareinformationforthesystem.Whenthesystemstarts

up,informationisbuiltaboutthehardware,andthenat

shutdownthisinformationiswipedaway.Therefore,the

HARDWAREsubkeyisvolatile.

NTDETECT.COMisinchargeofgatheringallinformationonthe

hardware.Afteritobtainstheinformation,itpassesthat

informationtotheHARDWAREsubkey.Thefollowingaresome

examplesofthehardwarecomponentsthatitdetects:

Adaptertype

Bustype

Communicationports

Floppydisks

Keyboard

Mouse

Video



TherearefoursubkeyswithintheHARDWAREsubkey.These

subkeysarealsopopulatedwithinformationgatheredfrom

NTDETECT.COM.Thefourstandardsubkeysarethefollowing:

HARDWARE\ACPIThissubkeyisfortheACPIhardware

andsoftwareinterfacespecificationthatsupportsPlugand

Playaswellasadvancedpowermanagement(APM).

HARDWARE\DESCRIPTIONThissubkeycontains

hardwaredescriptions.

HARDWARE\DEVICEMAPThissubkeyincludesdevicesto

devicedrivermappings.

HARDWARE\RESOURCEMAPThissubkeycontains

resourcemappingsthatthedevicesuse(suchasphysical

memoryranges).



Note

PlugandPlayAPIsareusedtoreadandwritepower

managementandPlugandPlaydeviceinformation

fromandtotheRegistrydynamically.



TheSAMSubkey

TheSAMsubkey,showninFigure20.3,issimilartothe

HKEY_LOCAL_MACHINE\SECURITYsubkeyinthatitcontains

valuableinformation.Bydefault,thissubkeyislockeddownto

thepointthatit'sinaccessibletousersviatheRegistryEditor.It

storeslocalusersandgroups,alongwithaccesspermissionsfor



filesandfolders.



Figure20.3.TheHKEY_LOCAL_MACHINE\SAM

subkey.



[Viewfullsizeimage]



TheSECURITYSubkey

Becauseofthesecurity-sensitiveinformationcontainedinthe

SECURITYsubkey,ittooislockeddowntightlytoprotectthe

information.Thissubkeyis,bydefault,inaccessiblethroughthe

RegistryEditor.

Theinformationwithinthiskeypertainstousers,groups,

accesspermissions,andalsoincludesapplicationanddevice

driverrelatedinformation.Theactualcontentofthissubkeyis



determinedwhetherornotyou'restillinMixedmodewith

WindowsNT4asadomaincontroller.



TheSOFTWARESubkey

Application-specificinformationincluding,butnotlimitedto,

pathstatements,licensing,andexecutablepathsisstoredin

theSOFTWAREsubkey.Becausethissubkeyresidesunderthe

HKEY_LOCAL_MACHINEkey,theconfigurationinformationis

appliedglobally(thatis,systemwide).Thisisanimportant

pointbecausetheseconfigurationsdifferfromthoselocatedin

HKEY_CURRENT_USER\Softwareforindividualusers.

Withinthissubkey,you'llalsofindvariousothersubkeys

relatingtotheapplicationsthatareinstalledonthesystem.For

example,underHKEY_LOCAL_MACHINE\SOFTWARE\

Microsoft\,youcanfindtheconfigurationsandversionnumbers

ofalltheMicrosoft-installedsoftware.



TheSYSTEMSubkey

AnothersensitivesubkeythatisveryimportanttoWindows

Server2003istheSYSTEMsubkey.Themajorityofthe

informationstoredinthissubkeyisthefollowing:

ControlsetconfigurationsThecontrolsetconfiguration

pertainstothedatathatisneededtocontrolthesystem

bootprocess.Thisinformationisassociatedwithcurrent

andpriorcontrolsets.Thecurrentcontrolsetdefinesthe

systemprofile,whileitssubkeysprovidemoredetail,such

asthecomputername,theservicesrunningonthesystem,

andinstructionsforWindowsServer2003incaseofa

systemcrash.



WindowsServer2003setupinformationThis

informationcontainsvariousWindowsServer2003setup

parameters,suchasOSLoaderPathandSystemPartition.

DisksubsystemconfigurationThedisksubsystem

configurationinformationpertainstothedevices,volumes,

RAIDsettings,andmore.TheDiskManagementsnap-in

usesthisinformationtodisplaythedisksubsystem

information.



HKEY_CLASSES_ROOT

AlthoughHKEY_CLASSES_ROOTisconsideredahive,it's

actuallyanaliasforthekey

HKEY_LOCAL_MACHINE\SOFTWARE\Classes.Thiskeystoresall

fileassociations,informationregardingshortcuts,OLE,and

muchmore.Thefileassociationbasicallypointstothe

appropriateapplicationthatwillexecutewhenyouuseafile

withthatspecificextension.Also,particulariconsareassociated

withaparticularfiletype.So,forexample,whenyouviewfiles

inWindowsExplorer,youcanseeadocument(.doc)witha

MicrosoftWordicon.Whenyouopenthatfile,MicrosoftWordis

launchedandopensthefile.Someofthefileassociationsare

showninFigure20.4.



Figure20.4.Fileassociationslocatedin

HKEY_CLASSES_ROOT.



[Viewfullsizeimage]



TheHKEY_CURRENT_USER\Software\Classesaliaswasfirst

introducedandimplementedinWindows2000toenhance

supportforuser-basedsettings.Thisfeatureiscalledper-user

classregistration.Itprovidesmoreflexibilityandcustomization

byallowingapplicationstodefineassociationsperuseras

needed.Inotherwords,asystemwithmultipleuserscanhave

differentapplicationsettingsforeachindividual.



HKEY_CURRENT_CONFIG

TheHKEY_CURRENT_CONFIGisyetanotherhivethataliases

anothersubkey.Thistimeitreferences

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware

Profiles\Current.Ifyoucheckthisreference,you'llnoticethat



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 20. Windows Server 2003 System Registry

Tải bản đầy đủ ngay(0 tr)

×