4. NT Environment
The Registry provides a secure set of records containing hardware and software configurations.
The components that use the registry are the NT kernel (Ntoskrnl.exe), device drivers,
setup programs, hardware data, hardware profiles and user profiles.
The registry hierarchy is as follows:
- Hive - a body of keys, subkeys and values
- Keys and subkeys
- Values - containing name, data type and value
- Value data types - e.g. REG_DWORD which can be up to 8 hexadecimal digits.
There are 5 subtrees:
- HKEY_LOCAL_MACHINE - device drivers, services, applications, some boot data
- HKEY_USERS - two subkeys the SID and the default system settings for the logon screen
- HKEY_CURRENT_USER - interactive data of user
- HKEY_CLASSES_ROOT - contains software configuration data
- HKEY_CURRENT_CONFIG - active hardware data
The following are sub-keys in HKEY_LOCAL_MACHINE:
- HARDWARE - built each time the computer starts containing the type and state of devices.
Important subkeys are DESCRIPTION, DEVICEMAP, OWNERMAP and RESOURCEMAP.
- SAM - directory database, security information for user and group accounts.
- SECURITY - local security policy, e.g. user rights.
- SOFTWARE - software information such as manufacturer and version.
- SYSTEM - device driver, service information and operating system behaviour, the
most important subkeys are Clone, ControlSet001, ControlSet002,
CurrentControlSet and DISK. The big one here is CurrentControlSet
which you will see referred to many times throughout this document.
Use different hardware profiles for different hardware configurations such as a laptop in a docking
station. In Control Panel Devices and Services can access the hardware profiles.
Be aware that creating a 'network-disabled' hardware profile is not picked up by the Services
program or net start.
The registry editor can be used to determine which device is using an unlisted serial port (since this
does not appear in the Ports program in Control Panel. The key is
Display program is used for the display, the SCSI Adapters program for both SCSI and IDE
devices and the Tape Devices program for tape devices. Addition of a tape driver does NOT require
a system restart.
The UPS program in Control Panel is used to set up a UPS via a specially pinned out
serial cable on the COM port. The /NoSerialMice switch may need to be used in the
Boot.ini file to stop the UPS switching off when Ntdetect.com sends a detection signal.
The following options exist for UPS setup:
- Power Failure Signal
- Low Battery signal at least 2 minutes before shutdown
- Remote UPS shutdown
- Execute command File
- Expected Battery Life
- Battery recharge time per minute of run time
- Time between power failure and initial warning message
- Delay between warning messages
PC cards require the machine to be turned off before NT recognises them.
In System Properties the Startup/Shutdown tab allows you to reorder the choice of
Operating Systems and how long the boot menu appears for. Also, if there is a fatal
system error you can write an event to the system log, send an alert, write debugging
information to a specified file and automatically reboot.
The Performance tab in the System Properties program is where the virtual memory is configured.
The minimum paging file size is 2Mb, the default for NT Workstation is the total RAM plus 12Mb. For
NT Server the default paging file is the amount of RAM down to a minimum of 22Mb. Best performance
is achieved by moving the paging file off the boot partition and having a paging file for each
physical disk, provided that the controller can read/write multiple hard disks simultaneously.
Environment variables such as TEMP are strings containing drives, paths and filenames. These are set
in the Environment tab of System Properties.
*.ini files are used just for 16-bit applications, they contain duplicate information
in the registry.
You can prevent NT from searching the Autoexec.bat file by setting the registry parameter:
Regedit32.exe (located in winnt_root\System32) is the recommended registry
editor as it can look at security and auditing and has a read only mode. It can only search for a
KEY. Regedit.exe (located in winnt_root)
cannot do the aforementioned items but it can search for KEY, VALUES
and DATA. Regedit.exe is the Windows 95 version of regedit.
The winreg subkey which is located in
is optional and determines remote access to the registry.
The registry help file Regentry.hlp helps you with value ranges and instructions
for setting values.
NT Server Resource kit provides Remote Command Service (Rcmd.exe) allows remote
administration and running of command line programs. The client end is a command-line
program (Rcmd.exe) whilst the server end is a service (Rcmdsvc.exe).