Blog: Registry

I was using a scanning tool to scan some servers and workstations.  I could pull some information from the scan, but it would fail when attempting to collect information via Remote Registry.  After checking that the Remote Registry service was started and the firewall was not enabled, I attempted to connect to one of the systems remotely using regedit instead of the scanning tool.  The connection would appear to succeed, but as soon as I attempted to click on an entry, I would get an error message “Cannot open HKEY_LOCAL_MACHINE: Error while opening key.”  [more]After doing some research, I found this TechNet article (http://support.microsoft.com/kb/892192).  It explains that systems that were upgraded from Windows 2000 may experience this issue because Windows 2000 ran Remote Registry under the “Local System” account, while XP/Server 2003 runs it under the “Local Service” account.  Once you give “Local Service” read access to a specific registry subkey on the target system, Remote Registry works.

Have you noticed how Windows Explorer sorts files with numbers in their name not how you would expect?  If you have items named IE4, IE401, IE5, you would expect them to be listed like this:
IE4
IE401
IE5

Instead, they are listed like this:
IE4
IE5
IE401

This is a little strange, since this sort order is used nowhere else by default.  Windows lists the entries in this order because the number 401 is larger that 5.  I got tired of this, so I finally did some searching and found an old Microsoft Knowledge Base article from 2007, http://support.microsoft.com/kb/319827, which still works on Windows 7.  You just create this registry entry: [more]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoStrCmpLogical"=dword:00000001

P.S.  There is -v option to the ls program on most UNIX type systems to sort directory output like this.  The v is for version - to list files with version numbers in order.

The time would not stay synchronized on my Windows 7 machine.  It looked like it was configured to sync with DC3, but it was not working.  After some research I found a hotfix, http://support.microsoft.com/kb/978714, that fixed it.  I used this command to configure the time synchronization:

w32tm /config /manualpeerlist:time-a.timefreq.bldrdoc.gov /update /syncfromflags:manual

See http://support.microsoft.com/kb/223184 for additional settings in the registry.  This KB article is for Windows 2000.  I could not find a KB article for Windows 7, but I think most of these settings still work.  There are other documents from Microsoft about this, but I just liked this KB article best.

Find the container for the software within the Uninstall path in the registry.  Usually there is a description within that says what program it is tied to.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*Install Container*

Registry DWORD values that can be added are “NoRemove”, “NoRepair”, and “NoModify”.  Setting these values to 1 enables the setting or use 0 to disable.  You can use these settings to keep users from manually being able to remove, repair, or modify specific programs.

Using Explorer from my laptop has been frustratingly slow any time network drives were visible in the left-hand pane. Any time I'd switch to a different program and switch back, it was a slow process (15-30 seconds) of Explorer enumerating each network drive, with a visible delay in the seconds range for each network drive.  While researching network performance for another customer, I came across a way to dramatically reduce the amount of time Explorer takes to enumerate these drive letters.  Apparently, when Explorer connects to a network resource, it searches the networked computer for scheduled tasks.  You can turn this off by deleting the following registry key and rebooting:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\

Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} 

After making that change Explorer now enumerates the drives in five seconds or so.

Out of the box, Windows XP doesn’t have Remote Desktop enabled for connecting in to the PC.  You can access the registry of the remote machine and change the setting that will allow access (at least to administrators).

The target PC must have remote registry service enabled.  If it isn’t, you can open services.msc and connect to the remote PC and start it.

The next step is to open regedit and connect to remote PC.  Look for the following Registry key:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnection

Set the value to 0 to enable Remote Desktop, or 1 to disable.

A while back, before the recent VMware ESX upgrade, I was having problems logging into the VC server. As soon as the main console window would pop up, I’d receive “Exception has been thrown by the target of an invocation”. The fix, which I found in the VMWare forums, is to open regedit, go to HKEY_CURRENT_USER/Software/VMWare and delete both entries (Virtual Infrastructure Client and VMWare Infrastructure Client). Doing this, and making sure the compatibility setting was set to Windows XP, let me in successfully.  [more]

http://communities.vmware.com/thread/119422

In a story published at PCWorld.com yesterday, Symantec is blaming Microsoft for registry corruption after installing XP SP3

 http://www.pcworld.com/article/id,146228/article.html

When making registry changes, it is a good practice to export the key first.  But many times, we are adding new items and not just modifying values on existing items.  So if you import from the file you exported to, it does not remove the new items that were added.  To do that, add a line at the top of the registry file with a minus in front of the key, like this, for example:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]

This will cause this key, all it's subkeys, and items to be removed first, then the rest of the information will be added back.  If the key does not exist, then no error occurs.  This is probably a good practice to follow when putting together a .REG file to deploy so that nothing else will be under that key.