1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 965202095 謝承璋 2008 年 05 月 07 日.

Slides:

Advertisements

Similar presentations

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.

Advertisements

1 Module 7 Configuring the Windows NT Environment.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.

Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.

Mastering Windows Network Forensics and Investigation Chapter 8: The Registry Structure.

The Windows Registry Adapted from

Chapter 3: Configuring the Windows Vista Environment.

Registry Analysis What is it? What does it contain?

Registry Structure What is it? What does it contain?

The Windows XP Registry : MCSE Guide to Microsoft Windows XP Professional.

Hands-On Microsoft Windows Server 2008

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Application Repackaging - Naushad Ali T Doddamani.

Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.

Operating System & Application Files BACS 371 Computer Forensics.

Working with the Windows XP Registry

Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.

OS and Application Files BACS 371 Computer Forensics.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS12: Scripting The Registry.

Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.

COMP1321 Digital Infrastructure Richard Henson February 2012.

2 © 2004, Cisco Systems, Inc. All rights reserved. IT Essentials I v. 3 Module 6 Windows NT/2000 Operating Systems.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

A+ Guide to Managing & Maintaining Your PC, 8th Edition

SIR SONS IN RETIREMENT Computer User Group.

1 Chapter Overview Understanding the Boot Process Editing the Registry Using Startup and Recovery Tools Safe mode LastKnownGood configuration Advanced.

Chapter 4 Optimizing Windows

Ch 11. Services A service is a specialized program that performs a function to support other programs Many services operate at a very low level – Interacting.

Information and Process Management Kevin Jacobson.

A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 8 Managing and Supporting Windows XP.

Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.

计算机系信息处理实验室 Lecture 6 Management Mechanisms

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

Windows NT Chapter 13 Key Terms By Bill Ward NT Versions NT Workstation n A desktop PC that both accesses a network and works as a stand alone PC NT.

5. Windows System Artifacts Part 1. Topics Deleted data Hibernation Files Registry.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 13 Understanding and Installing Windows 2000 and Windows NT.

Windows Registry Application Developer Issues SIG North Texas PC Users Group January 11, 2003 Daniel Ogden SIG Co-Leader

Windows 7 Inside Out Chapter 21 - Performing Routine Maintenance Last modified

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 7 Under the Windows Desktop McGraw-Hill.

1 Chapter Overview How Windows 98 Works How Windows 2000 Works Managing Windows.

Windows Server 2008 Chapter 3 Last Update

Chapter 3 Configuring the Windows Server 2008 Environment

Windows Vista Inside Out Chapter 24 – Recovering From an Computer Crash Last modified am.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 23 – The Registry.

1 Windows 98 Ancillary Systems x The Process Scheduler provides system resources. The Windows Driver Model (WDM) allows Windows 98 and Microsoft Windows.

Chapter 4. Management Mechanisms The Registry 謝承璋廖哲民黃景詮楊萍華 2008 年 05 月 07 日.

Supporting Windows 9x Chapter 12 Key Terms By Bill Ward.

Cody, Brian, and Jerry. Contains configuration options for a boot menu. The file is hidden and read-only to protect it from user configuration. Microsoft’s.

Lecture 12. Windows registry Structure of the registry Loading and storing data in registry.

IT Essentials 1 Chapter 5 Windows 9x Operating Systems.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

Managing Services and Registry Chapter 16 powered by dj.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 7 Under the Windows Desktop McGraw-Hill.

Linux Operations and Administration

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

ACCESSDATA® FORENSICS Windows 7 Registry Introduction

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 7 Under the Windows Desktop McGraw-Hill.

Registry Forensics COEN 152 / 252. Registry: A Wealth of Information Information that can be recovered include:  System Configuration  Devices on the.

Chapter 8 Server Management: Directories & Software Directory Structure Creating A Directory Directory Properties Setup Wizard Registry Installing/Uninstalling.

Copyright © 2016 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fifth Edition Copyright.

Management Mechanisms

Under the Windows Desktop

Tutorial 13 Windows Registry.

Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools

Windows Under the Hood Chapter 13.

Windows Registry: Introduction

Presentation transcript:

1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 謝承璋 2008 年 05 月 07 日

2 Introduction The registry is the repository for both systemwide and per-user settings. Regedit.exe A tool for editing the registry. Windows Server 2003 Deployment Kit fo/reskit/deploykit.mspx. fo/reskit/deploykit.mspx

3 Registry Usage 3 principal times that configuration data is read: During the boot process. During login. During applications' startup. On an idle system there should be no registry activity.

4 Registry Data Types The registry is a database whose structure is similar to that of a disk volume. The registry contains keys, which are similar to a disk's directories, and values, which are comparable to files on a disk. A key is a container that can consist of subkeys or values. Values store data. Top-level keys are root keys. Only root keys are not subkeys.

5 Registry Data Types (Cont.) Regedit displays the unnamed value as (Default). The majority of registry values are REG_DWORD, REG_BINARY, or REG_SZ. The REG_LINK type lets a key transparently point to another key or value. Links aren't saved; they must be dynamically created after each reboot.

6 Registry Value Type Table 4-1. Registry Value Type ValueDescription REG_SZ Fixed-length Unicode string. REG_BINARY Arbitrary-length binary data. REG_DWORD32-bit number. REG_LINKUnicode symbolic link.

7 Table 4-2. The Six Root Keys Root KeyDescription HKEY_CURRENT_USERData associated with the currently logged-on user HKEY_USERSInformation about all the accounts on the machine HKEY_CLASSES_ROOTFile association HKEY_LOCAL_MACHINESystem-related information HKEY_PERFORMANCE_DATA Performance information HKEY_CURRENT_CONFIG Current hardware profile

8 Registry Logical Structure Why do root-key names begin with an H? Because the root-key names represent Windows handles (H) to keys (KEY).

9 HKEY_CURRENT_USER The HKCU root key contains the preferences and software configuration of the locally logged-on user. It points to the currently logged-on user's user profile, located on the hard disk at \Documents and Settings\ \Ntuser.dat.

10 HKEY_USERS HKU contains a subkey for each loaded user profile and user class registration database on the system. It also contains a subkey named HKU\.DEFAULT that is linked to the profile for the system.

11 HKEY_USERS (Cont.) The following registry value defines the location of system profiles HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory. It is by default set to %SystemDrive%\Documents and Settings.

12 Figure 4-1. The User Profiles Management Dialog Box

13 HKEY_CLASSES_ROOT The data under HKEY_CLASSES_ROOT comes from two sources: 1. The per-user class registration data in HKCU\SOFTWARE\Classes 2. Systemwide class registration data in HKLM\SOFTWARE\Classes

14 HKEY_CLASSES_ROOT (Cont.) The reason that there is a separation of per-user registration data from systemwide registration data is customizations. Nonprivileged users can read systemwide data. They can add new keys and values to systemwide data (which are mirrored in their per-user data). But they can modify existing keys and values in their private data only.

15 HKEY_LOCAL_MACHINE HKLM is the root key that contains all the systemwide configuration subkeys: HARDWARE SAM SECURITY SOFTWARE SYSTEM.

16 HKLM The HKLM\HARDWARE subkey maintains descriptions of the system's hardware and all hardware device-to-driver mappings. HKLM\SAM holds local account and group information, such as user passwords, group definitions, and domain associations. HKLM\SECURITY stores systemwide security policies and user-rights assignments. HKLM\SAM is linked into the SECURITY subkey under HKLM\SECURITY\SAM.

17 HKLM (Cont.) HKLM\SOFTWARE is where Windows stores systemwide configuration information not needed to boot the system. HKLM\SYSTEM contains the systemwide configuration information needed to boot the system, such as which device drivers to load and which services to start. last known good control set

18 HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG is just a link to the current hardware profile, stored under HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current.

HKEY_PERFORMANCE_DATA You won't find HKEY_PERFORMANCE_DATA by looking in the Registry Editor. This key is available only programmatically through the Windows registry functions, such as RegQueryValueEx. Performance Data Helper API (Pdh.dll). 19

Figure 4-2. Registry performance counter architecture 20