Because most changes made to the system are made through means other than direct editing, you don't actually have to edit your own system very often. However, to make changes to another system, you might think you'd need to get up, go to the other system, and use the Control Panel.
Luckily, you don't need to do that. Instead, you can use either of the Registry Editors to make the changes remotely. Making a remote Registry change requires knowing where to find the settings, and what the values are supposed to be. Table 8.1 in Chapter 8, "Automatic Changes to the Registry," shows where the Control Panel makes changes to the Registry. Additional settings for remote changes are included in Chapters 12 through 27.
By using the remote Registry editing functions, you can save a tremendous amount of time in system administration. Be careful, though, because editing another system's Registry can be as dangerous as editing your own. Take the normal precautions of creating backups before making any changes to the Registry.
You can only edit a Windows NT system from another Windows NT system. Windows 95 will not edit an NT system. The only effective way to edit any system from NT is by using REGEDT32.EXE.
To open another computer's Registry with REGEDT32.EXE, choose Registry | Select Computer. The system automatically browses the network for computers that qualify for editing. (See Figure 11.1.) A system automatically qualifies if it is running Windows NT Server or Workstation and is a member of the domain. If you can see the target computer in the browse list, you should be able to edit it unless security permissions have been set to restrict the process. If you cannot see it in the browse list, you can still enter the computer name using the UNC (universal naming convention) name, allowing you to edit the Registry on that machine. That would be particularly useful in editing a system in a trusting domain, or those connected only as a member of a workgroup. To edit a machine called SERVER1, type \\SERVER1 in the blank.
After connecting to the remote computer, REGEDT32.EXE opens two additional windows: HKEY_USERS on system name and HKEY_LOCAL_MACHINE on system name. (See Figure 11.2.)
The AutoRefresh is not available for remote registries message indicates that any changes that the user makes to his own Registry while you are editing it are not shown to you, and any changes you make are not shown to the remote user. The main reason for this is to boost performance. Of course, none of the changes take effect until the user logs off and logs back on or restarts the system.
Figure 11.1. Browsing for available computers for remote Registry editing.
Figure 11.2. Available windows for editing on a remote computerand a warning.
Because the other handle keys are simply
mapped portions of HKEY_USERS and
HKEY_LOCAL_MACHINE, they are not shown. All editing must be done through
HKEY_USERS and HKEY_LOCAL_MACHINE.
The locations of the other handle keys are shown in Table
11.1.
Table 11.1. Handle keys and their respective locations.
| Mapped Handle Key | Actual Location |
| HKEY_CLASSES_ROOT | HKEY_LOCAL_MACHINE\Software\Classes |
| HKEY_CURRENT_CONFIG | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Profile Number |
| HKEY_CURRENT_USER | HKEY_USERS\User SID (Security ID number) |
With the connection in place, changes are made to the remote computer in exactly the same way as changes are made to your own systems.
Unless a user is a member of the Administrator's local group or the Domain Admin global group, he cannot edit a remote Registry. If you are a member of the Administrator's local group of a domain, you can edit any member of the domain, any member of a trusting domain, and any workgroup-connected NT computer on the network. The rights assigned to the Administrator's local group pass to the other machines.
If you are logged on as Administrator on a non-domain-connected computer, you can browse for, specify, and connect to any computer's Registry on the physical network, including those systems that are members of a domain.
WARNING: Security Breach! If anyone can log on to his local machine and edit any other Registry on the network, you have a major hole in your security. To partially plug that hole, use the Hide your server from the browser Registry change discussed in Chapter 18, "Windows NT Networking and the Registry." You would need to know the exact name of the server to edit its Registry. That name may be very easily obtained, however, by looking at any shortcut or printer share that uses the server. To increase security, never give users the administrator password to the local machine. In addition, Microsoft will patch this hole, at least partially, with the introduction of DFS (Distributed File Services) late in 1997. No longer will the actual server name be shown in the shortcuts and shares. By removing that information, it will be much more difficult to obtain the server name, and therefore, security will be increased.
To remotely edit another NT user's Registry, that
user must be logged on to the
network,
and you must know which machine that user is currently using. Then, you can edit
the user information that is loaded there. Or, rather than editing the information
that way, you can simply load the
information directly from the user's NTUSER.DAT
file in his profile directory, shown in Figure 11.3, which is where the system gets
all the user information for a domain-connected user. The system shows this information
in the
HKEY_CURRENT_USER handle key.
The information is also listed by the SID in the HKEY_USERS on the system
where the user is logged on.
Figure 11.3. Each user has a profile directory where his personal data is held.
To open Bob's NTUSER.DAT file, perform the following steps:
Figure 11.4. Loading NTUSER.DAT for Bob.
When
prompted for the key name, as shown in Figure 11.5, put in the user's name.
(Actually, any name can be used. The user's name is simply a placeholder.) Then edit
the user's information. (See Figure 11.6.)
Figure 11.5. Assigning a name for the NTUSER.DAT information.
Figure 11.6. HKEY_USERS with Bobs user information.
Make any necessary changes to the user's Registry settings, and then unload the hive
using Registry | Unload Hive. A warning dialog gives
you one last chance to make
sure all your changes are correct. (See Figure 11.7.) All data is saved for that
user. The next time the user logs on, those settings take effect.
Figure 11.7. Unloading the edited hive.
Using the Load Hive function makes it extremely easy to remotely edit any user's
information, whether he is logged on to the domain or
not. It is also very useful
for editing the user information for a user who is not a member of the domain.
For a Windows 95 system's Registry to be edited remotely, it must have remote administration enabled, and it must be running the remote Registry service. Windows NT automatically runs a remote Registry service, so you are required to make no changes at the NT system.
Remote registry service is not automatically installed with Windows 95. To install the service, which is only available on the CD-ROM, perform the following steps:
Figure 11.8. Setting up the remote registry service.
After you install the remote registry service, the User-level
access control radio
button must be enabled. Open the Network section of Control Panel. On the Access
Control tab (see Figure 11.9), select User-level access control, and supply the name
of the domain where the administrators are located. (This is
where you'll find the
list of groups and users for the remote administration service.)
Figure 11.9. Setting the User-level access control radio button.
WARNING: A change in the access control source in Windows 95 forces all shares to be lost. All shares in that system must be recreated. Share-level security information is stored only at the local system, but user-level information is stored in the domain controller.
To start the remote administration service on the Windows 95 system, go to the Passwords section of the Control Panel. Select the Remote Administration tab (as shown in Figure 11.10) and click the Enable Remote Administration of this server radio button.
Figure 11.10. Setting up remote administration on a Windows 95 system.
NOTE: Even though the dialog box says "server," any Windows 95 system can be edited this way. When remote functions are allowed, the system is working as a "server" to the other system.
Add the users and groups who will be allowed to edit the Registry. After confirmation, the system must be restarted; it then allows remote editing.
The only way to open a Windows 95 system's Registry with an NT system is, surprisingly, to use REGEDT32.EXE. Use Registry | Select Computer to open the Registry. (See Figure 11.11.)
Figure 11.11. Editing the Windows 95 Registry with REGEDT32.EXE.
The difference between the Windows 95 Registry and the
Windows NT Registry is quickly
evident with the rearrangement of the location of many of the keys in HKEY_LOCAL
MACHINE and the missing SID-identified user in HKEY_USERS. All security-based
items (the keys named SAM and Security) in
HKEY_LOCAL_MACHINE are also missing
in the Windows 95 Registry.
NOTE: When the Registries are set side by side, it's really no wonder that some applications written for Windows 95 are not compatible with Windows NT. Everything seems to be in a different place. In fact, it is actually quite amazing that any of it works. You will hail the day when the Registries have exactly the same structure, with the only differences being the extent of the features represented by the keys.
It is not possible to edit the individual user information for Windows 95 users from within Windows NT. The logged-on user is not shown, and the USER.DAT files created for each are not readable with NT. The only ways to edit and maintain them are with the System Policy Editor, or to edit the files in Windows 95.
The process appears to be exactly the same for remote editing of a Windows 95 system in Windows NT and Windows 95. The main difference is that REGEDIT.EXE in Windows NT does not do remote Registry editing for either Windows NT systems or Windows 95 systems.
The menus indicate that it will, using the Registry | Connect Network Registry menu choice. It even prompts you to browse or type Computer name to select the system. (See Figure 11.12.) But it will not work.
However, you can edit the remote 95 Registry from another Windows 95 system.
SOLUTIONS: I'm confused. Which system and which editor can edit which type of system? Why can't I do all my work from one system? Table 11.2 shows which editors on which platforms can edit remote systems. Again, the differences and incompatibilities between the Windows 95 and Windows NT systems rear their ugly heads. Those incompatibilities make it impossible for all to work together correctly. Only when the Registries are merged will there be complete compatibility.
Table 11.2. Remote Registry editing tool comparison.
| Platform/Program | 95 Remote? | NT Remote? |
| Windows NT/REGEDT32.EXE | System only | YES |
| Windows NT/REGEDIT.EXE | NO | NO |
| Windows 95/REGEDIT.EXE | YES | NO |
When REGEDIT.EXE pulls in the Registry for a Windows NT computer, it indicates by an error message that it couldn't connect to all hives. (See Figure 11.13.) Even though it says to disconnect and try again, connecting to a remote system will always bring up the same results. REGEDIT.EXE cannot edit the remote NT Registry.
Figure 11.13. The Windows NT hives are not available for editing remotely with REGEDIT.EXE.
When you try to edit a Windows 95 system from REGEDIT.EXE in NT, you get
the error message shown in Figure
11.14.
Figure 11.14. Windows NTs REGEDIT.EXE does not allow editing of a Windows 95 Registry.
WARNING: It doesn't help to try to run the REGEDIT.EXE file in your Windows 95 directory (if you have one) under NT. It still launches the one installed with NT.
To remotely edit Windows 95 systems, you must use REGEDT32.EXE from Windows NT, or use REGEDIT.EXE while running a Windows 95 system.
The process for remote editing of a Windows 95 Registry is exactly the same as it is in Windows NT, with one big difference: It works! Inside Windows 95, if you are listed on the remote system as an authorized user, you can edit another 95 system's Registry quickly and easily.
To connect to the remote system, select the Registry | Connect Network Registry menu choice in REGEDIT.EXE. You can browse for the name of the computer, or type it in directly. Once it is connected, the remote system will show all of its handle keys, as shown in Figure 11.15.
Figure 11.15. Remote editing of another Windows 95 system.
When you are finished with the editing of the remote system, highlight the name of
the remote system, and select Registry | Disconnect Network Registry. Select the
system whose Registry you would like to disconnect, and then click OK, as shown in
Figure 11.16. The display in REGEDIT.EXE will return to normal, with only
the
local system's Registry displayed.
Figure 11.16. Disconnecting from another Windows 95 systems Registry.
Someday, perhaps in the near future, you can have one editor with all the features of REGEDT32.EXE and REGEDIT.EXE. That one editor will be able to edit all the Registries (because they will be the same), and will be available to both local and remote systems.
Until then, anything that can be edited locally can be edited remotely, provided the correct editor is used. REGEDT32.EXE can remotely edit the system and user Registry information for NT systems and the system Registry information for Windows 95 systems. REGEDIT.EXE for Windows NT has no remote editing capabilities as of this writing. For full editing of system and user functions for Windows 95 systems, use REGEDIT.EXE on a Windows 95 system.
Common functions that are easily understood by even novice users can be directed from afar. You can simply explain the changes to the user and direct him to make those changes. However, if either you or the user is uncomfortable with the user making modifications in the Control Panel, or if he is restricted from the Control Panel, you can easily make the changes remotely.
If the remote system starts but logon functions are unavailable, the individual can't make the changes, but the Registry is still available for a remote connection.
If the desired changes are not available in the Control Panel, the only option is to edit the Registry remotely or in person.
Once again, be careful about making remote changes to the Registry. Mistakes may not show up immediately, so all remote changes should be preceded by thorough testing on local systems. Also, allowing systems to be updated remotely, particularly Windows 95 systems, opens them up to significant security risks. Proceed with caution and care.
© Copyright, Macmillan Computer Publishing. All rights reserved.
