Warning: When you use the /s flag, Regedit suppresses all messages, including indications of failed registrations.
Another useful Regedit command-line option is the ability to export a particular key with its subkey and values to a correctly formatted .reg file. You can accomplish the same thing by going to Regedit’s main menu and selecting Registry, Export Registry File. The currently highlighted key is exported to a .reg file, which you can then manipulate in any way you like. From the command-line, you can take advantage of this feature to include Registry exporting in scripted solutions. The syntax for this feature is as follows:
regedit /e <path to a .reg file> SUBTREE\KEY\[SUBKEY]
For example, if we want to create a .reg file out of the contents of HKEY_CURRENT_USER \Control Panel\Desktop, the command would look like this:
In this case, the contents of the key Desktop — including all of its subkeys and values — is placed in a formatted .reg file in the c:\temp folder called desktop.reg. Note the double quotation marks around the key name. They are used because Control Panel is a two-word unit separated by a space and Regedit would otherwise interpret it incorrectly.
Note: When you use the Export function to create .reg files from Regedit, all Registry security information is lost within the resulting .reg file.
Regsvr32
Another tool that comes with Win2K is Regsvr32. Most executables and DLLs that are COM components register themselves in HKEY_CLASSES_ROOT\CLSID and associated keys, either when they are installed or run for the first time. However, some DLLs may require manual registration to be recognized by an application. Regsvr32 performs this function for you. Specifically, it is only meant to be used with COM DLLs, and it registers them via the GUID embedded in each COM component.
Regsrv32 supports several command line options. Most simply, you can register a COM DLL by typing regsvr32 mydll.dll. Figure 6 shows the message you should see if regsvr32 successfully registers a component.
If you want to register a DLL without having a message appear confirming the operation, use regsvr32 /s mydll.dll. Alternatively, you can use regsvr32 to unregister a component by using the /u flag (e.g., regsvr32 /u mydll.dll).
Web-Based Enterprise Management
Beginning with NT 4.0, Service Pack 4, Microsoft ships a set of services called Windows Management. Based on the industry-standard Web-Based Enterprise Management Common Information Model (WBEM/CIM), Windows Management Instrumentation (WMI) comprises a set of interfaces that expose OS configuration and monitoring information to management tools according to the CIM specification. WMI ships as part of Win2K, and you can use this service as another means for getting information out of the Registry. Specifically, WMI includes a set of Registry "providers" specifically designed to let WBEM-enabled management tools get Registry information. One such tool that is available out-of-the-box in Win2K is the Microsoft Management Console (MMC) snap-in for System Information. If you select the Start menu, click Run, and type compmgmt.msc, the Computer Management set of MMC snap-ins launches, letting you get to system information that WMI exposes.
Note: MMC is the new method in Win2K for managing most OS configuration tasks. The MMC is a COM container that specifies a certain set of basic behaviors. MMC snap-ins — written as COM components — provide the real management functionality within the MMC. (In fact, MMC snap-ins are just DLLs that you can register using regsvr32 if you need to install them manually.)
Once you’ve launched the Computer Management snap-in, select System Tools, System Information, Software Environment, and you find a section for OLE registrations, where you can see all of the OLE servers currently registered on a particular system (Figure 7).
If you want to access only the System Information tool within the MMC, you can do so by starting MMC.exe from a command line. From the MMC menu, select Console, Add/Remove Snap-in, and Add. Finally, from the list of standalone snap-ins, select Microsoft System Information.
WIN2K RESOURCE KIT UTILITIES FOR MANIPULATING THE REGISTRY
There are a number of Registry-related utilities within the Win2K Resource Kit that are valuable tools for use in scripted Registry solutions. Unfortunately, because of the nature of the Resource Kit — usually a collection of tools written by many different people within and outside of Microsoft — each of these tools may come with idiosyncrasies and syntaxtual subtleties. In this section, I examine some of the more useful Registry tools in detail and give examples of how each accomplishes its particular task. (Note that the Win2K Resource Kit contains a subset of the Registry-related tools that were part of NT 4.0. Many of these NT 4.0 utilities still work in Win2K.)
Regini
Regini.exe is a versatile tool for making mass changes to the Registry. While not as easy to use as Regedit, it is capable of doing much more than just adding keys and values. You can delete keys and make some minor changes to Registry security. Regini also supports a form of logging that lets you know whether the changes you make actually succeed.
Unfortunately, Regini takes as input a file format different from that of Regedit, meaning that you have to build Regini input from scratch. One exception to this is the ability to dump a Registry key to a Regini-compatible script, similar to the Regedit export feature, which I explain later in this section.
You have to be careful with formatting when you create Regini input files because they are sensitive to syntax errors. For example, if each line in a Regini file is not terminated with a carriage return, the script will fail. The listing that follows shows a sample of a very simple Regini input file that makes a change to an environment variable value in
You often find Regini files suffixed with .ini (hence the name!); however, this is purely convention. Regini can call a file of any name (e.g., Regini test.txt).
Regini works by evaluating each line in an input file. If it does not find an equal (=) sign, it assumes that the line refers to a Registry key or subkey. You begin a file by specifying the subtree and key you wish to modify. For example, if I want to modify a key in HKLM\Software, I would enter the following on the first line of my Regini file
HKEY_LOCAL_MACHINE\Software\.
Regini also recognizes the following format:
\registry\machine\software,
where \registry\machine is equivalent to HKEY_LOCAL_MACHINE\.
Regini does not follow a consistent pattern, however, with respect to making changes to the other keys. For example, to make changes to HKEY_CURRENT_USER, you can use HKEY_CURRENT_USER\ or USER: or even \registry\users\<SID>, where <SID> is the Security Identifier of the currently logged-on user whose system you want to modify. However, to modify HKEY_CLASSES_ROOT, you can only use \registry\machine\software\classes (not HKEY_CLASSES_ROOT). For the HKEY_USERS subtree, you can use HKEY_USERS or \registry\users. Confused? This is why these tools are in the Resource Kit rather than in the released product!
Now that we know how to get to each subtree, a number of rules must be followed to add keys, subkeys, and values. First, there are two ways you can add a key or subkey(s). Suppose we want to add new value called "Default Directory" under HKEY_LOCAL_MACHINE\Software\ABC Corp.\Myapp\Preferences. However, the ABC Corp. key and its subkeys do not exist yet. The following listing shows how you might create a Regini script to add new subkeys and values.
Alternatively, you can use another Regini feature to create a hierarchy of keys. Specifically, by starting at the root key (in this case HKLM\Software), you can specify additional subkeys on separate lines and indent them to indicate their place in the hierarchy. For example, if we take the above listing and use the indentation method, the script would look like the listing below.
The results of either of the preceding two listings are the same and are shown in Figure 8.
Note that, using the indentation method, it is easy to change the results of the scripts listed above. For example, if I place the "Default Directory" value directly under the "Myapp" key rather than indented under "Preferences," the value would have been added under "Myapp." Likewise, if I had positioned the "Preferences" key under "ABC Corp." instead of "Myapp," then "Preferences" would have been created as a subkey of "ABC Corp." rather than "Myapp."
When we discussed Regedit’s capabilities, we covered how to assign value names that are supposed to be blank via the @ symbol. In Regini scripts, you simply leave the left-hand side of the equal sign blank. For example, to assign a default value name the REG_SZ value of "Hello," enter = REG_SZ "Hello" on its own line in your script. Also, note that if you leave off the value type designator within a line of your script, the value to the right of the equal sign defaults to a type of REG_SZ. Like Regedit, Regini is line-oriented, so you must use the backslash (\) character to continue a command on multiple lines.
Other Regini Features
As I mentioned earlier in the chapter, in addition to just modifying and adding keys and values to the Registry, Regini can log changes, as well as delete and modify permissions on keys. The logging feature is pretty limited, but nonetheless better than Regedit. Specifically, when you execute a Regini script, the tool echoes the changes it is making to stdout (in most cases, to the command shell in which Regini is running). You can redirect the log information to a file for later review (e.g., Regini myscript.ini >logreg.txt). Note that if you execute a Regini script that makes no changes — for example, you run the same script twice — there is no log output if no change is being made. And, if you execute a Regini script that makes four changes, but only one of them has not yet been made, it sends output only on the one change that was made.
As far as syntax, you can also comment Regini scripts, which can be useful when someone else tries to troubleshoot them later on. Use the semicolon (;) character at the beginning of a line to indicate that it is a comment — for example,
\registry\machine\Software\ABC
;this next line sets the value for ABC key
value = REG_SZ test
Another Regini feature is the ability to delete values from a key. The following listing shows how Regini’s delete function works.
You simply use the keyword "delete" in place of the value type for a given value that you want to delete. This listing deletes two values from two separate subtrees within the same script, which is perfectly legal. However, one thing that Regini won’t let you do is delete the key itself. (For information on how to delete Registry keys, see the reg.exe utility section later in this chapter.)
The final Regini feature worth mentioning here is the ability to set security permissions on keys within the Registry. You may recall that the Registry supports Access Control restrictions just as the NT File System does. However, the ability to set or change Registry key permissions using out-of-the-box Win2K tools is limited to Regedt32 (and to Group Policies, discussed later in this chapter).
Regini also includes some limited capabilities for resetting key permissions. I call the capabilities limited because you can set only a subset of the full rights available in the Registry and because the tool is not recursive. That is, you have to explicitly set permissions at each key level within the subtree that you want to control.
Regini uses a somewhat esoteric convention for setting Registry security. Specifically, it assigns a numeric value to a pre-set list of possible Access Control Entries (ACEs). From this list, you can choose a particular combination of ACEs and add them to your Regini script by surrounding the number(s) of your choice in brackets ([]). For example, to add an ACE for Administrators and Creator Owner, I would enter [1 5] in my script, where each number is delimited by a space. Table 3 shows the possible ACEs you can use with Regini. All of the groups listed below are local, built-in NT groups unless otherwise noted.
Note: The documentation included with Regini in the Win2K Resource Kit only shows ACE combinations up to 20. However, this is wrong. Regini will successfully apply ACEs as shown in Table 3.
Warning: When you apply these permissions to a Registry key, note that the ACE for that key is replaced, rather than edited!
If you have a key which currently contains the ACE: Administrators: Full Control, and you use Regini to place the Everyone: Read ACE on the key, the Administrators ACE is replaced, and the only remaining ACE is the one with Everyone: Read.
You can, of course, use multiple permission numbers within a single Regini script. The listing below shows an example of using Regini’s security permissions capabilities, using the key I created in a previous listing.
HKEY_LOCAL_MACHINE\Software
ABC Corp. [1 5 13 17]
Note that I could have also written this as
HKEY_LOCAL_MACHINE\Software\ABC Corp. [1 5 13 17]
with equal success. Figure 9 shows the results of running the script in the first of the two listings.
Tip: When Regini succeeds in changing permissions on a key, it does nothing in the way of logging to tell you all is well. Unlike additions or deletions to keys or values, Regini security changes simply return to the command-line when they succeed. When they don’t succeed, you get error messages, usually indicating bad syntax.
WinConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
SharePointConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
VMworld 2008 - Sign Up Today! Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.
Microsoft® Tech•Ed EMEA 2008 IT Professionals Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.
Order Your Fundamentals CD Today! Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Are You Really Compliant with Software Regulations? View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.
Virtualization Congress Oct. 14-16 in London Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.
Windows IT Pro
Register
