Chapter 15: Registry Programming

Overview

S is for Space.

--Ray Bradbury

Although today tools and applications equipped with GUI (Graphical User Interface) really dominate the whole Windows world, including Windows NT, Windows 2000, Windows XP, and Windows Server 2003, most administrators and power users know that automating many routine tasks (for example, such as distributing registry changes to more than 5,000 workstations) cannot be accomplished using GUI tools (such as Registry Editor, in this example). Frankly speaking, when it comes to software development and distributing applications to end users, the Registry Editor is only suitable for testing purposes. Setup programs, REG files, and INF files provide more capabilities for convenient and safe registry modification. Furthermore, if you are going to automate Windows and distribute registry changes to a large number of workstations and servers within your Windows-based network, you will certainly need to consider alternate techniques of accomplishing this task.

Several ways of accomplishing this task already exist in Windows NT 4.0, including system policies and various scripting techniques. With Windows 2000, other new and improved ways appeared to deliver massive registry modifications to multiple workstations and servers. In Windows XP and Windows Server 2003, these methods were enhanced and improved and new mechanisms ensuring that the required registry changes have been delivered. These methods include the following:

  • Group Policy Objects usage for delivering custom administrative templates and registry security. We briefly covered this topic in Chapters 10 and 11.

  • Using new technologies for massive software distribution and configuration management, including Microsoft's Systems Management Server (SMS), or third-party system mangement packages, as well as using Microsoft Windows Installer Service, which we briefly considered in Chapter 11.

  • Using various shell-scripting techniques, including the usage of Resource Kit command-line tools in your scripts as well as employing the Task Scheduler for scheduled execution of registry scripts.

  • Using Windows Script Host to modify the registry.

This chapter mainly concentrates on scripting techniques. Any system administrator must possess a reasonable degree of knowledge of built-in scripting, particularly for those who manage large corporate Windows-based networks. Just to illustrate the real power behind built-in scripting capabilities, let us consider some practical situations. For example, let's say you have to introduce configuration modifications to several workstations running Windows NT-based operating systems without going to each machine.

In order to change the local Administrator password on several workstations you would use the following batch file:

 echo on >>password.log @echo MachineName1 >>password.log ping MachineName1 >>password.log if %errorlevel%==0 soon \\MachineName1 cmd /c "net user AccountName1_ NewPassword1" >>password. log @echo MachineName2 >>password.log ping MachineName2 >>password.log if %errorlevel%==O soon \\MachineName2 cmd /c "net user AccountName2_ NewPassword2" >>password.log @echo ** end of file ** >>password.log exit 

Note 

In the above-provided batch file, the Soon command from the Windows 2000 Resource Kit was used. However, the built-in system scheduler (AT) will also work, for example:

 at   \\TargetMachine cmd /c "net user AccountName   NewPassword"

To illustrate this concept in relation to the registry, let us recall the example with disabling EFS, which we discussed in Chapter 13, where we considered the two methods: disabling EFS by direct registry editing, and by means of using Group Policies. Of course, modifying registry keys on a couple of machines is a simple undertaking. However, when you need to introduce this change to hundreds of thousands of machines, this task ceases to be a simple one. In a domain environment where you have implemented Active Directory, it is supposed that you will use Group Policy to distribute the change. Consider however, a situation in which you haven't yet implemented Active Directory, but still need to modify a large number of workstations. This is where scripting techniques will come to your rescue.

There are several ways to modify the registry in an automated fashion, the simplest of which is to create a script that is run locally on the Windows XP systems. Use the following command: reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS” /v EfsConfiguration /t REG_DWORD /d 1 /f. You can use a similar command to turn EFS back on, either by simply changing the value to 0 or by deleting the key using the following command:

 reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\_ EFS" /v EfsConfiguration /f

Note 

In this example, we have used the REG utility included with the Windows 2000 Resource Kit. This tool allows you to add, modify, delete, and search registry keys and values, perform registry backup and restore, as well as other administrative operations. This command-line utility, which can be successfully used in batch files, can operate over both local and remote registries, and it also works fine with Windows XP and Windows Server 2003. The /f key eliminates the need to prompt the user to confirm the deletion.

Reg.exe supports the following commands:

  • REG QUERY

    Returns information on the keys and values contained within the specified registry key or hive.

  • REG ADD

    Adds a new value into the specified key.

  • REG UPDATE

    Modifies the current state of the registry element. If the registry doesn't contain a specified value, the command is ignored.

  • REG DELETE

    Deletes a registry value, key, or several keys.

  • REG COPY

    Copies a registry element into a new registry key on the local or remote computer.

  • REG SAVE and REG BACKUP

    Save the indicated registry values, keys, or hives to the specified file. These commands are particularly useful for backing up the registry before introducing any changes. The REG SAVE and REG BACKUP commands are identical.

  • REG RESTORE

    Restores the specified value, key, or hive from the file created using the REG SAVE or REG BACKUP commands.

  • REG LOAD

    Temporarily loads the specified key or hive from the file created using REG BACKUP or REG SAVE into the root level of the registry. This command is useful for viewing information, editing registry data, or performing troubleshooting operations.

  • REG UNLOAD

    Unloads the specified key or hive previously loaded using REG LOAD.

The REG SAVE and REG BACKUP commands support the following syntax:

 REG SAVE RegistryPath FileName [\\Machine] REG BACKUP RegistryPath FileName [\\Machine]

The RegistryPath argument specifies the registry path to the registry key or value in the following format: [ROOTKEY\] Key.

The ROOTKEY parameter specifies the registry root key containing the key to be backed up (the default value of this parameter is HKEY_LOCAL_MACHINE).

The root key may be specified using one of the following abbreviations listed below:

 HKEY_LOCAL_MACHINE — HELM HKEY_CURRENT_USER — HKCU HKEY_CLASSES_ROOT — HKCR HKEY_CURRENT_CONFIGURATION — HKCC

Note 

Only HKLM and HKU keys are available when working with remote systems.

Key — this parameter specifies the complete path to the registry key contained within the root key specified by the ROOTKEY parameter.

FileName — this parameter specifies the file name (without an extension), where the registry data will be saved. (On a local computer, this file will be stored in the current directory; when working with remote systems, in the Windows installation directory.)

Machine — this parameter specifies the name of the remote computer (by default, the local system is used). Use a UNC notation when specifying computer names. For example: \\STATION1.

The REG RESTORE command supports the following syntax:

 REG RESTORE FileName KeyName [\\Machine]

where:

FileName — the name of the file to be restored (without the filename extension). This parameter should specify a file previously created using REG SAVE or REG BACKUP.

KeyName — name of the registry key, in the following format: [ROOTKEY\] Key.

Key — complete path to the registry key contained within the root key specified by the ROOTKEY parameter.

Machine — name of the remote system in UNC format (by default, the local computer will be used).



Windows Server 2003 Registry
Unicode Explained
ISBN: 1931769214
EAN: 2147483647
Year: 2005
Pages: 129

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net