Registry Tweaks

Tweaking the Vista registry by Guy Thomas

Page 1

Tweaking the Registry

by

Guy Thomas

May 2007


Page 2

Contents

Contents ..................................................................................................................................................2

The Purpose of this Ebook.......................................................................................................................3

What is Tweaking the Registry? ..............................................................................................................4

Getting Started with Regedit...................................................................................................................5

Launching Regedit ...................................................................................................................................6

Guy's Five Stages of Registry Tweaking - Which stage are you at?.........................................................8

1) AutoAdminLogon ..............................................................................................................................11

2) AutoPlay

- NoDriveTypeAutoRun......................................................................................................14

3)

CachedLogonsCount..........................................................................................................................17

4) Change the Name of Your Computer Icon........................................................................................19

5)

Copy To ContextMenuHandlers ........................................................................................................21

6) Delete Roaming Cache ......................................................................................................................23

8) Hide Public Folder .............................................................................................................................26

9)

Remove Arrows on Shortcuts............................................................................................................29

10) RegisteredOwner ............................................................................................................................33

Connect Network Registry ....................................................................................................................35

How to Create .Reg Files .......................................................................................................................40

Examples of .Reg Files ...........................................................................................................................46

Vista's Registry Structure ......................................................................................................................51

Windiff

Find Settings in the Registry ..................................................................................................55

Guy's List of Vista Regedit Tips..............................................................................................................62

Best Practice for Editing the Vista Registry ...........................................................................................66

Follow-up...............................................................................................................................................66


Page 3

The Purpose of this Ebook

The Purpose of this Ebook

This ebook is designed to explain the workings of the registry.

Studying my detailed examples offer a

middle way between buying a third party program to tweak the registry, and discovering the joys of hacking the registry by trial and error.

If you buy a utility, its front end masks the finer points of the registry.

If you learn by trial and error, what happens when you meet error?

Unlike a typo in a report, a mistake in the registry could render your computer unusable.

I thoroughly enjoy tweaking the registry, and I want to distil the best of my experiences and pass them on to you.

While, I have a section on troubleshooting, each page also has two or three learning points, each of which will advance your registry skills.

Even if you are already moderately experienced with regedit, I still hope that you will enjoy at least one or two of my favorite registry tweaks.

Registry Topics

What is the Registry?

Getting Started with Regedit

Guy's Five Stages of registry hacking

List of Registry Tweaks

1.

AutoAdminLogon (Logon without password)

2.

AutoRun (Control CD caddy)

3.

CachedLogonsCount

4.

Computer Name (Rename the Computer Icon)

5.

ContextMenuHandles (Add items to shortcut menu)

6.

Delete Roaming Cache

7.

PaintDesktopVersion (Display the Build Number)

8.

Public Folder (Control the display on the desktop)

9.

Remove Shortcut Arrow

10.

RegisteredOwner

Advanced Registry Section

Remote Registry Edit

Registry Structure

Create .reg files

Examples of .reg files

Windiff to find registry settings

Regedit Tips


Page 4

What is Tweaking the Registry?

There will be times when your research reveals that there is simply no GUI to configure a particular Vista setting.

Consequently, the only hope of solving the problem is to edit a value in the registry.

Another reason to acquire confidence at editing the registry, is so that you can repair a defective machine remotely.

Officially, you edit the Vista registry by adding keys, or modifying values, colloquially, this process is called 'tweaking the registry', or 'hacking the registry'.

If I have a hidden agenda it is that in general, learning should be fun, and in particular, that tweaking the registry should be satisfying.

To reinforce this 'let's have fun' message, many of my examples also have amusing anecdotes.

There is a serious side to editing the registry.

When a computer is not working properly, there are circumstances where editing the registry is the best troubleshooting technique.

My primary goal is to give you the skill, the practice, and above all, the confidence to launch regedit and change the registry settings.

My secondary goal is to persuade you to take sensible precautions, for example, export at least that particular registry branch before editing any values.

As usual, I have lots of worked examples, which I urge you to try on your own machine.

Each registry tweak has two aims; to solve a specific problem, and to provide general learning points, which help you to master regedit.

Most of the tweaks work equally well on Vista, XP and Windows Server 2003 registries, where there are differences I will explain what happens in each operating system.

What is Vista's Registry?

A collection of all the operating system's configurable settings.

A replacement for all those ancient .ini files.

A database for Group Policy settings.

A no-go area for amateurs!

A tool for troubleshooting operating system problems.

A back-end for Control Panel's front-end.

A vehicle for having fun while you tweak Vista's performance and appearance.


Page 5

Getting Started with Regedit

I will be giving you clear instructions to help you master tweaking the registry. Nevertheless, do take precautions. The best defence against a mistake would be to experiment with the registry on a test machine. My favorite technique for recovering from mini-disasters is to export the registry key BEFORE I start editing values. What I do in regedit is click on the File menu, Export, Selected Branch. Every other expert will tell you to backup the System State before you begin.

Registry Skills Progression

Launching Vista's Regedit

Launching XP or Windows Server 2003

Best Practice for Editing the Registry

Registry Skills Progression

To become expert at any task you need to acquire a range of skills. Because the registry is live, with no 'Simulate' button, and no safety catch, I have arranged the following techniques as a progression. Here is my sequence for mastering the registry along with examples of how to develop the corresponding technique.

Launch Regedit -

Simple exercise to get started with regedit

1.

Find Settings, Values and Data -

CachedLogonsCount

2.

Add setting to 'Favorites' - (Any, and every example)

3.

Export a registry key - (Before you make ANY change)

4.

Change an existing value -

PaintDesktopVersion, RegisteredOwner

5.

Rename an existing value -

Computer

6.

Create a new value -

AutoAdminLogon

7.

Create a new key -

ContextMenuHandlers, RemoveShortcut

8.

Import registry settings from a .reg file -

Examples

9.

Remote Registry Editing -

Get out of jail card


Page 6

Launching Regedit

Let us assume that your mission is to change a setting in Vista by using the registry editor.

1.

Click on the Vista Start Orb (Button)

2.

Click in the Start Search Dialog Box

3.

Type: regedit

4.

Press enter (or double click Program: regedit)

5.

See screenshot opposite

Note 1: Unlike other Vista executables, if you type just the first few letters, 'reg' or 'reged', Vista does not auto-complete the name of the program, you have to type the full name - regedit.

Note 2: Another clue that amateurs are not supposed to open the registry, is that the special editor, Regedit, does not appear on any Vista menu.

Note 3: The actual executable is called regedit, but for backwards compatibility with NT 4.0, it also responds to the name of regedt32.

Launching Regedit in XP or Windows Server 2003

The best executable to edit the registry is Regedit. (Rather than Regedt32)

Click on the START (Button), RUN, REGEDIT (Type), Click on the OK (Button).

Note 1: In Windows 2003 and XP Regedit remembers the last place you visited which is useful.


Page 7

.


Page 8

Guy's Five Stages of Registry Tweaking - Which stage are you at?

1.

Fear of a new language

2.

Wonderment at your power and skill

3.

Complacency - I can do anything

4.

Slip on a banana skin - Blind panic

5.

Respect for registry editing

1) Fear of a new language

At stage 1 of registry tweaking, you are anxious that you may destroy your machine. This is why you confine your registry activities to a test machine. When it comes to making changes, you confine activities to just altering a few values from zero to one. What this does is to enable, or activate, a feature that you may be reading about in a 'How to...' article.

Mastering the registry, means spotting new patterns; for example, do the instructions for the registry tweak start with HKEY_LOCAL_MACHINE, or HKEY_CURRENT_USER?

This leads us to thinking, 'does this setting affect the computer or does it control the user's configuration?'

2) Wonderment at your power and skill

After a few trips into the Vista registry, you begin to appreciate the sheer scale of the hives, folders, keys and values. Soon, you start to make sense of the data, for instance, you notice that String Value icons have a different pattern from DWORD icons. By now you realize that the names of the values are not case sensitive, the eccentric capitalization is just a way of making the names read more easily, for example AutoAdminLogon.

Whereas previously you only modified existing entries, as your confidence grows, you extend your repertoire by adding new values. However, at stage 2 you still remember to export your registry's 'Selected Branch' BEFORE you make any changes.

3) Complacency - I can do anything

At the third stage you reach the point where a little knowledge is dangerous. You discover Regedit's Edit menu with its 'Find'. More riskily, you learn how easy it is to import settings stored in .reg files. This allows you to add lots of settings to the registry quickly, just by double clicking a text file with .reg extension. You also apply my tip of using regedit's Favorites; consequently you find it easy to return to the most popular registry haunts.

Perhaps you also use Vista's Volume Shadow Copy. Thus you discover how to retrieve previous versions of the registry files from the %SystemRoot%\System32\config folder. Now the danger is that because you are having so much fun, you cannot imagine anything can go wrong. You start taking more risks. Occasionally you forget to export the registry before one of your experiments.


Page 9

4) Slip on a banana skin - Blind panic

One of life's rules is that complacency inevitably leads to disaster. Just as children who play with fire get their fingers burnt, so those who play risky games with the registry, come unstuck. Perhaps the biggest cause of registry tweaks that cripple a machine, is people changing settings that they don't understand. As a result, one day they switch on the Vista machine only to be greeted by the message: Machine will not boot. Stop 0x0000051.

Stop messages like the above cause your heart to beat faster. You realize that you have gone too far this time and have deleted a vital hive in the registry. At this stage it is a question of do or die. Either you vow never to touch regedit again, and complete your penance by rebuilding the machine from scratch, or you stay calm, apply your skill, overcome the disaster, and thus reach the fifth and final stage of registry hacking.

5) Respect for registry editing

Knowledge, power and respect form a triangle. If one side of this triangle is shorter than the others, then the whole structure topples over. In times of crisis remember your good practices, and run through your troubleshooting strategies. To repair a broken registry, as the Vista machine boots, press F8 and select 'Last Known Good'. This is particularly effective at restoring settings in the HKEY_LOCAL_MACHINE section of the registry. If that does not work then try booting into 'Safe mode'.

Provided you can get into the operating system, then you have a variety of tactics. Best would be to restore the registry from the system state backup, or a Regedit export. You did take precautions?

Didn't you?

If a restore is not possible, then try booting into a parallel installation, for example, install another copy of Vista

on the D: \drive. Where the stricken machine boots, but then hangs, one other possibility is to try and access the registry remotely from another machine. Remote registry editing is an art in itself and requires that you start the remote registry service, fortunately, you can do this remotely. As I say, remote registry is a black art which requires special techniques which I explain on this page.

Check out the SystemRoot%\System32\config folder, what you are particularly looking for is the .sav files, one day they could be your salvation. I once used a parallel installation to find this config folder, and then I renamed the 'system.sav' file to 'system', and thus repaired the Vista registry. Once the machine started, I was able to import a .reg file that I thoughtfully exported before trying a dodgy registry experiment.

In my humble opinion, you have to go through the catharsis of a registry disaster before you give this black art of tweaking the registry proper respect. Thereafter, you always have one eye on safety. You make those backups, and export that registry branch regularly.


Page 10

The Enigma of Tweaking the Registry

I have noticed that many registry components present a duality, I refer to this as: 'The enigma of tweaking the registry'; here are the pairs of elements:

Is tweaking the registry work, or is it play?

In which hive do you start?

HKLM or HKCU?

Do you edit an existing setting, or create a new value?

If we need to create a value, is it a DWORD or a REG_SZ?

Will your tweak require a reboot, or merely a logoff / logon?

Does the operating system setting teach you about the registry?

Or does the registry setting teach you about the operating system?


Page 11

1) AutoAdminLogon

The idea behind AutoAdminLogon is that a user(name) can logon at a computer without having to type a password. A typical scenario would be a test machine on a private network. With AutoAdminLogon enabled, when you restart the machine it automatically logs on a named user. The trick, which also its liability, is to set a value for DefaultPassword in the registry.

Topics for AutoAdminLogon

Instructions for Setting AutoAdminLogon

Key Learning Points

Addendum for Vista Home Editions

A real-life story starring AutoAdminLogon

Instructions for Setting AutoAdminLogon

1.

Type 'regedit' in the Start Search dialog box.

2.

Navigate to:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon

AutoAdminLogon = 1

3.

Create a new String Value called DefaultPassword

DefaultPassword = "P@ssw0rd"

4.

Check for the existence of a REG_SZ called DefaultUserName. The value should reflect the user who you wish to logon automatically. If this value does not exist, then right-click in the right pane, new, REG_SZ, name it, DefaultUserName.

5.

Optional Item: If your Vista Machine has joined a domain, create a String Value called DefaultDomainName

6.

Set the value to:

DefaultDomainName = "OnlyYouKnowDomain"

Here is a summary of the four key registry settings:

"AutoAdminLogon"="1"

"DefaultUserName"="xxx"

"DefaultPassword"="xxxx0xxxx"

"DefaultDomainName"="xxx.xxx". Definitely needed in a domain situation.

Key Learning Points

This was an exercise in adding new values to the registry.

Do you find the AutoAdminLogon value in HKCU** or HKLM?

Answer: HKLM


Page 12

Do you have to add a value, or modify an existing value?

Answer: Modify 0 --> 1.

Is it a String Value or a DWORD?

Answer: REG_SZ (String value).

Do you need to Restart, or merely Log Off / On.

Answer: Restart

Extra Information: With AutoAdminLogon you also need to create DefaultPassword, and possibly DefaultDomainName.

Creating a .Reg File

This page explains how to create, and then edit .reg files for your computer. As it's easy to import the contents of a .reg file into the registry, do take extra care with procedures.

Addendum for Vista Home Editions

I have been using AutoAdminLogon since NT 3.5, however, in Vista Home editions there is a much easier alternative, namely tick: 'Users must enter a user name and password'.

Navigate to the Control Panel, User Accounts and finally click on the Users tab, then remove the tick in:

'Users must enter a user name and password'. All you need to do next is type the password twice in the, 'Automatically Log On' dialog box. See screenshot. Once you restart Vista, it will logon that user automatically.

Double-check the logic of what you are ticking, or when you are setting a registry value to one. Half of all people who write and say 'Guy that tweak did not work', have not understood the logic, double negatives are a particular source of errors.

Before you try the above configuration, note: I did not, repeat, not find this setting in a machine which had joined an Active Directory domain.

A real-life story starring AutoAdminLogon

Guy's 3rd Law of computing states: 'The more security that you have, then the more work there will be for you'. This law certainly applies to complex passwords, where you need to remember a combination of uppercase, lowercase, number and squiggles (non-alphanumeric characters).

Let me give you an example of why I like the registry setting AutoAdminLogon, I was training a new Vista course containing two delegates from hell. The other ingredient was a new technician, who installed the default American keyboard layout; even though we were in London England, where naturally our keyboards had the UK layout.


Page 13

The course started with the delegates logging on to their Vista machines as Administrator with the password of P@ssw0rd. Have you guessed the problem?

The @ was not on the keyboard where the

delegates and I thought it would be, namely above the comma. Thanks to the USA / UK mixed setup, the @ was above the numeric 2.

Most of the first session was spent getting the 8 delegates just to logon. For the second exercise, they had to join a domain - that took the rest of the morning because after the restart they had to grapple with the complex password - again.

Over lunchtime I edited the registry, my aim was to activate AutoAdminLogon and thus configure an automatic logon without delegate input. You can see above how I achieved this in: Instructions for Setting AutoAdminLogon.


For my solution to work, I needed the same settings on all 8 machines. Thus from my machine I exported the HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon branch of the registry into a .reg file, which I then imported to each of the delegates machines. No more problems with logging on after that. Training is the classic place to try these naughty but nice tricks; another scenario for AutoAdminLogon is for test machines not connected to a production network.


Page 14

2) AutoPlay

- NoDriveTypeAutoRun

This registry hack will control what happens to AutoPlay when you put a CD into the drive caddy. Researching NoDriveTypeAutoRun, reminds me of a tip that I was given for playing chess; when you find a good move, look for an even better one. Previously I had known about plain AutoRun, but now I have found a more flexible registry setting, NoDriveTypeAutoRun.

Topics for NoDriveTypeAutoRun

Background to AutoPlay

Possible Values for NoDriveTypeAutoRun

Registry Instructions for NoDriveTypeAutoRun

Key Learning Points

Background to AutoPlay

Media Change Notification (MCN) messages from the CD-ROM driver, trigger the AutoPlay behaviour of the CD. However, if these messages are suppressed then the CD will not automatically start playing. You can disable AutoPlay by configuring the appropriate value of NoDriveTypeAutoRun (or NoDriveAutoRun) in the registry.

The benefit of using NoDriveTypeAutoRun, rather than NoDriveAutoRun, is that you can fine-tune which drives you wish to disable. For example, you can disable all network and all unknown drives from running AutoPlay, but allow CD-ROM drives to run AutoPlay, and thus start automatically.

Possible Values for NoDriveTypeAutoRun

Here below, is a table of the hex values to control AutoPlay on a variety of drives. The entries are a bitmapped value. To disable AutoPlay on a particular type of drive, set the bit representing that type of drive to 1. If you want to disable more than one type of drive, sum the hexadecimal values of the representative bits.

In XP, the default value for NoDriveTypeAutoRun is 0x95 (149). You calculate the figure by summing: 0x1 (unknown types), 0x80 (unknown types), 0x4 (floppy drives), and 0x10 (network drives). In Vista the default is 0x91 (145). Similar to XP, but without the floppy drive setting.

0x1

Disables AutoPlay on drives of unknown type.

0x4

Disables AutoPlay on removable drives.

0x8

Disables AutoPlay on fixed drives.

0x10

Disables AutoPlay on network drives.


Page 15

0x20

Disables AutoPlay on CD-ROM drives.

0x40

Disables AutoPlay on RAM drives.

0x80

Disables AutoPlay on drives of unknown type.

0xFF

Disables AutoPlay on all types of drives.

Registry Instructions for NoDriveTypeAutoRun

One interesting feature of NoDriveTypeAutoRun is that you can set the value in either HKLM** or HKCU. If you go overboard and configure both, then the Local_Machine over-rides the Current_User.

1.

Type 'regedit' in the Start Search dialog box.

2.

Navigate to this path:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

3.

If necessary create a dword called NoDriveTypeAutoRun

4.

Set NoDriveTypeAutoRun = 000000FF

5.

A value of 000000FF (decimal 255) disables AutoRun on all drives.

6.

Refer to the above table, and use a Hexadecimal calculator to compute the most suitable value for your machine.

7.

There is no need to logoff; the NoDriveTypeAutoRun setting should take effect straightaway.

Key Learning Points

Do you find the NoDriveTypeAutoRun value in HKCU** or HKLM?

Answer: Both! If there is a conflict then HKLM wins.

Should you add a value, or modify an existing setting?

Answer: In Vista modify to a hex value = 000000FF. Consult the above table for greater precision.

Answer: In XP or W2K3 you may need to create a DWORD called: NoDriveTypeAutoRun. Then set it a hex value of 000000FF

(Decimal 255)

Is NoDriveTypeAutoRun a String Value or a DWORD?

Answer: DWORD.


Page 16

Do you need to Restart, or merely Log Off / On?

Answer: Neither, changes to AutoPlay should occur as soon as you enter the value in the registry.

Tip: Add this Value, NoDriveTypeAutoRun to Regedit's Favorites menu

** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for HKEY_CURRENT_USER. These acronyms are so well known that you can even use them in .reg files; Vista will understand and obey the registry instruction.


Page 17

3)

CachedLogonsCount

A security hack may be a contradiction in terms!

However, I once had

a client who wanted to improve their laptop security, for them, minimizing cached logons was the answer. Another user with a different laptop wanted to increase their cached logons to 50; in both cases tweaking the registry was the only solution.

The default number of cached logons for a client such as Vista or XP is 10 (shortly to be increased to 25 in Longhorn). With a registry edit of CachedLogonsCount, we can reduce this to value zero. My client had laptops which operated on an Active Directory domain, and they did not want users (or hackers) to logon unless the laptop could authenticate with a domain controller. Since there is no GUI to reset the cached logons, this is a job for a registry tweak.

Topics for CachedLogonsCount

First Objective to get to the Winlogon registry folder

Second Objective to set the CachedLogonsCount value = 0

Key Learning Points

First Objective to reach the Winlogon registry folder

I have divided our task into two parts. Our first task is to find the correct part of the registry; our second task is to edit the actual registry value.

Method 1) Flashy

Launch regedit. Click on the Edit menu and then select 'Find'. Now type Winlogon in the Find what: dialog box. Put a tick in only the 'Keys' box, see screenshot to the right. The purpose of this technique is to navigate to the folder containing CachedLogonsCount as quickly as possible.

Note: If you don't tick, 'Match whole string only', you may have to press F3 two or three times until you see the following path at the very bottom of the regedit screen:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon

Method 2)

Safe and Sure

If Method 1 fails, then here is an alternative method, launch regedit and manually drill down to:

HKLM**\Software\Microsoft\Windows NT\CurrentVersion\winlogon.

Second Objective to set the CachedLogonsCount value = 0

The default value for the cached logons count is 10 (maybe increased to 25). Our job is to edit this REG_SZ value from 10 to zero. Before you go any further, check the path; there are at least four instances of 'Winlogon' in the registry.

Let us assume that you have reached: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon. The next task is to double-click CachedLogonsCount. If this setting is not present, no worries, just right-click in the right hand pane, and create a new REG_SZ called CachedLogonsCount.


Page 18

For increased security, double-click and change the value for CachedLogonsCount to 0 (zero). Alternatively, to give a laptop the maximum cached logons when it is away from its domain controller, set the value = 50 (maximum number)

CachedLogonsCount

Key Learning Points

Were you able to master: Find - 'Keys'?

Do you find the CachedLogonsCount value in HKCU** or HKLM?

Answer: HKLM

Do you have to add a value, or modify an existing setting?

Answer: Modify changing 10 --> 0. (or 10 --> 50)



Do you need to Restart, or merely Logoff / Logon?

Answer: Restart

This example merely edits an existing value.

Tip: F3 speeds up searching when using 'Find'.

** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for HKEY_CURRENT_USER. These acronyms are so well known that you can even use them in .reg files, Vista will understand and obey the registry instruction.


Page 19

4) Change the Name of Your Computer Icon

The idea behind this registry tweak is to control the label under the computer icon, which you see on the Vista desktop. The result is that the name reflects the true username and computername. For example, guyt (username) at Vista-Ultimata (computername).

Please note, unlike the cheap-shot where you just rename the Computer icon; this tip dynamically adjusts the name for each user who logs on.

Topics for Changing the Name of the Computer Icon

Instructions for LocalizedString

Screen Shot of LocalizedString

Key Learning Points

Preliminary Step

Before you try this impressive registry tweak, make sure that the Vista desktop displays the Computer icon. Right-click the desktop, Personalize and select: Change Desktop Icons. This tip also works for XP and W2K3, in these cases, make sure that you display the 'My Computer' on the desktop.

Instructions for LocalizedString

The mission is to find a specific class id (CLSID) in HKEY_CLASSES_ROOT, and then change the value for LocalizedString from 'Computer' to a variable which will reflect the user who logs on to this particular computer.

Launch Regedit and navigate thus:

0) Precaution: Rename the existing value:

Locate with regedit HKEY_CLASSES_ROOT\CLSID\

{20D04FE0-3AEA-1069-A2D8-08002B30309D} rename LocalizedString to LocalizedString.Old

1) Create a new VALUE. Note type should be Expanded String Value. Name it: LocalizedString

2) Edit the 'Value data'. I double click LocalizedString, then click in the dialog box and type: %Username% at %Computername%

Incidentally, you could choose more creative words in

place of 'at'. For example, 'King of' or 'Queen of'.

3) To see the fruits of your labours, just press F5 to refresh the desktop, your computer icon should now say the equivalent of: YourName at YourComputer.


Page 20

Another Screen Shot of Vista's Regedit

Here is an panoramic view of the registry showing regedit editing the Reg_Expand_SZ LocalizedString.

Key Learning Points

Before you make a difficult change to the registry, rename the existing key.

Preliminary step, make sure that Vista displays the Computer on the desktop. Right click, Personalize and select: Change Desktop Icons.

Do you find the LocalizedString value in HKCU** or HKLM?

Answer: neither, it's under HKEY_CLASSES_ROOT.

Do you have to add a value, or modify an existing setting?

Answer: Rename, then create a new value.


Answer: Neither it is an Expanded String.

Do you need to Restart, or merely Logoff / Logon?

Answer: Neither, just refresh the desktop by pressing F5.

Tip: Add this Value, LocalizedString to Regedit's Favorites menu



Page 21

5)

Copy To ContextMenuHandlers

Imagine this scenario:

You wish to copy a file from one folder to another.

What this registry tweak will do is place 'Copy To' on the Windows Explorer shortcut menu. Once you right click a file and select 'Copy to Folder', a dialog box opens inviting you to choose the file destination.

Topics for adding 'Copy To'

Instructions to Add Copy To to the Explorer Context Menu

Key Learning Points

Warning

Instructions to Add 'Copy To' to the Explorer Context Menu

1.

Launch Regedit and navigate to this key:

2.

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\

3.

Create a new Key. Name the new Key: Copy To

4.

In the right-hand pane, double click the existing REG_SZ called Default, and set the value to:

5.

{C2FBB630-2971-11d1-A18C-00C04FD75D13}

6.

Note: you do need the {curly brackets} for this CLSID.


Page 22

7.

Close regedit, no need to reboot or even logoff, just launch Windows Explorer, right click a file and experiment with the 'Copy To Folder' feature.

Addendum: You can create another registry entry, which Moves instead of Copies. In the CLSID, change C2FBB630 to C2FBB631 and repeat the above. The full name of the Move To value is:

{C2FBB630-2971-11d1-A18C-00C04FD75D13}

Key Learning Points

Keep you eye on CLSIDs

Do you find the ContextMenuHandlers value in HKCU** or HKLM?

Answer: Neither it is in HKEY_CLASSES_ROOT

Do you have to add a value, or modify?

Answer:

First, Add a whole new Key (Not just a new value) called Copy To

Second, Modify the REG_SZ called Default.

Is {C2FBB630-2971-11d1-A18C-00C04FD75D13} a String Value or a DWORD?



Answer: Neither, just launch another Windows Explorer, right click on a folder and test the 'Copy To'.


Warning:

While this 'Copy To' registry hack looks flash, it can give problems, Kevin M. kindly sent in this snippet of information.

When I select two or more files in Windows Explorer to open in Notepad or any other program, for every selected file - before opening it in the proper application - I first get a dialog asking me where to move the item. Cancelling this dialog brings up the next asking where to copy the file. Cancelling this dialog leads to opening of the file and bringing up the next files "move-dialog"! Pretty irritating!


Page 23

6) Delete Roaming Cache

The key question with the registry setting called DeleteRoamingCache is: 'Where does the cache get deleted?'

The answer is on the machine where you set the value, DeleteRoamingCache=1.

Here is a classic case of checking that your logic matches the registry's; in this instance, a value of 1 means: no roaming caches gets saved. To be clear, 1 means that all roaming profiles get deleted.

On the other hand, changing to DeleteRoamingCache=0, would be a double negative, don't delete, therefore you end up with roaming profiles.

Topics for DeleteRoamingCache

Background to Delete Roaming Cache

Registry Instructions for DeleteRoamingCache

Key Learning Points

Registry Screenshot of DeleteRoamingCache

Incidentally, this tip to delete a roaming user's cache is consistently voted near the top of any list of registry hacks.

Background to Delete Roaming Cache

This registry dword, DeleteRoamingCache, controls whether or not, the local computer saves a copy of a user's roaming profile when users logoff.

Roaming profiles are stored on a server. However, by default, when a user with a roaming profile logsoff, the system saves an additional copy of their profile on the local hard drive. This scheme was designed to give roaming users faster logon, especially when network traffic was busy.

The incentive to change the default behaviour occurs when lots of roaming users logon to one 'kiosk' machine. As a result, the disk fills up with profiles, and if it's unlikely they will ever logon again, you may as well make a registry tweak which deletes these unwanted roaming profiles.

Registry Instructions for DeleteRoamingCache

1.

Launch Regedit.

2.


**HKLM\Software\Policies\Microsoft\Windows\System

3.

Create a new DWORD called DeleteRoamingCache

4.

Setting a hex value of 00000001 deletes all local roaming profiles.

5.

See Screenshot below.

Registry Screenshot of DeleteRoamingCache


Page 24

Note the path at the very bottom of the screenshot:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System

Key Learning Points

Check your logic. Especially with the double-negative behavior of: DeleteRoamingCache = 0

Do you find the DeleteRoamingCache

value in HKCU** or HKLM?

Answer: HKLM.

Should you create a value, or modify an existing setting?

Answer: Create a DWORD called: DeleteRoamingCache.

Then assign it a hex value of 00000001

Is DeleteRoamingCache

a String Value or a DWORD?

Answer: DWORD.


Answer: Restart the local machine.

Tip: Add this Value, DeleteRoamingCache

to Regedit's Favorites menu.

** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for HKEY_CURRENT_USER. These acronyms are so well known that you can even use them in .reg files; Vista will understand and obey the registry instruction.


Page 25

7) Display the Windows Vista (TM) Build 6000

During the Vista Beta program it was important to display the correct Build number, that way you could see which version you were testing. Many 'techies' were disappointed because the final production version of Vista did not display its badge of honour - 'Build 6000'. This omission prompted me to do a little exploring in the Vista registry, and I came up with a value called PaintDesktopVersion.

Topics for PaintDesktopVersion

Instructions for PaintDesktopVersion

Key Learning Points

Instructions for PaintDesktopVersion

1.

Launch Regedit and navigate to this key:

2.

HKEY_CURRENT_USER\Control Panel\Desktop

3.

Scroll down and find the existing entry called PaintDesktopVersion. Double click and change its value to numeric one. Please note that there is no need to create this DWORD, as it's already there.

4.

Check you now see: PaintDesktopVersion = 1

5.

The default is PaintDesktopVersion = 0 meaning do not display the build number. Incidentally, this DWORD is also found in XP and Windows Server 2003.

Key Learning Points

A simple registry tweak to change a value from zero (setting disabled) to one (setting enabled)

Do you find the PaintDesktopVersion value in HKCU** or HKLM?

Answer: HKCU


Answer: Modify 0 --> 1

Is PaintDesktopVersion a String Value or a DWORD?

Answer: DWORD.


Answer: Log Off --> Log On and view: Build 6000

Tip: Add this Value, PaintDesktopVersion to Regedit's Favorites menu


Page 26

8) Hide Public Folder

If you want to hide Vista's Public folder then there is a registry tweak to control its display on the desktop. Incidentally, exploring this setting will help you to understand how to configure the desktop to your liking.

Topics for Hide Vista's Public Folder

Background on Hide Public Folder

Instructions for Hide Public Folder

Key Learning Points

Hide ALL Desktop Icons

Background on Hide Public Folder

As the name suggests, the Public folder is for storing communal documents. Vista sometimes displays a shortcut on the desktop to the physical folder at C: \Users\Public.

The GUI way to control which icons appear on the Vista desktop is by following this path:

Right-click on the desktop, select Personalize and then 'Change Desktop Icons'. However, as you can see from the screenshot, there is no option to check or uncheck 'Public'. Consequently we have a job for regedit.

Instructions for Hide Public Folder

1.

Launch Regedit

2.

Navigate to this key

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer \HideDesktopIcons

3.

Check that \HideDesktopIcons has two subfolders

ClassicStartMenu (Controls non-Aero themes)

NewStartPanel (Controls Aero Graphics)

4.

If a dword called {4336a54d-038b-4685-ab02-99bb52d3fb8b} exists in NewStartPanel, then simply change its value to hexadecimal 1. If there is no such dword, then this is how you create it.


Page 27

5.

With NewStartPanel in the left pane, right-click in the right pane, select New, then DWORD 32-bit, name the value: {4336a54d-038b-4685-ab02-99bb52d3fb8b}.

Note: you do need the {Curly Brackets}.

6.

To hide the Public folder on the desktop, set the dword value = 1.

To display the folder set the dword = 0.

Observe the menu bar at the bottom of the screenshot:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\NewStartMenu.

The significance is that you could, and should, repeat the above instructions for \HideDesktopIcons\ClassicStartMenu; the idea is to achieve the same setting for non-Aero themes.

Key Learning Points

As expected, Aero and non-Aero themes have different registry settings.

Do you find the HideDesktopIcons value in HKCU** or HKLM?

Answer: HKLM


Answer: Add a dword set the value to = 1

Is HideDesktopIcons a String Value or a DWORD?

Answer: DWORD.


Answer: Neither, just press F5 at the Vista desktop.

Tip 1: Add this Value, HideDesktopIcons to Regedit's Favorites menu

Tip 2: Incidentally, if you select the Vista desktop (just make sure it's the focus), hold down the Ctrl key, scroll the mouse, then you can alter the size of the desktop icons.



Page 28


This page explains how to create, and then edit .reg files for your computer. As it's easy to import the contents of a .reg file into the registry, do take extra care with procedures.

Hide All Desktop Icons

You can deal with the namespace icons such as My Computer, and the Recycle Bin via the Personalize menu. That leaves other shortcut icons which may clutter your desktop. Here is a registry tweak to remove all the other shortcuts from the Vista desktop.

Launch regedit and navigate to the following location:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel

1.

In the right-pane, create a new REG_DWORD {00000000-0000-0000-0000-000000000000}

2.

Double-click {00000000-0000-0000-0000-000000000000} and set it's value to 1

3.

Refresh the Desktop view by pressing F5 key.

4.

To reverse the changes, assign {00000000-0000-0000-0000-000000000000} a value of 0.

Note: If you use the Classic Start Menu, you need to create the REG_DWORD in this key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu

You can also hide all the desktop icons manually by right-clicking the Desktop, and uncheck Show Desktop Items.


Page 29

9) Remove Arrows on Shortcuts

I will show you two methods to remove the arrow on a Vista shortcut. One method involves editing IsShortCut in the registry, however, this setting has unpleasant side effects on the 'Favorites Icons'. The other method, Shell Icon, is superior, but involves copying an ico file (supplied) to the Windows folder.

Topics for Removing Arrows on Shortcuts

Method 1 - Shell Icons with Shell32.dll

Method 2 - Deleting IsShortCut

Key Learning Points

Remove Text from a Shortcut

Background Shortcut's Arrow

The shortcut arrow is actually an overlay, which is stored in the master icon file called shell32.dll. If you open this file, then you will see familiar icons for folders, CD Drives and Start Menu items (see screenshot). Now each icon has a number associated with it, and the shortcut's number is 29. What we will do is launch the registry editor, and redirect number 29 to a different icon, one that is transparent.

Incidentally, to see the shell32.dll icons, right-click any shortcut, select Change Icon and browse to windows\system32\shell32.dll.

Method 1 (Best): Remove Arrows with Shell Icons

Our mission is to tweak the registry so that we can remove arrows on shortcuts icon. As a preliminary step, make sure that you have a shortcut on your desktop, then you will be able to see the changes, for example, create a shortcut to calc.exe.

Please note: Unlike many registry hacks, this only works on Vista (and not XP).

Registry Instructions for Shell Icons Method

1.

Launch Regedit.

2.


** HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\

3.

Underneath \explorer, create:

a) A new Key called: Shell Icons (note plural)

b) In Shell Icons, create a new REG_SZ called: 29

4.

Assign to 29 a value of: %SystemRoot%\ \noarrow.ico,0


Page 30

5.

Note: noarrow.ico must refer to the name of the file that you add to the %systemroot% folder.

In other words, download noarrow.ico, extract the file and copy it to the \Windows folder.

6.

Once you have edited the registry, and copied the noarrow.ico file, then logoff and log back on again. (If something goes wrong, or you try several experiments, you may need to restart Vista.)

Screen Shot of Shell Icons

Key Learning Points

There are two methods, one for Vista and one for XP.

Do you find the Shell Icons have


Answer: Strictly speaking Shell Icons is a new key in HKLM


Answer: Create a new value AND create a new key

Is 29

a String Value or a DWORD?

Answer: String Value REG_SZ.

Do you need to Restart, or merely Logoff / On?

Answer: Logoff then log back on.

Noarrow.ico is a special blank, transparent ico file.

You could try an experiment and substitute:

%SystemRoot%\ \system32\shell32.dll,29

for %SystemRoot%\ \noarrow.ico,0

Regedit requires the double backslash before filenames, \ \ sytem32 is correct. What happens is that Regedit automatically strips out one of the backslashes.

Tip: Add this Value, CurrentVersion\explorer to Regedit's Favorites menu.


Page 31


If ever there was a case for creating a .reg file, then Shell Icons, is that case. This page explains how to create, and then edit .reg files for your computer. As it's easy to import the contents of a .reg file into the registry, however, do take extra care with all registry procedures.

Method 2:

Remove Arrows on Shortcuts by Deleting IsShortCut

Once again, I will show you how to remove arrows on shortcut icons. This method involves deleting a registry value, so I advise that you export at least the HKEY_CLASSES_ROOT\ linkfile branch of the Vista registry.

Side Effects of Deleting IsShortCut

If you delete the registry REG_SZ IsShortCut, then the Favorite Links disappear. Another problem occurs with the Media Center and Games Explorer, their shortcuts may be displayed, but they don't work when you click on them. On the other hand the Shell Icons method has no such side effects, although there is no arrow, the icon still launches the underlying program.

Registry Instructions for IsShortCut

1.

Launch Regedit.

2.


*** HKEY_CLASSES_ROOT\ linkfile

3.

Rename a REG_SZ called IsShortCut to IsNotShortCut

Alternatively, delete IsShortCut altogether.

4.

Seek more instances of IsShortCut. Here is a classic case for using 'Find' and F3 to search for more occurrences of IsShortCut. In particular, look for more instances of IsShortCut at:

HKCR\piffile and HKCR\WSHFile. You may even find more IsShortCut entries under HKLM\Software\Classes.

Key Learning Points

Do you find the IsShortCut


Answer: Neither, it's a HKCR (HKEY_CLASSES_ROOT).


Answer: Neither, rename, or even delete IsShortCut

Do you need to Restart, or merely Logoff / On?

Answer: Logoff then log back on.

Tip: Add this Value, linkfile

to Regedit's Favorites menu.



Page 32

*** Following this scheme HKEY_CLASSES_ROOT can be abbreviated to HKCR.

Follow-up - Remove Text from a Shortcut

It is also possible to remove the text label underneath a shortcut. The trick is to rename the shortcut with a null character, ASCII 255 is best.

Right-click on the icon which you wish to remove the text

Select Rename

Hold down the left Alt key, on the numeric keypad type 255

Troubleshooting - Removing text from Shortcut

Is the Num Lock on? or off?

It should be on with the light shining.

Are you holding down the left Alt key?

This technique did not work for me with the right Alt key (Alt Gr in England).

Just to get your 'eye in', open notepad and try Alt key 172. You should get a quarter character: ¼. Now try Alt 255 you should get a blank. Apply this techniques to renaming the shortcut.


Page 33

10) RegisteredOwner

When you buy a machine with Vista pre-installed, sometimes OEM's leave their name in your copy of Vista (or XP). A little research reveals that such names are stored in registry values called: RegisteredOwner and RegisteredOrganization. Here is a registry hack to edit the value to reflect your organization. As a bonus, I have an amusing story featuring Evans Twp and his experience of RegisteredOwner.

To see what I am talking about call for 'winver'. In Vista, click in the Start Search dialog box, and then type: winver.

Topics for RegisteredOwner

Instructions for Editing RegisteredOwner

Key Points for RegisteredOwner

The Story of Evans Twp and RegisteredOwner

Instructions for Editing RegisteredOwner or RegisteredOrganization

1.

Launch Regedit, navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ . Alternatively, in Regedit, click the Edit menu, Find, and then type: RegisteredOwner in the dialog box.

2.

Double click on the REG_SZ called RegisteredOwner.

3.

Change the value to a name of your choice.

4.

Repeat the above instructions for RegisteredOrganization.

5.

Exit Regedit and launch Start Search, type winver in the dialog box.

Key Points for RegisteredOwner

Is RegisteredOwner a value in HKCU or HKLM?

Answer: HKLM

Do you have to add a value, or modify?

Answer: Modify


Answer: String (REG_SZ).


Answer: neither, just type 'Winver' in Vista's Start Search dialog box.


Page 34

The Story of Evans Twp and RegisteredOwner

In my homeland of Wales, Twp (pronounced Tupp) means a stupid person. The IT manager of a company I was working with was called Evans, and in common with many mangers, he was not very IT literate. Consequently, one of the techies, Dai 'eighteen months', nicknamed this manager: Evans Twp. (Dai lost part of an ear in a Rugby scrum, and as a result, he only had an ear and a half!).

The IT department took on a new lad called Peter. Practical jokes are often part of the initiation ritual for new workers, and this company was no exception. Peter's first job was to install five new Vista Machines. During the scripted set-up he discovered the Organization Menu; he stopped and asked Dai 'eighteen months' what he should enter. Dai said, "Put Evans Twp in the box".

When Peter proudly showed off the new computers he was taken aback when Mr Evans went ballistic and accused Peter of undermining his authority. What happened was Mr Evans typed Winver in the Start Search menu, and saw that the 'Registered To' was: - Evans Twp. (Meaning: Evans the stupid one!)

I was visiting the company doing other work, when I heard of Peter's distress. Mr Evans told the poor lad that had to come in at the weekend and reinstall the machines, Mr Evans wanted the company name as the 'Registered Owner'. I took Peter aside and showed him how to launch Regedit and find RegisteredOwner. We found Evans Twp and changed it to Mr Evans. Peter was thrilled as it only took a moment to make the registry hack, and Peter went to the rugby match instead of sacrificing his weekend to perform re-installs.


Page 35

Connect Network Registry

Trust me, if you keep experimenting with Vista's regedit, then

one day

you are going to need, 'Connect Network Registry' to get you out of a pickle.

This page explains how to control the Vista Remote Registry service. If the service has not started, don't worry; I have a script which will start this service on any machine on your network (firewall permitting).

Topics for Remote Registry Editing

'Connect Network Registry' Strategy

Psycho and the Keyboard

Remote Registry - Starting the Service

Programs and Utilities that Depend on Remote Registry

Summary of Remote Registry Service

'Connect Network Registry' Strategy

Suppose you have a wounded machine that boots, but then hangs and the keyboard and mouse won't respond. In this situation the best strategy would be to try to access the wounded machine using Remote Desktop. Only if that does not work, resort to this remote registry connection method. Moreover, I realize that success depends on how the remote machine is configured. Specifically, whether Remote Desktop is disabled, or whether the Remote Registry service has started on the 'victim' machine.

As an aside, if you have two machines, then the idea of comparing a healthy machine with the damaged machine, is an underused troubleshooting technique.

Instructions for 'Connect Network Registry'

Connecting to the Registry on another computer is straightforward, provided you meet the pre-requisites.

Pre-requisites

The Remote Registry service has started on both machines.

You logon as an administrator.

You can connect to the other machine by typing the UNC path (\ \ machine) in the Start Search dialog box.


Page 36

Instructions

1.

Launch Regedit, and click on the File menu

2.

Look for: Connect Network Registry.

3.

In the Select Computer dialog box, type the name of the machine you wish to connect. Click OK.

4.

Optionally, click 'Check Names'

5.

If that does not work, investigate the Advanced settings.

Psycho and the Keyboard

Here is a scenario for remote registry editing. On a training course I had a Psycho user. He was nothing but trouble, arrived late, spilt coffee over his monitor and worse still, would not listen to instructions. As usual, I showed the delegates the AutoAdminLogon =1 setting. My purpose was to save them typing a difficult password, after each reboot required by the notes.

The problem started when for some bizarre reason, Psycho decided to disable his keyboard and mouse. After Psycho rebooted his machine, AutoAdminLogon, by design, let his account logon without entering a username and password. His machine was useless; you could use neither the keyboard nor the mouse. The full horror became apparent when we tried to use Last Known Good to revert to the previous setting. AutoAdminLogon had overwritten the old control set. His machine was as they say, 'stuffed' - a condition I would have liked to extend to Psycho.

Well, you've probably guessed the happy outcome, I logged on as administrator at another machine, launched regedit, and then selected 'Connect Remote Registry'. Once I opened Psycho's registry I drilled down to the keyboard and mouse setting using this path: HKLM, System, CurrentControlSet Services, i8042prt. Then it was a trivial task to change a REG_DWORD called Start from 4 to 1.


Page 37

I don't wish to spoil a good story, but I have to point out that the above rescue scenario was on a Windows Server 2003 machine. On Vista the keyboard and mouse driver is configured differently, consequently it no longer supports the above registry settings. 'No worries', as my Australian cousin says, the remote registry principle is sound. No doubt Psycho will find a new way of breaking your machine, and it is quite likely that remote registry editing will be the only way to recover from his stupidity.

Remote Registry - Starting the Service

Like Alerter, DNS and SMTP, Microsoft implements Remote Registry as a Windows service. One potential 'gotcha' is that the Remote Registry service is not started on the 'victim' machine. Fortunately, I am not going to be beaten, the answer is the following VBScript.

To start the Remote Registry services manually

1.

Click on the Start Button, in the Start Search dialog box, type: 'Services'.

2.

Scroll down the list of services until you come to the 'Rs', right-click Remote Registry, and select Start from the short-cut menu.

3.

One of my beliefs is that anything that you can do manually, you can do with a VBScript.


Page 38

Instructions for starting the Remote Registry Service with a script

1.

Copy and paste the script below into notepad.

2.

Save the file with a .vbs extension e.g. RemoteRegistry.vbs.

3.

Double click the script, then enter the names of the server.

4.

Wait for a confirmation message.

' RemoteRegistry.vbs

' Sample script to Start Remote Registry on strComputer

' www.computerperformance.co.uk/

' Created by Guy Thomas February 2007

' Version 2.4

' -------------------------------------------------------'

Option Explicit

Dim objWMIService, objItem, objService

Dim colListOfServices, strComputer, strService, strInput

strInput = False

' Creates the Input Message Box

Do

strComputer = InputBox("Which Machine? "_

," Remote Machine", strComputer)

If strComputer <> "" Then strInput = True

Loop Until strInput = True

' NB Spelling of RemoteRegistry (No space).

strService = " 'RemoteRegistry' "

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\ \ " _

& strComputer & "\ root\cimv2")

Set colListOfServices = objWMIService.ExecQuery _

("Select * from Win32_Service Where Name ="_

& strService & " ")

For Each objService in colListOfServices

WSCript.Sleep 1500

objService.StartService()

Next

WScript.Echo "Started " & strService & " on " & strComputer

WScript.Quit

' End of Example WMI script to Start / Stop services

http://www.computerperformance.co.uk/


Page 39

Learning Points

Note 1: The name for this service has no space, moreover you need to enclose " ' RemoteRegistry ' " in both double and single quotes.

Note 2: It may occur to you that you could amend the strService, and thus start other services such as, System Attendant on an Exchange server.

Programs and Utilities that Depend on Remote Registry

In addition to its obvious registry function, there other services and utilities that rely on the Remote Registry service: DCDiag, NetDiag and Terminal Services Licensing.

(There is a rumour that Remote Desktop requires the Remote Registry service, but on my machine I was able open a session with an XP Remote desktop, even though Remote Registry was disabled on the target machine. Do email me if you can shed any light on this rumour, or indeed you know of other services that require Remote Registry.)

Summary of Remote Registry Service

Practice with Remote Registry, keep in mind that day when you are going to need access to the registry of a sickly machine on your network - from afar. It's easy to forget that the Remote Registry service may not be started on the target machine. For that scenario, I have a VBScript which will restart the Remote Registry on another network machine.


Page 40

How to Create .Reg Files

This page explains how to create a .reg file. The idea is that you can double-click a .reg file and thus merge its values with those in your Vista registry. One advantage of a .reg file is that it is easy to apply; you don't need to drill down through endless keys, as you would with regedit. Another advantage is because it's a text file you can open with Notepad and then edit the values easily. An additional benefit is that .reg files provide their own built-in documentation for changes that you make to the registry.

Purpose of .Reg Files

How to Create .Reg Files with Registry Export

Open the .Reg File with Notepad

Dissecting the .Reg Files

How to Create a .Reg File with Notepad

Summary - Creating .reg files

Purpose of .Reg Files

The main purpose of .Reg files is to modify the operating system's behaviour by changing values in your registry. Perhaps you have seen such .reg files as part of a program's installation package?

It is deceptively easy to merge a .reg file with your registry, you simply double-click a text file with .reg extension. An alternative method is to introduce the values held in the .reg file by using regedit's import facility. Where you need to automate a registry change, you could script the command: path to .reg file.Whilst it is easy to import the contents of a .reg file into the registry, do make sure you know what you are doing. Remember that unlike clicking in a GUI, there are no internal checks on the consequences of changing the registry values. I leave creating and testing the content of the .reg files to other dedicated pages, on this page I want to concentrate on the general techniques for creating a .reg file.

Getting Started with .reg files

The easiest way to begin is by launching regedit, then select the value you are investigating and exporting that branch of the registry. Naturally, allow regedit to save the file with a .reg extension.

Once you have created the experimental file, examine it in Notepad. Right-click the file and then

select: 'Open with'. If necessary make changes to the values and then import the .reg file into the registry. When you have perfected the .reg, you can import its settings to different machines.


Page 41

How to Create a .Reg File with Registry Export

1.

Launch Regedit. Click on the Vista Start Button, type 'Regedit' in the 'Start Search' dialog box.

2.

Navigate to the area of the registry that you are interested in, for example:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

3.

File Menu - Export. From inside Regedit, click on the File menu, select Export and choose 'Selected Branch'. Note the .reg file extension.

4.

Remember the path. The default path will be 'Documents', however you may wish to save the .reg files into a dedicated folder, for example c:\ reg.

Open the .Reg File With Notepad

Beware, if you double click a .reg file the default behaviour is for Vista to try and add the contents to your registry. The best procedure for reading the .reg file is to right-click and then select 'Edit', or 'Open with', from the shortcut menu; what that does is open the xyz.reg file in notepad.

Example .reg file from the Winlogon registry folder.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"ReportBootOk"="1"

"Shell"="explorer.exe"

"Userinit"="C:\ \Windows\ \system32\ \userinit.exe,"

"VmApplet"="rundll32 shell32,Control_RunDLL \ "sysdm.cpl\ ""

"AutoRestartShell"=dword:00000001

"PowerdownAfterShutdown"="0"

"ShutdownWithoutLogon"="0"

"cachedlogonscount"="10"

"forceunlocklogon"=dword:00000000

"passwordexpirywarning"=dword:0000000e

"Background"="0 0 0"

"DebugServerCommand"="no"

"WinStationsDisabled"="0"

"DisableCAD"=dword:00000000

"scremoveoption"="0"

"ShutdownFlags"=dword:00000027


"DefaultUserName"="Guyt"

"DefaultPassword"="P££sw0rd"


Page 42

"DefaultDomainName"="cp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

Dissecting the .Reg Files

Registry Editor

Quite reasonably, the, very first line of your .reg file contains the name of the Registry editor. For Vista, XP and Windows Server 2003, the correct name is: 'Windows Registry Editor Version 5.00'. Older registries such as Windows 95 and NT 4.0 use 'REGEDIT4'. Later registries are backwardly compatible, thus Vista understands 'REGEDIT4'. Incidentally, even though Vista's regedit reports to be version 6.0 in its Help / 'About' menu, the .reg files that it creates report to be from Version 5.00, strange but true.


; Created by Guy Thomas


"Values"="settings"

Blank Lines

You need a blank line between each set of .reg paths. There is also a blank line between the Registry Editor Version, and the first path. There is no need for a blank line between individual entries for the same path. (See first example in the table in the page above.)

; Comments

If you create your own .reg file, then it is possible to place judicious comments by preceding that line with a semi-colon.


; Created by Guy Thomas. Purpose to display the Build Number on the desktop

[HKEY_CURRENT_USER\Control Panel\Desktop]

"PaintDesktopVersion"=dword:00000001


Page 43

The Body of a .reg File

The registry is huge. Consequently, one of the first lines in the .reg file is the path to the values you wish to merge. Observe the [square brackets] which enclose the path, for example:


One .reg file can contain multiple paths. For simplicity, I have truncated the exported .reg file (above) and not shown the second and third paths. If you try this export experiment you will see zillions of Group Policy settings underneath:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

A plain entry in the .reg file means a REG_SZ type of value, for example: "Shell"="explorer.exe". With hexadecimal entries, note the word dword to the right of the equals sign, for example: "passwordexpirywarning"=dword:0000000e. Incidentally, 0000000e in hex is 14 in decimal.

REG_DWORDS take only hexadecimal numbers, whereas REG_SZ are more flexible and take text or decimal numbers.

Deleting Registry Entries

The secret of deleting registry entries is to master the minus [-] sign. Earlier, I mentioned the phrase, 'add keys and values', strictly speaking, I should have used the word merge instead of add. The default behaviour is to keep all existing registry entries, and append the values in the .reg file. However, if the new value creates a conflict, the .reg setting wins.

If you want to delete an existing entry, then you need to master the minus sign. Here is an example,

to recap, we set DefaultPassword with:


To delete the value called DefaultPassword append equals and then minus, like this:

"DefaultPassword"=-

Note if you erroneously enclosed the minus sign in speech marks ("-"), then you would be setting the default password as equal to minus - probably not what you intended.

"DefaultPassword"=-

(Correct)

"DefaultPassword"="-" (Wrong)


Page 44

Registry Types

By far the most common registry types are REG_SZ (String Value) and REG_DWORD (dword). However, to see the full list, call for regedit and right-click in the right pane, select New, and now you should see a list of all the possible registry types, see the screen shot to the right.

Key - Means, give me a new folder, or a new container object.

String Value - Text or numbers.

Binary Value (REG_RESOURCE_LIST) - Machine readable 1 and 0 used by drivers.

DWORD (32-bit) Value - Hexadecimal value (not decimals).

QWORD (64-bit) Value - Hexadecimal, capable of even bigger numbers.

Multi-String (REG_EXPAND_SZ). String values separated by commas or spaces.

Expandable String Value - Expandable in the sense that they can contain variables which are resolved when a program calls for this data.

How to Create a .Reg File with Notepad

When you need to create your own .reg file, it is probably easiest to start with an existing file and modify its settings. One way to obtain such a file would be to export a branch of the registry using regedit. While it is easy to create your own .reg file, here is a reminder of a few simple syntax rules.

At the top, the file needs the name of the registry editor, for example:


Next comes a blank line. Then follows the path enclosed in [square brackets]



Once we have defined the folder in the registry that we wish to amend, then we can specify the values, for example:





Page 45

Here is the completed .reg file as seen in notepad. As you save, remember the .reg file extension, for example Auto.reg.






Observe the rhythm of the REG_SZ syntax, "ValueName" = "string". Obey the rules of the quotes, "Matching open and closing" speech marks. In the case of hex numbers, known as REG_DWORD, precede the final value with dword: and don't use speech marks for the right side of the equals sign, for example:

"ShutdownFlags"=dword:00000027 (Correct)

"ShutdownFlags"="dword:00000027" (Wrong)

@ At symbol

As you get more experienced with .reg examples, you may discover the @. Since the @ is found on the first line of the code proper, this is a clue that it means the default setting. Thus rather than saying

Default="xmlfile"

The .reg file uses: @="xmlfile"


[HKEY_CLASSES_ROOT\ .xml]

@="xmlfile"

"Content Type"="text/xml"

"PerceivedType"="text"

[HKEY_CLASSES_ROOT\ .xml\PersistentHandler]

@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"

Summary - Creating a .reg file

What I recommend is that you start learning the syntax and structure from an existing .reg file. You can obtain this special file by exporting a branch of the registry with regedit. Once you have an example .reg file, then pay close attention to the layout, start with the name of the Registry Editor Version, then a blank line, finally, the actual settings that you wish to merge with the registry.


Page 46

Examples of .Reg Files

The purpose of this page is to provide examples of .reg files. In addition, I will show you how to merge these text files with your registry.

How to transfer the .reg settings into the registry

What to do once you have applied the .reg file

AutoAdminLogon

Autoplay - Disable with NoDriveTypeAutoRun

Build Number and PaintDesktopVersion

Hide the Public Folder from the Vista Desktop

Increase Simultaneous Downloads

Rename the Computer Icon

Registered Owner - Classic Registry Editor Example

Roaming Profile - Disable

Shortcut - Remove Arrow

How to transfer the .reg settings into the registry

Typical Microsoft, there are at least three ways of transferring information from the .reg file. into your registry. There are also a couple of tricky ways that I only mention for completeness.

1.

Double-click the .reg file.

2.

Right-click the .reg file, select Merge from the drop-down menu.

3.

Launch Regedit then select, File (menu) Import.

4.

Execute the command: Regedit /s path to xyz.reg.

5.

Create a VBScript file employing the .regwrite method.

What to do once you have applied the .reg file

Once you have added the new values to the registry, what next?

How do you view the new settings?

You could take the ruthless approach and reboot the machine. Alternatively, you could run through this progression:

Press F5 - It works in some contexts, e.g. desktop settings

Close, then reopen the interface, e.g. Control Panel

Log off / Log on. Works well for many of the HKCU settings

Reboot, often the only way to see HKLM changes

Next, I have specific examples of .reg files.


Page 47

AutoAdminLogon

Here are the settings that you must change in order for my Auto.reg example file to work on your

system.


"DefaultUserName"="xxx"

"DefaultPassword"="xxxx0xxxx"

"DefaultDomainName"="xxx.xxx". Definitely needed in a domain situation.

Copy the settings below into a text file. Make the amendments to suit your machine and username, save the file with .reg extension, for example Auto.reg







Setting AutoAdminLogon requires you to restart the operating system.

Autoplay - Disable with NoDriveTypeAutoRun

Media Change Notification (MCN) messages from the CD-ROM driver trigger AutoPlay. However if, these messages are suppressed then the CD will not automatically start playing. You can disable Autoplay by configuring the appropriate value of NoDriveTypeAutoRun. Here is an example .reg file.


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveTypeAutoRun"=dword:00000091


Page 48

Build Number and PaintDesktopVersion

What this .reg file does is add a message displaying the Build Number to the bottom right of you desktop.

Copy the instructions below into a text file, save the file with .reg extension, for example Build.reg. Then refer to

How to transfer the .reg settings into the registry.


[HKEY_CURRENT_USER\Control Panel\Desktop]

"PaintDesktopVersion"=dword:00000001

Note this registry setting is a dword (and not a REG_SZ), consequently, observe the colon and the lack of speech marks around the 000000001.

Hide the Public Folder from the Vista Desktop


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\NewStartPanel]

"{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\ClassicStartMenu]


Note: There was no Public folder on my Vista Desktop, thus, to see this registry hack in action I created an additional 'opposite' script. In this script I set the value of each dword to zero:

"{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000000.

What this script below does, is to turn 'hide' off, in plain English, it displayed the Public folder on my Vista desktop.


Page 49

'Opposite' Script to Display the Public Folder


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\NewStartPanel]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\ClassicStartMenu]


Rename the Computer Icon

Is the example script below voodoo?

It sure is magic. The code below will change the desktop icon called 'Computer' to display:

Username at MachineName. Copy the instructions below into a text file, save the file with .reg extension, for example Computer.reg.


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}]

"LocalizedString"=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,\

25,00,20,00,61,00,74,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,\

00,72,00,6e,00,61,00,6d,00,65,00,25,00,00,00

Notice that LocalizedString=hex(2):

This is the way to script the data type called 'Expanded String'. What's encoded in hex is: %username% at %computername%.


Page 50

Registered Owner Classic Registry Editor Example

Let me take a wild guess. Your organization is not called "Computer Performance", and, your RegisteredOwner is not "Guy". My point is that you should make changes before you import my Owner.reg file.

Copy the instructions below into a text file, save the file with .reg extension, for example Owner.reg.


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]

"RegisteredOrganization"="Computer Performance"

"RegisteredOwner"="Guy"

Roaming Profile - Disable

Registry tweak to prevent roaming profiles saving on the local machine. Example registry .reg file.


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

"DeleteRoamingCache"=dword:00000001

Shortcut - Remove Arrow

Copy the instructions below into a text file, save the file with .reg extension, for example Arrow.reg. Note: For this .reg example to work, you must get noarrow.ico, unzip and copy to Vista's \windows folder.


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Shell Icons]

"29"="%SystemRoot%\ \noarrow.ico,0"

Summary of .reg examples

The technique is the same for all these.reg files. Copy my example into notepad, save the file with .reg extension, then double click and merge with your registry. Remember to include the name of the Registry Editor, also keep the second line blank. In order to see the fruits of your work, try this progression: press f5 (refresh), logoff / logon, finally try restarting your computer.


Page 51

Vista's Registry Structure

It really does help troubleshooting if you understand the registry's structure. In particular, knowledge of the layout will prevent you navigating to the wrong section. My foibles include thrashing around in the HKEY_LOCAL_MACHINE section, when I should be tracing a setting in the HKEY_USERS hive. Another of my common blunders is creating a REG_DWORD instead of a REG_SZ, or vice versa. While I still occasionally make these and other mistakes, thanks to my experience of the registry structure, I can soon correct my errors.

Topics for Vista's Registry Structure

Types of Registry Folders

Registry Data Types

Registry Files and Their Physical Location

Types of Registry Folders

The layout of the Vista registry is remarkably similar to that found in NT 4.0, Windows 2000 and XP.

Registry Folder or Hive

What it contains

HKEY_LOCAL_MACHINE

Holds configuration settings for the computer (no matter which user logs on).

Can be abbreviated to 'HKLM'.

HKEY_USERS

Contains all the actively loaded user profiles on the computer. More often than not, you would configure the subfolder under HKEY_CURRENT_USER which corresponded to a particular user. Most common of all, you would edit the HKEY_CURRENT_USER.

Subsets of Main Hives

HKEY_CLASSES_ROOT

HKCR is an alias of HKEY_LOCAL_MACHINE\Software. These settings ensure that the correct program opens when you launch Windows Explorer.

This information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. The HKEY_LOCAL_MACHINE\Software\Classes key contains default settings that can apply to all users on the local computer. The


Page 52

HKEY_CURRENT_USER\Software\Classes key contains settings that override the default settings and apply only to the interactive user.

HKEY_CURRENT_CONFIG

Contains settings which control the hardware profile that is used by the computer at startup.

HKEY_CURRENT_USER

Contains the settings for the user who is currently logged on. HKCU for short

Registry Data Types

Data type

Common Name

Description

REG_DWORD

DWORD Value

Data represented by a 32-bit integer (4 bytes long).

REG_SZ

String Value

A fixed-length text string. However, REG_SZ can also hold numbers.

The above REG_SZ and REG_DWORD are by far the most common registry types. However, I include the other types below for completeness.

REG_MULTI_SZ

Multi-String Value

A multiple string. A data type capable of holding

more than one value. Separate each entry by spaces, commas, or other marks.

REG_EXPAND_SZ

Expandable String Value

A variable-length data string. This data type is by system variables.

REG_BINARY

Binary Value

Raw binary data. Displayed in hexadecimal format.


Page 53

REG_QWORD

QWORD Value

Data represented by a number that is a 64-bit integer. This data is displayed in a Binary Value.

REG_RESOURCE_LIST

Binary Value

A series of nested arrays, designed to store a resource list.

REG_RESOURCE_REQUIREMENTS_LIST

Binary Value

A series of nested arrays that are designed to store a device driver's list of possible hardware resources.

REG_FULL_RESOURCE_DESCRIPTOR

Binary Value

A series of nested arrays that is designed to store a resource list that is used by a physical hardware device.

REG_LINK

Link

A Unicode string naming a symbolic link.

REG_NONE

None

Data with no particular type. This data is written to the registry by the system or applications and is displayed in Registry Editor in hexadecimal format.

Registry Files and Their Physical Location

Registry Hive

Supporting files in \ Windows\ System32\ Config

HKEY_LOCAL_MACHINE\SAM Sam, Sam.log, Sam.sav


Page 54

HKEY_LOCAL_MACHINE\Security

Security, Security.log, Security.sav

HKEY_LOCAL_MACHINE\Software

Software, Software.log, Software.sav

HKEY_LOCAL_MACHINE\System

System, System.alt, System.log, System.sav

HKEY_CURRENT_CONFIG

System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log

HKEY_USERS\DEFAULT Default, Default.log, Default.sav


Page 55

Windiff Find Settings in the Registry

Windiff is Microsoft's most underused utility. When it comes to exploring the registry, Windiff really is a hidden treasure. Time and time again, the situation arises where you change a computer setting, and then you want to know where in the registry that setting is to be found. If your ultimate goal is to create a .reg file, start by researching the values with Windiff.

Windiff is the forgotten utility, not only amongst users, but also amongst Microsoft's development team. Microsoft have made no changes to Windiff since NT 4.0 days, it still has the same clunky interface. To be fair, perhaps they have taken the view that you cannot improve on perfection, Windiff does a superb job of comparing files, and highlighting the differences.

Topics for Windiff

The Windiff Master Plan

Windiff's Three Quirks

Case Study 1: Mysterious Disappearing Recycle Bin

Case Study 2: Vista Display Settings Change on Awaken

Get your copy of Windiff

The Windiff Master Plan

The master plan to discover a particular registry setting is deceptively simple:

Export the registry to a file, then change the setting using a GUI. Now export the registry again, and compare the before and after files in Windiff. With perseverance, you will isolate the place in the registry which held the GUI setting. Here are detailed instructions for mastering Windiff:

1.

Export 'All' the registry; please remember where you saved this file.

(The reason I say ALL is to be sure that you include the setting under investigation.)

2.

Use the normal GUI to make a change to the desktop, a menu, or any Vista feature that interests you.

3.

Export 'All' the registry - again, but naturally, save to a different file.

4.

Compare the two exported files using Windiff.

5.

Identify the registry area of interest. Find the values and data corresponding to your change. Be prepared to ignore non-significant areas of the files, for example, time stamps.

6.

Open the exported file in notepad. Cross reference your Windiff findings with the detail in notepad.

7.

If possible, create a .reg file with just the one setting to prove that you truly have found the correct area of the registry.


Page 56

Guy's Tactics

The practical challenges are overcoming Windiff's quirks, and also sharpening your registry research skills. What I often do is a preliminary experiment to identify potential areas in the registry, then I repeat the experiment but export only a 'Branch' rather than the whole registry. For example, for the first run through of Windiff choose to export 'All' the registry, but for the second run, export only the 'Branch' HKEY_LOCAL_MACHINE.

Stay flexible, decide whether to keep ploughing through Windiff looking for the crucial difference, or be ruthless, launch regedit and try another Export, Change, Export sequence. I also call for the assistance of Notepad, both to examine the registry entries and to create .reg files. Ultimate success is creating two .reg files, one turn the setting on, the other to turn it off.

Three Quirks in Windiff's

Before you start experimenting with the registry, there are three Windiff quirks that you should know about:

1) Files v Directories

Windiff compares directories as well as files. Make sure that you focus on: Compare Files... See screenshot showing the Vista File menu.

2) First File.. Second File - The Knack

Now for the most difficult knack of using Windiff. In order to make its comparison, Windiff asks you for two files - fair enough. Intellectually, this twin request is obvious, however, when it comes to the practical task it is not clear when Windiff is asking you for the first file......and when it is prompting you for the second file. Fortunately, once you are alert to the potential problem, and read the screen, then there is no problem - just The Knack.

To be frank, the very first time I used Windiff it all seemed a blur. I thought that there was something wrong with the program, it seemed to be asking for the same file twice rather than two discreet files. When I ran Windiff for the second, and subsequent times, I realized that the initial confusion was my fault. Read the above screenshots to see what I mean.

3) Show Identical Lines

If you allow Windiff to show all lines, including those lines where there is no difference, then you will get swamped with data. Thus I recommend going to Windiff's Options menu, and removing the tick next to 'Show Identical Lines'. What this does is filter the files, as a result you can concentrate on the interesting parts, the differences.


Page 57

Case Study 1: Mysterious Disappearing Recycle Bin

In a nutshell, the problem is that the Recycle bin mysteriously disappears from Vista's desktop. While I discovered how to recover the bin through the Desktop --> Personalize menu, my real goal was to find the setting in the registry. I wanted to find the value which controls 'show / hide' for the Recycle bin. Clearly this is a job for Windiff.

Windiff Method

As a preliminary step, make sure that the Recycle Bin is displayed.

(Desktop right-click -->Personalize).

Export 'All' the registry, file = DisplayBefore.reg.

Delete the Recycle Bin from the desktop.

Export 'All' the registry (again), file = DisplayAfter.reg.

Launch Windiff, load the First File = DisplayBefore.reg. Then load the Second File = DisplayAfter.reg.

To compare the differences, filter the entries by navigating to:

Options (Menu) remove the tick next to Show Identical Lines.

Windiff Results

As anticipated, exporting 'All' the registry produced a huge file with lots of possible entries that could be controlling the Recycle Bin. Once I filtered Windiff's entries, the most significant value was: {645FF040-5081-101B-9F08-00AA002F954E}.

Repeat the Windiff experiment,

but export only the HKEY_CURRENT_USER Registry Branch

File before = UserBinYes.reg, file after = UserNoBin.reg, see screenshot below.

This second experiment produced less data, thus it was easier to track down the critical value. Once again, {645FF040-5081-101B-9F08-00AA002F954E}, turned out to be the crucial registry entry. Additional research revealed that this is indeed the CLSID for the Recycle Bin.

Also, a difference of dword:00000000 and dword:00000001 made sense, since zero and one corresponding to: off / on or, hide / show.


Page 58

Proof that Windiff revealed the correct registry setting

My next experiment was to open the exported registry file in notepad. Then I truncated the file to include just the settings below: (Note the first two lines are needed by all .reg files; namely the reference to the registry editor, followed by a blank line.)


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]

"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]

"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000000

I also created a file with the 'opposite' setting: dword:00000001 instead of dword:00000000.


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]

"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]

"{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000001

If you save each of these two snippets into a .reg file, then you can employ the pair of them to toggle displaying the Recycle Bin on the desktop. Just remember after you apply the .reg file, then press F5 to refresh the desktop.


Page 59

Case Study 2:

Problem: Vista Display Settings Change on Awaken

The fine details of this problem are not important in our quest to understand how Windiff works. What this case illustrates is the classic technique of how to employ Windiff, and thus discover a registry setting. My actual problem was that when my Vista laptop went into sleep mode, the display resolution kept changing. Before sleep the resolution was 1280 by 800, but when Vista awakened, the display mysteriously moved down a resolution of 1024 by 768. This was irritating because the icons and text were distorted, and consequently, the menus were not so easy to read.

Windiff Experiment

Export the whole registry, file = DisplayBefore.reg.

Change the display settings from 1280 by 800 to 1024 by 768.

Export the whole registry (again), file = DisplayAfter.reg.

Launch Windiff, load the First File = DisplayBefore. Then load the Second File = DisplayAfter.reg.

Compare the differences. Chose Options (Menu) remove the tick next to Show Identical Lines.

Windiff Registry Comparison

Note that you can see the filenames in the grey bar near the top of the screenshot.

.\displayafter.reg:.\displaybefore.reg.

Double click on the top line, then wait a minute or so for Windiff to make the file comparisons.

Make sure that you check the options menu: Show Identical Lines is NOT selected.

Scroll down, but ignore hex data and ignore date values; what you are looking for is display resolution settings. For example, here is an interesting difference:


Page 60

DefaultSettings.YResolution="DWORD:00000300"

DefaultSettings.YResolution="DWORD:00000320"

(See screenshot).

Background research reveals that Hex 300 = Decimal 768. While Hex 320 is Decimal 800. Where have we seen 768 and 800 before?

Why in the display settings that we are

investigating.

It looks like we have found the crucial registry value DWORD DefaultSettings.YResolution.

Notepad comparison

Windiff highlights (literally) "DefaultSettings.YResolution"=DWORD:00000320

If you search through the DisplayBefore.reg file with notepad, then you find several entries in under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO]

"DefaultSettings.XResolution"=dword:00000500

"DefaultSettings.YResolution"=dword:00000320

Equivalent Settings

500 Hex = 1280 Decimal

320 Hex =

800 Decimal

Trap

When you are preparing the .reg file, the trap is to choose the wrong ControlSet. CurrentControlSet and ControlSet001 are usually one and the same. However, beware of configuring CurrentControlSet002, which is usually the Last Known Good, thus configuring ControlSet002 instead of ControlSet001 is likely to produce undesired effects.

Tricks and Good Practice

Don't be conned into thinking you have found the setting. Keep going through the 4 stage cycle until you can demonstrate with .reg file that you have found the correct value in the registry.

1) Export registry Branch

2) Change setting

3) Export registry Branch again

4) Compare the files with Windiff

By highlighting the word Branch, I want to encourage you to keep refining the area of the registry that you are researching. If you are lucky, or skilful, then you get the correct Branch first time. On the other hand if you are lazy or con yourself, then you get the wrong Branch, and your .reg file will be useless.


Page 61

Summary of Windiff

Windiff is a hidden gem for unearthing where to find a Vista desktop, or a menu setting in the registry. To master Windiff requires the painstaking approach of a research scientist. You also need to overcome Windiff's quirks, and then trawl through dozens of lines containing registry differences. Believe that sooner or later, you will discover the registry value that corresponds to the GUI setting.


Page 62

Guy's List of Vista Regedit Tips

Add to Favorites Menu

Regedit s Export and Import

Regedit's Find

Comparing Two Machines

Regedit's Own Help

Remote Registry Service

Best Practice for Editing the Vista Registry

Pay Attention to Detail

Best Practice

Add to Favorites Menu

Add to Favorites is a classic case of learning a technique in one area (IE7 or Mozilla) and applying the knowledge to another area - Regedit.

Regedit's 'Add to Favorites' is ideal for that moment when you have taken ages to find a value, yet you know that one day you will have to return to fine-tune the data. Tag the value by clicking on Regedit's Favorites menu, and choose 'Add to Favorites'. Fittingly, this is my most-loved Vista Registry tip.

Regedit s Export

The secret of editing the registry safely is to practice with Regedit's Export and Import until you achieve mastery. Once you have found a particular registry setting, and before you make any changes, pause, take a timeout - think, 'I'll Export Selected branch'.

Exporting is straightforward. Once you have found your registry value, click on Regedit's File menu and select Export. Decide whether to save 'All' of the registry, or just the 'Selected branch'. If I am going to examine the file in Notepad I export just the subset, rather than exporting 'All' of the registry.

The advantage of keeping the default .reg file extension is that if you double click the file, then you can merge the settings with the registry of the current machine. If you need to examine the file with Notepad, then right-click and choose 'Open with'. Alternatively, launch notepad first, and then open the .reg file by altering the 'Files of type' dialog box.


Page 63

As a by-product of trying a registry Export, you may ask questions such as, 'Where should I store all these .reg files?' I am afraid that only you know the answer to this location question.

Note 1: As an additional safety measure consider renaming the registry value. By this I mean rename the REG_SZ or DWORD. I admit that this tip is only really useful when you are making complex changes, for example, renaming the Computer Icon.

Note 2: In passing, this .reg extension may ring a few bells with files that you have seen when installing programs in Vista or XP.

Regedit s Import

My primary use of Regedit s Import is to return the registry to its former state. If the changes did not produce the expected result, then the surest way to return the registry to its previous state is to import the .reg file. This is the file that I carefully exported before I started experimenting. As you may expect, this regedit technique is very similar to an Export. You begin by launching regedit, then click on the File menu, Import, and navigate to the place where you saved the .reg file.

Microsoft provide at least two ways of performing most tasks, in the case of a registry import, you could also double click a .reg file and merge with the registry. Other methods include VBScript and Run, regedit /s file name.

Regedit's Find

If you click on Regedit's Edit menu, then you will see 'Find'.

To speed up your search, it is worth experimenting with the various boxes, therefore try ticking combinations of: Keys, Values or Data. In passing, 'Find' teaches us the correct terminology, Keys are the registry folders, while Values are the REG_SZ or DWORDs that we may be adding to the registry. Finally, we have Data in the form of a string or a hex number.

One use of 'Find' is to check that we have arrived at the correct place. What I do is press F3 to discover if there are indeed more instances of the value that I am editing. The trap is that you edit a value in the users section of the registry, HKCU, instead of the machine section, HKLM. A variation of the 'gotcha' is when editing the HKLM\System\ControlSets, what I want is the System\CurrentControlSet and not ControlSet2 or 3.

Addendum

While I did not like the IsShortCut registry tweak, F3 was indispensable for finding about 5 instances of this value.


Page 64

Look at the Keys

Here is another example of employing 'Find' to reach the Winlogon registry Key quickly. My point is to speed up your search, make full use of the three 'Look at' boxes, Keys, Values and Data.

Comparing Two Machines

One of the most under-used troubleshooting techniques is comparing the damaged machine with a similar, but healthy machine. While you can apply this simple idea for general troubleshooting, it really comes into its own when researching registry settings. I realize that one difficulty of this approach is that you many not know where in the registry to look for a particular value. One answer is to experiment at the healthy machine. Export the entire registry; make a change in the area that you are troubleshooting, then export the registry again. Now use the Windiff utility to investigate precisely which area(s) of the registry are affected by your actions.

Regedit's Own Help

I have a hidden agenda here; and that is cajoling you to try Vista's built-in help. While this is a thankless mission, I am determined to change attitudes. The young traditionally ignore help, while the old are jaundiced by bad experiences of help in earlier Windows systems. What I can say by way of encouragement, is that as an IT professional and a Microsoft MVP, I still learn something new every time I press F1, and open Vista's built-in help.

Here are two recent examples of Regedit's help.

1) During a registry restore, before I pressed F8, I needed to make sure that the Num Lock key was off; otherwise I could not make a selection from the restore options.

2) I asked help: Why are 'Unload Hive' and 'Load Hive' are greyed out?

The answer was I had to first select either HKUsers, or HKLM, but not Classes Root or Current User.

Continues


Page 65

Remote Registry Service

Imagine this situation: you are sitting at a machine and considering a new risky project for regedit. Now the question is, should you start the Remote Registry service?

If you do, then it will be easier to

troubleshoot problems from another machine. The downside of allowing Remote Registry access is that it could open back-doors for hackers. In a nutshell, the decision to start the service is based on security rather than technical difficulty. Of all my Vista registry tips, Remote Registry editing is the technique to employ if you are troubleshooting why a machine hangs after booting.

To start the Remote Registry services

1.

Click on the Start Button, in the Start Search dialog box, type: 'Services'.

2.

Scroll down the list of services until you come to the 'Rs', right-click Remote Registry, and select Start from the short-cut menu.

3.

Another decision: Should you change the 'Startup Type' from 'Manual' to 'Automatic'?

My advice is choose 'Automatic' while you are experimenting with regedit. The danger is forgetting to set back to Manual when you have finished your task. See more on Connect Network Registry

Pay Attention to Detail

This is the situation: you are following instructions from TechNet, or applying a fix from an article on the web. My registry tip is this, get into the habit of seeking out the vital word. Begin by asking yourself, 'Am I modifying or adding this new setting?'

If you are adding, is it a whole key, or just a new value?

Be aware that while most values are REG_SZ, meaning "string data", there are also important REG_DWORD values, meaning hex data. With DWORDS, remember that their natural units are hexadecimal not plain decimal.

When you are editing the registry, one of the most annoying mistakes is to start at the HKLM registry hive, when you should be drilling down into the HKCU section. To make sure you in the right place, keep an eye on the menu bar at the very bottom of the regedit interface.


Page 66

Best Practice for Editing the Vista Registry

Before you make any changes to the registry settings, get into the habit of exporting at least that branch of the registry.

Backup the system state before you try anything radical in the registry.

Check out the .sav files in the \system32\config folder.

Research Volume Shadow Copy, and test how it restores a previous version of your registry files.

If your computer has a serious problem, which requires pressing F8 at boot-up, remember to try Last Known Good as your first recovery option.

Seek alternative methods; think laterally.

Instead of risking making changes with your registry editor, what else could you do?

I urge you to consider configuring a Group Policy rather than tweaking the registry.

Occasionally Vista may provide a new GUI to configure a setting, for example, instead of launching regedit and changing the value for AutoAdminLogon, you could launch the Control Panel --> Users and un-tick the setting called, 'Users must enter a user name and password.'

Learn how to perform a remote registry edit with: Connect Network Registry.

As you work through my registry examples, make a point of studying each page's 'Key Learning Points'.

Follow-up

If you find any error please email me [email protected]

Should you find any good registry tweaks, then please send them to me at the above email address.

Guy Thomas

May 2007.

This document was created with Win2PDF available at http://www.daneprairie.com.The unregistered version of Win2PDF is for evaluation or non-commercial use only.

http://www.daneprairie.com