Tweaking the Registry

by Guy Thomas

May 2007

Tweaking the Vista registry by Guy Thomas

Page 1

Contents
Contents ..................................................................................................................................................2 The Purpose of this Ebook.......................................................................................................................3 What is Tweaking the Registry? ..............................................................................................................4 Getting Started with Regedit...................................................................................................................5 Launching Regedit ...................................................................................................................................6 Guy's Five Stages of Registry Tweaking - Which stage are you at?.........................................................8 1) AutoAdminLogon ..............................................................................................................................11 2) AutoPlay - NoDriveTypeAutoRun......................................................................................................14 3) CachedLogonsCount..........................................................................................................................17 4) Change the Name of Your Computer Icon ........................................................................................19 5) Copy To ContextMenuHandlers ........................................................................................................21 6) Delete Roaming Cache ......................................................................................................................23 8) Hide Public Folder .............................................................................................................................26 9) Remove Arrows on Shortcuts............................................................................................................29 10) RegisteredOwner ............................................................................................................................33 Connect Network Registry ....................................................................................................................35 How to Create .Reg Files .......................................................................................................................40 Examples of .Reg Files ...........................................................................................................................46 Vista's Registry Structure ......................................................................................................................51 Windiff Find Settings in the Registry ..................................................................................................55 Guy's List of Vista Regedit Tips..............................................................................................................62 Best Practice for Editing the Vista Registry ...........................................................................................66 Follow-up...............................................................................................................................................66

Tweaking the Vista registry by Guy Thomas

Page 2

The Purpose of this Ebook
The Purpose of this Ebook This ebook is designed to explain the workings of the registry. Studying my detailed examples offer a middle way between buying a third party program to tweak the registry, and discovering the joys of hacking the registry by trial and error. If you buy a utility, its front end masks the finer points of the registry. If you learn by trial and error, what happens when you meet error? Unlike a typo in a report, a mistake in the registry could render your computer unusable. I thoroughly enjoy tweaking the registry, and I want to distil the best of my experiences and pass them on to you. While, I have a section on troubleshooting, each page also has two or three learning points, each of which will advance your registry skills. Even if you are already moderately experienced with regedit, I still hope that you will enjoy at least one or two of my favorite registry tweaks. Registry Topics What is the Registry? Getting Started with Regedit Guy's Five Stages of registry hacking List of Registry Tweaks 1. AutoAdminLogon (Logon without password) 2. AutoRun (Control CD caddy) 3. CachedLogonsCount 4. Computer Name (Rename the Computer Icon) 5. ContextMenuHandles (Add items to shortcut menu) 6. Delete Roaming Cache 7. PaintDesktopVersion (Display the Build Number) 8. Public Folder (Control the display on the desktop) 9. Remove Shortcut Arrow 10. RegisteredOwner Advanced Registry Section Remote Registry Edit Registry Structure Create .reg files Examples of .reg files Windiff to find registry settings Regedit Tips

Tweaking the Vista registry by Guy Thomas

Page 3

A replacement for all those ancient . or 'hacking the registry'. A database for Group Policy settings. and in particular. I have lots of worked examples. colloquially. Officially. to solve a specific problem. If I have a hidden agenda it is that in general. and to provide general learning points. you edit the Vista registry by adding keys. the confidence to launch regedit and change the registry settings. there are circumstances where editing the registry is the best troubleshooting technique. which I urge you to try on your own machine. is so that you can repair a defective machine remotely. Each registry tweak has two aims.ini files. Another reason to acquire confidence at editing the registry. where there are differences I will explain what happens in each operating system. As usual. A back-end for Control Panel's front-end. this process is called 'tweaking the registry'. the only hope of solving the problem is to edit a value in the registry. which help you to master regedit. that tweaking the registry should be satisfying.What is Tweaking the Registry? There will be times when your research reveals that there is simply no GUI to configure a particular Vista setting. My secondary goal is to persuade you to take sensible precautions. Most of the tweaks work equally well on Vista. and above all. many of my examples also have amusing anecdotes. export at least that particular registry branch before editing any values. My primary goal is to give you the skill. the practice. A no-go area for amateurs! A tool for troubleshooting operating system problems. A vehicle for having fun while you tweak Vista's performance and appearance. Tweaking the Vista registry by Guy Thomas Page 4 . Consequently. XP and Windows Server 2003 registries. What is Vista's Registry? A collection of all the operating system's configurable settings. There is a serious side to editing the registry. To reinforce this 'let's have fun' message. learning should be fun. for example. or modifying values. When a computer is not working properly.

Remote Registry Editing . and no safety catch. Selected Branch. Every other expert will tell you to backup the System State before you begin. The best defence against a mistake would be to experiment with the registry on a test machine.Examples 9. Create a new value .PaintDesktopVersion. Add setting to 'Favorites' . RemoveShortcut 8. My favorite technique for recovering from mini-disasters is to export the registry key BEFORE I start editing values. do take precautions. Import registry settings from a . Export. Change an existing value . and every example) 3. RegisteredOwner 5. Export a registry key .Get out of jail card Tweaking the Vista registry by Guy Thomas Page 5 .(Before you make ANY change) 4. Values and Data .reg file .AutoAdminLogon 7.CachedLogonsCount 2. Launch Regedit . Nevertheless. Because the registry is live. with no 'Simulate' button. I have arranged the following techniques as a progression.Getting Started with Regedit I will be giving you clear instructions to help you master tweaking the registry.ContextMenuHandlers.Computer 6.(Any. Create a new key . What I do in regedit is click on the File menu. Rename an existing value . Find Settings.Simple exercise to get started with regedit 1. Here is my sequence for mastering the registry along with examples of how to develop the corresponding technique. Registry Skills Progression Launching Vista's Regedit Launching XP or Windows Server 2003 Best Practice for Editing the Registry Registry Skills Progression To become expert at any task you need to acquire a range of skills.

REGEDIT (Type).regedit. 'reg' or 'reged'. Click on the OK (Button). Note 1: In Windows 2003 and XP Regedit remembers the last place you visited which is useful. Launching Regedit in XP or Windows Server 2003 The best executable to edit the registry is Regedit. See screenshot opposite Note 1: Unlike other Vista executables. Type: regedit 4. Click in the Start Search Dialog Box 3.Launching Regedit Let us assume that your mission is to change a setting in Vista by using the registry editor. Note 2: Another clue that amateurs are not supposed to open the registry. you have to type the full name . Vista does not auto-complete the name of the program. if you type just the first few letters. Note 3: The actual executable is called regedit. it also responds to the name of regedt32. is that the special editor.0. (Rather than Regedt32) Click on the START (Button). Press enter (or double click Program: regedit) 5. but for backwards compatibility with NT 4. does not appear on any Vista menu. Click on the Vista Start Orb (Button) 2. Regedit. Tweaking the Vista registry by Guy Thomas Page 6 . RUN. 1.

.

Tweaking the Vista registry by Guy Thomas

Page 7

Guy's Five Stages of Registry Tweaking - Which stage are you at?
1. Fear of a new language 2. Wonderment at your power and skill 3. Complacency - I can do anything 4. Slip on a banana skin - Blind panic 5. Respect for registry editing 1) Fear of a new language At stage 1 of registry tweaking, you are anxious that you may destroy your machine. This is why you confine your registry activities to a test machine. When it comes to making changes, you confine activities to just altering a few values from zero to one. What this does is to enable, or activate, a feature that you may be reading about in a 'How to...' article. Mastering the registry, means spotting new patterns; for example, do the instructions for the registry tweak start with HKEY_LOCAL_MACHINE, or HKEY_CURRENT_USER? This leads us to thinking, 'does this setting affect the computer or does it control the user's configuration?' 2) Wonderment at your power and skill After a few trips into the Vista registry, you begin to appreciate the sheer scale of the hives, folders, keys and values. Soon, you start to make sense of the data, for instance, you notice that String Value icons have a different pattern from DWORD icons. By now you realize that the names of the values are not case sensitive, the eccentric capitalization is just a way of making the names read more easily, for example AutoAdminLogon. Whereas previously you only modified existing entries, as your confidence grows, you extend your repertoire by adding new values. However, at stage 2 you still remember to export your registry's 'Selected Branch' BEFORE you make any changes. 3) Complacency - I can do anything At the third stage you reach the point where a little knowledge is dangerous. You discover Regedit's Edit menu with its 'Find'. More riskily, you learn how easy it is to import settings stored in .reg files. This allows you to add lots of settings to the registry quickly, just by double clicking a text file with .reg extension. You also apply my tip of using regedit's Favorites; consequently you find it easy to return to the most popular registry haunts. Perhaps you also use Vista's Volume Shadow Copy. Thus you discover how to retrieve previous versions of the registry files from the %SystemRoot%\ System32\ config folder. Now the danger is that because you are having so much fun, you cannot imagine anything can go wrong. You start taking more risks. Occasionally you forget to export the registry before one of your experiments.

Tweaking the Vista registry by Guy Thomas

Page 8

4) Slip on a banana skin - Blind panic One of life's rules is that complacency inevitably leads to disaster. Just as children who play with fire get their fingers burnt, so those who play risky games with the registry, come unstuck. Perhaps the biggest cause of registry tweaks that cripple a machine, is people changing settings that they don't understand. As a result, one day they switch on the Vista machine only to be greeted by the message: Machine will not boot. Stop 0x0000051. Stop messages like the above cause your heart to beat faster. You realize that you have gone too far this time and have deleted a vital hive in the registry. At this stage it is a question of do or die. Either you vow never to touch regedit again, and complete your penance by rebuilding the machine from scratch, or you stay calm, apply your skill, overcome the disaster, and thus reach the fifth and final stage of registry hacking. 5) Respect for registry editing Knowledge, power and respect form a triangle. If one side of this triangle is shorter than the others, then the whole structure topples over. In times of crisis remember your good practices, and run through your troubleshooting strategies. To repair a broken registry, as the Vista machine boots, press F8 and select 'Last Known Good'. This is particularly effective at restoring settings in the HKEY_LOCAL_MACHINE section of the registry. If that does not work then try booting into 'Safe mode'. Provided you can get into the operating system, then you have a variety of tactics. Best would be to restore the registry from the system state backup, or a Regedit export. You did take precautions? Didn't you? If a restore is not possible, then try booting into a parallel installation, for example, install another copy of Vista on the D: \ drive. Where the stricken machine boots, but then hangs, one other possibility is to try and access the registry remotely from another machine. Remote registry editing is an art in itself and requires that you start the remote registry service, fortunately, you can do this remotely. As I say, remote registry is a black art which requires special techniques which I explain on this page. Check out the SystemRoot%\ System32\ config folder, what you are particularly looking for is the .sav files, one day they could be your salvation. I once used a parallel installation to find this config folder, and then I renamed the 'system.sav' file to 'system', and thus repaired the Vista registry. Once the machine started, I was able to import a .reg file that I thoughtfully exported before trying a dodgy registry experiment. In my humble opinion, you have to go through the catharsis of a registry disaster before you give this black art of tweaking the registry proper respect. Thereafter, you always have one eye on safety. You make those backups, and export that registry branch regularly.

Tweaking the Vista registry by Guy Thomas

Page 9

or merely a logoff / logon? Does the operating system setting teach you about the registry? Or does the registry setting teach you about the operating system? Tweaking the Vista registry by Guy Thomas Page 10 . or create a new value? If we need to create a value.The Enigma of Tweaking the Registry I have noticed that many registry components present a duality. here are the pairs of elements: Is tweaking the registry work. I refer to this as: 'The enigma of tweaking the registry'. is it a DWORD or a REG_SZ? Will your tweak require a reboot. or is it play? In which hive do you start? HKLM or HKCU? Do you edit an existing setting.

Type 'regedit' in the Start Search dialog box. Check for the existence of a REG_SZ called DefaultUserName. Do you find the AutoAdminLogon value in HKCU** or HKLM? Answer: HKLM Tweaking the Vista registry by Guy Thomas Page 11 . A typical scenario would be a test machine on a private network. If this value does not exist. Definitely needed in a domain situation. is to set a value for DefaultPassword in the registry. Navigate to: HKLM\ Software\ Microsoft\ Windows NT\ CurrentVersion\ winlogon AutoAdminLogon = 1 3. Create a new String Value called DefaultPassword DefaultPassword = "P@ssw0rd" 4. create a String Value called DefaultDomainName 6. name it. Set the value to: DefaultDomainName = "OnlyYouKnowDomain" Here is a summary of the four key registry settings: "AutoAdminLogon"="1" "DefaultUserName"="xxx" "DefaultPassword"="xxxx0xxxx" "DefaultDomainName"="xxx. 2. DefaultUserName.xxx". 5. when you restart the machine it automatically logs on a named user. Key Learning Points This was an exercise in adding new values to the registry.1) AutoAdminLogon The idea behind AutoAdminLogon is that a user(name) can logon at a computer without having to type a password. then right-click in the right pane. Optional Item: If your Vista Machine has joined a domain. new. REG_SZ. which also its liability. The value should reflect the user who you wish to logon automatically. The trick. Topics for AutoAdminLogon Instructions for Setting AutoAdminLogon Key Learning Points Addendum for Vista Home Editions A real-life story starring AutoAdminLogon Instructions for Setting AutoAdminLogon 1. With AutoAdminLogon enabled.

Before you try the above configuration. where naturally our keyboards had the UK layout. Double-check the logic of what you are ticking. Once you restart Vista. User Accounts and finally click on the Users tab. Tweaking the Vista registry by Guy Thomas Page 12 . repeat. namely tick: 'Users must enter a user name and password'. then remove the tick in: 'Users must enter a user name and password'. or merely Log Off / On. note: I did not. number and squiggles (non-alphanumeric characters). it will logon that user automatically. Addendum for Vista Home Editions I have been using AutoAdminLogon since NT 3. All you need to do next is type the password twice in the.reg files for your computer. 'Automatically Log On' dialog box. and then edit . double negatives are a particular source of errors. in Vista Home editions there is a much easier alternative. As it's easy to import the contents of a . See screenshot. however. or modify an existing value? Answer: Modify 0 --> 1. have not understood the logic. Half of all people who write and say 'Guy that tweak did not work'. even though we were in London England. who installed the default American keyboard layout.Reg File This page explains how to create.5. Navigate to the Control Panel. Is it a String Value or a DWORD? Answer: REG_SZ (String value). do take extra care with procedures. where you need to remember a combination of uppercase. I was training a new Vista course containing two delegates from hell. and possibly DefaultDomainName. then the more work there will be for you'. Do you need to Restart. or when you are setting a registry value to one. lowercase. The other ingredient was a new technician. This law certainly applies to complex passwords. Answer: Restart Extra Information: With AutoAdminLogon you also need to create DefaultPassword. not find this setting in a machine which had joined an Active Directory domain. Let me give you an example of why I like the registry setting AutoAdminLogon.reg file into the registry. Creating a . A real-life story starring AutoAdminLogon Guy's 3rd Law of computing states: 'The more security that you have.Do you have to add a value.

No more problems with logging on after that. Tweaking the Vista registry by Guy Thomas Page 13 . Thanks to the USA / UK mixed setup. the @ was above the numeric 2. my aim was to activate AutoAdminLogon and thus configure an automatic logon without delegate input.Reg File For my solution to work. You can see above how I achieved this in: Instructions for Setting AutoAdminLogon. Have you guessed the problem? The @ was not on the keyboard where the delegates and I thought it would be. another scenario for AutoAdminLogon is for test machines not connected to a production network. Most of the first session was spent getting the 8 delegates just to logon. which I then imported to each of the delegates machines.again. For the second exercise. I needed the same settings on all 8 machines.The course started with the delegates logging on to their Vista machines as Administrator with the password of P@ssw0rd.reg file. Thus from my machine I exported the HKLM\ Software\ Microsoft\ Windows NT\ CurrentVersion\ winlogon branch of the registry into a . Over lunchtime I edited the registry.that took the rest of the morning because after the restart they had to grapple with the complex password . they had to join a domain . namely above the comma. Creating a . Training is the classic place to try these naughty but nice tricks.

and 0x10 (network drives). set the bit representing that type of drive to 1. reminds me of a tip that I was given for playing chess. 0x10 Disables AutoPlay on network drives. In Vista the default is 0x91 (145). rather than NoDriveAutoRun. but now I have found a more flexible registry setting. Possible Values for NoDriveTypeAutoRun Here below.NoDriveTypeAutoRun This registry hack will control what happens to AutoPlay when you put a CD into the drive caddy. Tweaking the Vista registry by Guy Thomas Page 14 . but allow CD-ROM drives to run AutoPlay. If you want to disable more than one type of drive. when you find a good move. Previously I had known about plain AutoRun. NoDriveTypeAutoRun. 0x4 Disables AutoPlay on removable drives. 0x8 Disables AutoPlay on fixed drives. Researching NoDriveTypeAutoRun. You calculate the figure by summing: 0x1 (unknown types). if these messages are suppressed then the CD will not automatically start playing. look for an even better one. Topics for NoDriveTypeAutoRun Background to AutoPlay Possible Values for NoDriveTypeAutoRun Registry Instructions for NoDriveTypeAutoRun Key Learning Points Background to AutoPlay Media Change Notification (MCN) messages from the CD-ROM driver. You can disable AutoPlay by configuring the appropriate value of NoDriveTypeAutoRun (or NoDriveAutoRun) in the registry. The entries are a bitmapped value. and thus start automatically. To disable AutoPlay on a particular type of drive. However. trigger the AutoPlay behaviour of the CD. but without the floppy drive setting. 0x1 Disables AutoPlay on drives of unknown type. the default value for NoDriveTypeAutoRun is 0x95 (149). you can disable all network and all unknown drives from running AutoPlay. The benefit of using NoDriveTypeAutoRun. sum the hexadecimal values of the representative bits. is that you can fine-tune which drives you wish to disable. Similar to XP. 0x80 (unknown types). In XP. For example. 0x4 (floppy drives).2) AutoPlay . is a table of the hex values to control AutoPlay on a variety of drives.

0x80 Disables AutoPlay on drives of unknown type. the NoDriveTypeAutoRun setting should take effect straightaway. Should you add a value. Navigate to this path: HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Wind ows\ CurrentVersion\ Policies\ Explorer 3. Registry Instructions for NoDriveTypeAutoRun One interesting feature of NoDriveTypeAutoRun is that you can set the value in either HKLM** or HKCU. then the Local_Machine over-rides the Current_User. 1. Refer to the above table. 0x40 Disables AutoPlay on RAM drives. or modify an existing setting? Answer: In Vista modify to a hex value = 000000FF. 0xFF Disables AutoPlay on all types of drives.0x20 Disables AutoPlay on CD-ROM drives. Answer: In XP or W2K3 you may need to create a DWORD called: NoDriveTypeAutoRun. 7. and use a Hexadecimal calculator to compute the most suitable value for your machine. If necessary create a dword called NoDriveTypeAutoRun 4. 2. Type 'regedit' in the Start Search dialog box. A value of 000000FF (decimal 255) disables AutoRun on all drives. There is no need to logoff. Tweaking the Vista registry by Guy Thomas Page 15 . If you go overboard and configure both. Set NoDriveTypeAutoRun = 000000FF 5. 6. Consult the above table for greater precision. Then set it a hex value of 000000FF (Decimal 255) Is NoDriveTypeAutoRun a String Value or a DWORD? Answer: DWORD. Key Learning Points Do you find the NoDriveTypeAutoRun value in HKCU** or HKLM? Answer: Both! If there is a conflict then HKLM wins.

or merely Log Off / On? Answer: Neither. changes to AutoPlay should occur as soon as you enter the value in the registry. These acronyms are so well known that you can even use them in . NoDriveTypeAutoRun to Regedit's Favorites menu ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE.reg files. Vista will understand and obey the registry instruction.Do you need to Restart. Tip: Add this Value. and HKCU is shorthand for HKEY_CURRENT_USER. Tweaking the Vista registry by Guy Thomas Page 16 .

we can reduce this to value zero. Let us assume that you have reached: HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion\ winlogon. launch regedit and manually drill down to: HKLM**\ Software\ Microsoft\ Windows NT\ CurrentVersion\ winlogon. see screenshot to the right. Our first task is to find the correct part of the registry. you may have to press F3 two or three times until you see the following path at the very bottom of the regedit screen: HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion\ winlogon Method 2) Safe and Sure If Method 1 fails. and create a new REG_SZ called CachedLogonsCount. no worries. Another user with a different laptop wanted to increase their cached logons to 50. Topics for CachedLogonsCount First Objective to get to the Winlogon registry folder Second Objective to set the CachedLogonsCount value = 0 Key Learning Points First Objective to reach the Winlogon registry folder I have divided our task into two parts. there are at least four instances of 'Winlogon' in the registry. Method 1) Flashy Launch regedit. Since there is no GUI to reset the cached logons. With a registry edit of CachedLogonsCount.3) CachedLogonsCount A security hack may be a contradiction in terms! However. My client had laptops which operated on an Active Directory domain. Note: If you don't tick. minimizing cached logons was the answer. Before you go any further. for them. The default number of cached logons for a client such as Vista or XP is 10 (shortly to be increased to 25 in Longhorn). this is a job for a registry tweak. and they did not want users (or hackers) to logon unless the laptop could authenticate with a domain controller. Our job is to edit this REG_SZ value from 10 to zero. Tweaking the Vista registry by Guy Thomas Page 17 . just right-click in the right hand pane. our second task is to edit the actual registry value. Click on the Edit menu and then select 'Find'. If this setting is not present. 'Match whole string only'. Second Objective to set the CachedLogonsCount value = 0 The default value for the cached logons count is 10 (maybe increased to 25). check the path. The purpose of this technique is to navigate to the folder containing CachedLogonsCount as quickly as possible. The next task is to double-click CachedLogonsCount. I once had a client who wanted to improve their laptop security. Put a tick in only the 'Keys' box. in both cases tweaking the registry was the only solution. Now type Winlogon in the Find what: dialog box. then here is an alternative method.

reg files.'Keys'? Do you find the CachedLogonsCount value in HKCU** or HKLM? Answer: HKLM Do you have to add a value. or merely Logoff / Logon? Answer: Restart This example merely edits an existing value. These acronyms are so well known that you can even use them in . Tweaking the Vista registry by Guy Thomas Page 18 . and HKCU is shorthand for HKEY_CURRENT_USER. set the value = 50 (maximum number) CachedLogonsCount Key Learning Points Were you able to master: Find . to give a laptop the maximum cached logons when it is away from its domain controller. double-click and change the value for CachedLogonsCount to 0 (zero). or modify an existing setting? Answer: Modify changing 10 --> 0. ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE. Vista will understand and obey the registry instruction.For increased security. Do you need to Restart. Tip: F3 speeds up searching when using 'Find'. Alternatively. (or 10 --> 50) Is it a String Value or a DWORD? Answer: REG_SZ (String value).

in these cases. just press F5 to refresh the desktop. make sure that the Vista desktop displays the Computer icon. then click in the dialog box and type: %Username% at %Computername% Incidentally. Topics for Changing the Name of the Computer Icon Instructions for LocalizedString Screen Shot of LocalizedString Key Learning Points Preliminary Step Before you try this impressive registry tweak. This tip also works for XP and W2K3. Right-click the desktop. your computer icon should now say the equivalent of: YourName at YourComputer. Please note. Tweaking the Vista registry by Guy Thomas Page 19 . For example. 'King of' or 'Queen of'. I double click LocalizedString. 3) To see the fruits of your labours. guyt (username) at Vista-Ultimata (computername). unlike the cheap-shot where you just rename the Computer icon. For example. Name it: LocalizedString 2) Edit the 'Value data'. and then change the value for LocalizedString from 'Computer' to a variable which will reflect the user who logs on to this particular computer. Note type should be Expanded String Value. Instructions for LocalizedString The mission is to find a specific class id (CLSID) in HKEY_CLASSES_ROOT. Personalize and select: Change Desktop Icons. The result is that the name reflects the true username and computername. make sure that you display the 'My Computer' on the desktop. Launch Regedit and navigate thus: 0) Precaution: Rename the existing value: Locate with regedit HKEY_CLASSES_ROOT\ CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D} rename LocalizedString to LocalizedString.4) Change the Name of Your Computer Icon The idea behind this registry tweak is to control the label under the computer icon. this tip dynamically adjusts the name for each user who logs on. which you see on the Vista desktop.Old 1) Create a new VALUE. you could choose more creative words in place of 'at'.

Right click. make sure that Vista displays the Computer on the desktop. just refresh the desktop by pressing F5. then create a new value. Do you have to add a value. Preliminary step.reg files. and HKCU is shorthand for HKEY_CURRENT_USER. or modify an existing setting? Answer: Rename. Personalize and select: Change Desktop Icons. These acronyms are so well known that you can even use them in . rename the existing key. Vista will understand and obey the registry instruction. Tip: Add this Value. Do you need to Restart. Tweaking the Vista registry by Guy Thomas Page 20 .Another Screen Shot of Vista's Regedit Here is an panoramic view of the registry showing regedit editing the Reg_Expand_SZ LocalizedString. LocalizedString to Regedit's Favorites menu ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE. it's under HKEY_CLASSES_ROOT. Is it a String Value or a DWORD? Answer: Neither it is an Expanded String. Key Learning Points Before you make a difficult change to the registry. or merely Logoff / Logon? Answer: Neither. Do you find the LocalizedString value in HKCU** or HKLM? Answer: neither.

double click the existing REG_SZ called Default. {C2FBB630-2971-11d1-A18C-00C04FD75D13} 6. and set the value to: 5. Topics for adding 'Copy To' Instructions to Add Copy To to the Explorer Context Menu Key Learning Points Warning Instructions to Add 'Copy To' to the Explorer Context Menu 1. HKEY_CLASSES_ROOT\ AllFilesystemObjects\ shellex\ ContextMenuHandlers\ 3. Note: you do need the {curly brackets} for this CLSID. Name the new Key: Copy To 4. a dialog box opens inviting you to choose the file destination. Once you right click a file and select 'Copy to Folder'. Launch Regedit and navigate to this key: 2. Create a new Key. In the right-hand pane. Tweaking the Vista registry by Guy Thomas Page 21 .5) Copy To ContextMenuHandlers Imagine this scenario: You wish to copy a file from one folder to another. What this registry tweak will do is place 'Copy To' on the Windows Explorer shortcut menu.

just launch Windows Explorer. right click a file and experiment with the 'Copy To Folder' feature.before opening it in the proper application . right click on a folder and test the 'Copy To'. Is {C2FBB630-2971-11d1-A18C-00C04FD75D13} a String Value or a DWORD? Answer: REG_SZ (String value). ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE. Addendum: You can create another registry entry. Answer: Neither.I first get a dialog asking me where to move the item. change C2FBB630 to C2FBB631 and repeat the above.reg files. Close regedit. kindly sent in this snippet of information. just launch another Windows Explorer. Cancelling this dialog brings up the next asking where to copy the file. Modify the REG_SZ called Default. it can give problems. or merely Log Off / On.7. which Moves instead of Copies. Kevin M. These acronyms are so well known that you can even use them in . or modify? Answer: First. In the CLSID. no need to reboot or even logoff. The full name of the Move To value is: {C2FBB630-2971-11d1-A18C-00C04FD75D13} Key Learning Points Keep you eye on CLSIDs Do you find the ContextMenuHandlers value in HKCU** or HKLM? Answer: Neither it is in HKEY_CLASSES_ROOT Do you have to add a value. and HKCU is shorthand for HKEY_CURRENT_USER. Do you need to Restart. Cancelling this dialog leads to opening of the file and bringing up the next files "move-dialog"! Pretty irritating! Tweaking the Vista registry by Guy Thomas Page 22 . When I select two or more files in Windows Explorer to open in Notepad or any other program. Warning: While this 'Copy To' registry hack looks flash. for every selected file . Vista will understand and obey the registry instruction. Add a whole new Key (Not just a new value) called Copy To Second.

Create a new DWORD called DeleteRoamingCache 4. 1 means that all roaming profiles get deleted. in this instance. On the other hand. 5. Roaming profiles are stored on a server. changing to DeleteRoamingCache=0. would be a double negative. Navigate to this path: **HKLM\ Software\ Policies\ Microsoft\ Windows\ System 3. and if it's unlikely they will ever logon again. Topics for DeleteRoamingCache Background to Delete Roaming Cache Registry Instructions for DeleteRoamingCache Key Learning Points Registry Screenshot of DeleteRoamingCache Incidentally. DeleteRoamingCache=1.6) Delete Roaming Cache The key question with the registry setting called DeleteRoamingCache is: 'Where does the cache get deleted?' The answer is on the machine where you set the value. 2. Background to Delete Roaming Cache This registry dword. the disk fills up with profiles. Launch Regedit. The incentive to change the default behaviour occurs when lots of roaming users logon to one 'kiosk' machine. therefore you end up with roaming profiles. As a result. by default. Registry Instructions for DeleteRoamingCache 1. this tip to delete a roaming user's cache is consistently voted near the top of any list of registry hacks. Setting a hex value of 00000001 deletes all local roaming profiles. To be clear. Registry Screenshot of DeleteRoamingCache Tweaking the Vista registry by Guy Thomas Page 23 . the local computer saves a copy of a user's roaming profile when users logoff. DeleteRoamingCache. when a user with a roaming profile logsoff. the system saves an additional copy of their profile on the local hard drive. This scheme was designed to give roaming users faster logon. However. Here is a classic case of checking that your logic matches the registry's. you may as well make a registry tweak which deletes these unwanted roaming profiles. a value of 1 means: no roaming caches gets saved. controls whether or not. See Screenshot below. don't delete. especially when network traffic was busy.

or modify an existing setting? Answer: Create a DWORD called: DeleteRoamingCache. Then assign it a hex value of 00000001 Is DeleteRoamingCache a String Value or a DWORD? Answer: DWORD. DeleteRoamingCache to Regedit's Favorites menu. Should you create a value. Especially with the double-negative behavior of: DeleteRoamingCache = 0 Do you find the DeleteRoamingCache value in HKCU** or HKLM? Answer: HKLM.reg files. These acronyms are so well known that you can even use them in . Vista will understand and obey the registry instruction. and HKCU is shorthand for HKEY_CURRENT_USER. ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE. Tweaking the Vista registry by Guy Thomas Page 24 . Tip: Add this Value. Do you need to Restart.Note the path at the very bottom of the screenshot: HKEY_LOCAL_MACHINE\ Software\ Policies\ Microsoft\ Windows\ System Key Learning Points Check your logic. or merely Log Off / On? Answer: Restart the local machine.

This omission prompted me to do a little exploring in the Vista registry. Key Learning Points A simple registry tweak to change a value from zero (setting disabled) to one (setting enabled) Do you find the PaintDesktopVersion value in HKCU** or HKLM? Answer: HKCU Should you add a value. Launch Regedit and navigate to this key: 2. Please note that there is no need to create this DWORD. this DWORD is also found in XP and Windows Server 2003. Topics for PaintDesktopVersion Instructions for PaintDesktopVersion Key Learning Points Instructions for PaintDesktopVersion 1. Check you now see: PaintDesktopVersion = 1 5. or modify an existing setting? Answer: Modify 0 --> 1 Is PaintDesktopVersion a String Value or a DWORD? Answer: DWORD. HKEY_CURRENT_USER\ Control Panel\ Desktop 3. or merely Log Off / On? Answer: Log Off --> Log On and view: Build 6000 Tip: Add this Value. PaintDesktopVersion to Regedit's Favorites menu Tweaking the Vista registry by Guy Thomas Page 25 . The default is PaintDesktopVersion = 0 meaning do not display the build number. Incidentally.'Build 6000'. 4.7) Display the Windows Vista (TM) Build 6000 During the Vista Beta program it was important to display the correct Build number. that way you could see which version you were testing. Double click and change its value to numeric one. Many 'techies' were disappointed because the final production version of Vista did not display its badge of honour . and I came up with a value called PaintDesktopVersion. Scroll down and find the existing entry called PaintDesktopVersion. as it's already there. Do you need to Restart.

as you can see from the screenshot. Tweaking the Vista registry by Guy Thomas Page 26 . Instructions for Hide Public Folder 1. Topics for Hide Vista's Public Folder Background on Hide Public Folder Instructions for Hide Public Folder Key Learning Points Hide ALL Desktop Icons Background on Hide Public Folder As the name suggests. However. Navigate to this key HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer \ HideDesktopIcons 3. If a dword called {4336a54d-038b-4685-ab02-99bb52d3fb8b} exists in NewStartPanel. exploring this setting will help you to understand how to configure the desktop to your liking. If there is no such dword. the Public folder is for storing communal documents. Check that \ HideDesktopIcons has two subfolders ClassicStartMenu (Controls non-Aero themes) NewStartPanel (Controls Aero Graphics) 4. Launch Regedit 2. Vista sometimes displays a shortcut on the desktop to the physical folder at C: \ Users\ Public. then this is how you create it. then simply change its value to hexadecimal 1. Incidentally.8) Hide Public Folder If you want to hide Vista's Public folder then there is a registry tweak to control its display on the desktop. select Personalize and then 'Change Desktop Icons'. there is no option to check or uncheck 'Public'. The GUI way to control which icons appear on the Vista desktop is by following this path: Right-click on the desktop. Consequently we have a job for regedit.

set the dword value = 1. These acronyms are so well known that you can even use them in .5. the idea is to achieve the same setting for non-Aero themes. ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE. Aero and non-Aero themes have different registry settings. Tip 1: Add this Value. and HKCU is shorthand for HKEY_CURRENT_USER. right-click in the right pane. With NewStartPanel in the left pane. Do you need to Restart. Do you find the HideDesktopIcons value in HKCU** or HKLM? Answer: HKLM Should you add a value. select New. hold down the Ctrl key. Vista will understand and obey the registry instruction. Key Learning Points As expected. To hide the Public folder on the desktop. or modify an existing setting? Answer: Add a dword set the value to = 1 Is HideDesktopIcons a String Value or a DWORD? Answer: DWORD. then you can alter the size of the desktop icons. 6. if you select the Vista desktop (just make sure it's the focus). then DWORD 32-bit. and should. repeat the above instructions for \ HideDesktopIcons\ ClassicStartMenu. The significance is that you could. Observe the menu bar at the bottom of the screenshot: HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIcons\ NewStartMenu. just press F5 at the Vista desktop. scroll the mouse. Tweaking the Vista registry by Guy Thomas Page 27 .reg files. or merely Log Off / On? Answer: Neither. HideDesktopIcons to Regedit's Favorites menu Tip 2: Incidentally. name the value: {4336a54d-038b-4685-ab02-99bb52d3fb8b}. To display the folder set the dword = 0. Note: you do need the {Curly Brackets}.

assign {00000000-0000-0000-0000-000000000000} a value of 0. Launch regedit and navigate to the following location: HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ HideDesktopIcons\ NewStartPanel 1. Double-click {00000000-0000-0000-0000-000000000000} and set it's value to 1 3. In the right-pane. and then edit . Refresh the Desktop view by pressing F5 key.Reg File This page explains how to create. create a new REG_DWORD {00000000-0000-0000-0000-000000000000} 2. do take extra care with procedures. 4.reg files for your computer. To reverse the changes. and the Recycle Bin via the Personalize menu.reg file into the registry. Hide All Desktop Icons You can deal with the namespace icons such as My Computer. and uncheck Show Desktop Items. you need to create the REG_DWORD in this key: HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ HideDesktopIcons\ ClassicStartMenu You can also hide all the desktop icons manually by right-clicking the Desktop. As it's easy to import the contents of a . Note: If you use the Classic Start Menu.Creating a . That leaves other shortcut icons which may clutter your desktop. Here is a registry tweak to remove all the other shortcuts from the Vista desktop. Tweaking the Vista registry by Guy Thomas Page 28 .

create: a) A new Key called: Shell Icons (note plural) b) In Shell Icons. Topics for Removing Arrows on Shortcuts Method 1 . Registry Instructions for Shell Icons Method 1. Incidentally.Shell Icons with Shell32. CD Drives and Start Menu items (see screenshot). this setting has unpleasant side effects on the 'Favorites Icons'. Shell Icon. to see the shell32. Underneath \ explorer. this only works on Vista (and not XP). If you open this file.0 Tweaking the Vista registry by Guy Thomas Page 29 . One method involves editing IsShortCut in the registry.dll. Navigate to this path: ** HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ 3. What we will do is launch the registry editor. Launch Regedit. Please note: Unlike many registry hacks. but involves copying an ico file (supplied) to the Windows folder.ico.Deleting IsShortCut Key Learning Points Remove Text from a Shortcut Background Shortcut's Arrow The shortcut arrow is actually an overlay. for example. Method 1 (Best): Remove Arrows with Shell Icons Our mission is to tweak the registry so that we can remove arrows on shortcuts icon.dll Method 2 . create a new REG_SZ called: 29 4. create a shortcut to calc.dll icons. which is stored in the master icon file called shell32.dll. then you will be able to see the changes. select Change Icon and browse to windows\ system32\ shell32. 2. right-click any shortcut. make sure that you have a shortcut on your desktop. however.exe. Now each icon has a number associated with it.9) Remove Arrows on Shortcuts I will show you two methods to remove the arrow on a Vista shortcut. is superior. The other method. As a preliminary step. Assign to 29 a value of: %SystemRoot%\ \ noarrow. one that is transparent. and the shortcut's number is 29. then you will see familiar icons for folders. and redirect number 29 to a different icon.

Tweaking the Vista registry by Guy Thomas Page 30 .29 for %SystemRoot%\ \ noarrow.0 Regedit requires the double backslash before filenames. Do you find the Shell Icons have value in HKCU** or HKLM? Answer: Strictly speaking Shell Icons is a new key in HKLM Should you create a value. transparent ico file. then logoff and log back on again.) Screen Shot of Shell Icons Key Learning Points There are two methods. In other words.ico. one for Vista and one for XP. You could try an experiment and substitute: %SystemRoot%\ \ system32\ shell32. What happens is that Regedit automatically strips out one of the backslashes.ico is a special blank. 6. \ \ sytem32 is correct.ico must refer to the name of the file that you add to the %systemroot% folder. download noarrow.ico. you may need to restart Vista. Note: noarrow. or merely Logoff / On? Answer: Logoff then log back on. or you try several experiments. Noarrow. or modify an existing setting? Answer: Create a new value AND create a new key Is 29 a String Value or a DWORD? Answer: String Value REG_SZ.5. Once you have edited the registry. and copied the noarrow. extract the file and copy it to the \ Windows folder.ico file. (If something goes wrong. Tip: Add this Value. Do you need to Restart. CurrentVersion\ explorer to Regedit's Favorites menu.dll.

Side Effects of Deleting IsShortCut If you delete the registry REG_SZ IsShortCut. or modify an existing setting? Answer: Neither. and then edit .Reg File If ever there was a case for creating a . Tweaking the Vista registry by Guy Thomas Page 31 . although there is no arrow. Should you create a value. This page explains how to create. As it's easy to import the contents of a . linkfile to Regedit's Favorites menu.reg files. Another problem occurs with the Media Center and Games Explorer.reg file. or merely Logoff / On? Answer: Logoff then log back on. the icon still launches the underlying program. I will show you how to remove arrows on shortcut icons. then Shell Icons. Key Learning Points Do you find the IsShortCut value in HKCU** or HKLM? Answer: Neither. Seek more instances of IsShortCut. rename. their shortcuts may be displayed. look for more instances of IsShortCut at: HKCR\ piffile and HKCR\ WSHFile. Tip: Add this Value. so I advise that you export at least the HKEY_CLASSES_ROOT\ linkfile branch of the Vista registry. Vista will understand and obey the registry instruction. 2. Method 2: Remove Arrows on Shortcuts by Deleting IsShortCut Once again. and HKCU is shorthand for HKEY_CURRENT_USER. it's a HKCR (HKEY_CLASSES_ROOT). This method involves deleting a registry value.reg file into the registry. Navigate to this path: *** HKEY_CLASSES_ROOT\ linkfile 3. Registry Instructions for IsShortCut 1. Launch Regedit. Here is a classic case for using 'Find' and F3 to search for more occurrences of IsShortCut. On the other hand the Shell Icons method has no such side effects. but they don't work when you click on them. or even delete IsShortCut Do you need to Restart. is that case. delete IsShortCut altogether. You may even find more IsShortCut entries under HKLM\ Software\ Classes. however. 4.Creating a .reg files for your computer. ** HKLM is an abbreviation of HKEY_LOCAL_MACHINE. then the Favorite Links disappear. In particular. These acronyms are so well known that you can even use them in . Rename a REG_SZ called IsShortCut to IsNotShortCut Alternatively. do take extra care with all registry procedures.

The trick is to rename the shortcut with a null character. Just to get your 'eye in'. Follow-up . Right-click on the icon which you wish to remove the text Select Rename Hold down the left Alt key.Removing text from Shortcut Is the Num Lock on? or off? It should be on with the light shining.*** Following this scheme HKEY_CLASSES_ROOT can be abbreviated to HKCR. ASCII 255 is best. Now try Alt 255 you should get a blank.Remove Text from a Shortcut It is also possible to remove the text label underneath a shortcut. Tweaking the Vista registry by Guy Thomas Page 32 . You should get a quarter character: ¼. Apply this techniques to renaming the shortcut. on the numeric keypad type 255 Troubleshooting . open notepad and try Alt key 172. Are you holding down the left Alt key? This technique did not work for me with the right Alt key (Alt Gr in England).

or merely Log Off / On. I have an amusing story featuring Evans Twp and his experience of RegisteredOwner. Do you need to Restart. Exit Regedit and launch Start Search. Alternatively. Change the value to a name of your choice. To see what I am talking about call for 'winver'. As a bonus. or modify? Answer: Modify Is it a String Value or a DWORD? Answer: String (REG_SZ). Repeat the above instructions for RegisteredOrganization. and then type: RegisteredOwner in the dialog box. Key Points for RegisteredOwner Is RegisteredOwner a value in HKCU or HKLM? Answer: HKLM Do you have to add a value. Tweaking the Vista registry by Guy Thomas Page 33 . in Regedit. A little research reveals that such names are stored in registry values called: RegisteredOwner and RegisteredOrganization. Launch Regedit. Answer: neither. 5. and then type: winver. Topics for RegisteredOwner Instructions for Editing RegisteredOwner Key Points for RegisteredOwner The Story of Evans Twp and RegisteredOwner Instructions for Editing RegisteredOwner or RegisteredOrganization 1. Find.10) RegisteredOwner When you buy a machine with Vista pre-installed. click in the Start Search dialog box. click the Edit menu. navigate to: HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion\ . Here is a registry hack to edit the value to reflect your organization. just type 'Winver' in Vista's Start Search dialog box. In Vista. sometimes OEM's leave their name in your copy of Vista (or XP). 3. 4. Double click on the REG_SZ called RegisteredOwner. 2. type winver in the dialog box.

Twp (pronounced Tupp) means a stupid person. nicknamed this manager: Evans Twp. Mr Evans told the poor lad that had to come in at the weekend and reinstall the machines. and saw that the 'Registered To' was: . "Put Evans Twp in the box". (Dai lost part of an ear in a Rugby scrum. I took Peter aside and showed him how to launch Regedit and find RegisteredOwner. Practical jokes are often part of the initiation ritual for new workers. (Meaning: Evans the stupid one!) I was visiting the company doing other work. he stopped and asked Dai 'eighteen months' what he should enter. and as a result. When Peter proudly showed off the new computers he was taken aback when Mr Evans went ballistic and accused Peter of undermining his authority. Peter's first job was to install five new Vista Machines. Peter was thrilled as it only took a moment to make the registry hack. The IT department took on a new lad called Peter. one of the techies. The IT manager of a company I was working with was called Evans. Dai 'eighteen months'. What happened was Mr Evans typed Winver in the Start Search menu. and Peter went to the rugby match instead of sacrificing his weekend to perform re-installs. During the scripted set-up he discovered the Organization Menu. he was not very IT literate. Consequently. he only had an ear and a half!).The Story of Evans Twp and RegisteredOwner In my homeland of Wales. Tweaking the Vista registry by Guy Thomas Page 34 .Evans Twp. We found Evans Twp and changed it to Mr Evans. Dai said. and this company was no exception. Mr Evans wanted the company name as the 'Registered Owner'. and in common with many mangers. when I heard of Peter's distress.

Specifically. if you have two machines. You logon as an administrator. if you keep experimenting with Vista's regedit. Topics for Remote Registry Editing 'Connect Network Registry' Strategy Psycho and the Keyboard Remote Registry . In this situation the best strategy would be to try to access the wounded machine using Remote Desktop. I realize that success depends on how the remote machine is configured. don't worry. Only if that does not work. Instructions for 'Connect Network Registry' Connecting to the Registry on another computer is straightforward. I have a script which will start this service on any machine on your network (firewall permitting). Tweaking the Vista registry by Guy Thomas Page 35 .Starting the Service Programs and Utilities that Depend on Remote Registry Summary of Remote Registry Service 'Connect Network Registry' Strategy Suppose you have a wounded machine that boots. provided you meet the prerequisites. whether Remote Desktop is disabled.Connect Network Registry Trust me. This page explains how to control the Vista Remote Registry service. 'Connect Network Registry' to get you out of a pickle. but then hangs and the keyboard and mouse won't respond. is an underused troubleshooting technique. then one day you are going to need. As an aside. or whether the Remote Registry service has started on the 'victim' machine. Pre-requisites The Remote Registry service has started on both machines. resort to this remote registry connection method. then the idea of comparing a healthy machine with the damaged machine. If the service has not started. You can connect to the other machine by typing the UNC path (\ \ machine) in the Start Search dialog box. Moreover.

a condition I would have liked to extend to Psycho. 'stuffed' . let his account logon without entering a username and password. you could use neither the keyboard nor the mouse. Tweaking the Vista registry by Guy Thomas Page 36 . AutoAdminLogon. My purpose was to save them typing a difficult password. His machine was as they say. In the Select Computer dialog box. His machine was useless. The problem started when for some bizarre reason. would not listen to instructions. I logged on as administrator at another machine. System. Once I opened Psycho's registry I drilled down to the keyboard and mouse setting using this path: HKLM. He was nothing but trouble. 3. Optionally. After Psycho rebooted his machine. 4. by design. Click OK.Instructions 1. Then it was a trivial task to change a REG_DWORD called Start from 4 to 1. launched regedit. CurrentControlSet Services. after each reboot required by the notes. Psycho decided to disable his keyboard and mouse. investigate the Advanced settings. Launch Regedit. i8042prt. and then selected 'Connect Remote Registry'. I showed the delegates the AutoAdminLogon =1 setting. you've probably guessed the happy outcome. The full horror became apparent when we tried to use Last Known Good to revert to the previous setting. On a training course I had a Psycho user. type the name of the machine you wish to connect. spilt coffee over his monitor and worse still. arrived late. As usual. Look for: Connect Network Registry. AutoAdminLogon had overwritten the old control set. Psycho and the Keyboard Here is a scenario for remote registry editing. click 'Check Names' 5. and click on the File menu 2. Well. If that does not work.

I don't wish to spoil a good story. in the Start Search dialog box. 2. Tweaking the Vista registry by Guy Thomas Page 37 . and it is quite likely that remote registry editing will be the only way to recover from his stupidity. but I have to point out that the above rescue scenario was on a Windows Server 2003 machine. Scroll down the list of services until you come to the 'Rs'. the remote registry principle is sound. you can do with a VBScript. and select Start from the short-cut menu. On Vista the keyboard and mouse driver is configured differently. One of my beliefs is that anything that you can do manually. 3. To start the Remote Registry services manually 1. consequently it no longer supports the above registry settings. right-click Remote Registry. type: 'Services'. One potential 'gotcha' is that the Remote Registry service is not started on the 'victim' machine. 'No worries'. I am not going to be beaten. as my Australian cousin says.Starting the Service Like Alerter. Click on the Start Button. Microsoft implements Remote Registry as a Windows service. the answer is the following VBScript. DNS and SMTP. Remote Registry . Fortunately. No doubt Psycho will find a new way of breaking your machine.

Quit ' End of Example WMI script to Start / Stop services Tweaking the Vista registry by Guy Thomas Page 38 . 3. Save the file with a . RemoteRegistry. ' RemoteRegistry. Copy and paste the script below into notepad.Sleep 1500 objService. strInput strInput = False ' Creates the Input Message Box Do strComputer = InputBox("Which Machine? "_ .computerperformance.4 ' -------------------------------------------------------' Option Explicit Dim objWMIService. objItem.uk/ ' Created by Guy Thomas February 2007 ' Version 2.Instructions for starting the Remote Registry Service with a script 1. objService Dim colListOfServices. then enter the names of the server.vbs. strComputer.co.g.StartService() Next WScript. Double click the script. strComputer) If strComputer <> "" Then strInput = True Loop Until strInput = True ' NB Spelling of RemoteRegistry (No space). strService.Echo "Started " & strService & " on " & strComputer WScript. 2. 4.vbs extension e. strService = " 'RemoteRegistry' " Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\ \ " _ & strComputer & "\ root\ cimv2") Set colListOfServices = objWMIService.vbs ' Sample script to Start Remote Registry on strComputer ' www." Remote Machine".ExecQuery _ ("Select * from Win32_Service Where Name ="_ & strService & " ") For Each objService in colListOfServices WSCript. Wait for a confirmation message.

keep in mind that day when you are going to need access to the registry of a sickly machine on your network . System Attendant on an Exchange server. moreover you need to enclose " ' RemoteRegistry ' " in both double and single quotes. NetDiag and Terminal Services Licensing. but on my machine I was able open a session with an XP Remote desktop. even though Remote Registry was disabled on the target machine. or indeed you know of other services that require Remote Registry. Tweaking the Vista registry by Guy Thomas Page 39 . Do email me if you can shed any light on this rumour.) Summary of Remote Registry Service Practice with Remote Registry.from afar. I have a VBScript which will restart the Remote Registry on another network machine. It's easy to forget that the Remote Registry service may not be started on the target machine.Learning Points Note 1: The name for this service has no space. and thus start other services such as. there other services and utilities that rely on the Remote Registry service: DCDiag. Note 2: It may occur to you that you could amend the strService. Programs and Utilities that Depend on Remote Registry In addition to its obvious registry function. For that scenario. (There is a rumour that Remote Desktop requires the Remote Registry service.

When you have perfected the .Reg Files How to Create .reg file is that it is easy to apply.reg file.reg.Reg File with Notepad Summary .Reg Files The main purpose of .reg extension. Purpose of . An alternative method is to introduce the values held in the .Creating .reg file. you could script the command: path to . then select the value you are investigating and exporting that branch of the registry. Where you need to automate a registry change.reg file and thus merge its values with those in your Vista registry. An additional benefit is that .Reg Files This page explains how to create a .reg file by using regedit's import facility.Reg File with Notepad Dissecting the .reg extension.reg files as part of a program's installation package? It is deceptively easy to merge a .reg files The easiest way to begin is by launching regedit. One advantage of a . Naturally. The idea is that you can double-click a . as you would with regedit. Tweaking the Vista registry by Guy Thomas Page 40 . Once you have created the experimental file. there are no internal checks on the consequences of changing the registry values. allow regedit to save the file with a .Reg Files How to Create a . do make sure you know what you are doing.reg file. on this page I want to concentrate on the general techniques for creating a . you can import its settings to different machines. you don't need to drill down through endless keys.reg files provide their own built-in documentation for changes that you make to the registry.reg files to other dedicated pages. Right-click the file and then select: 'Open with'.Reg Files with Registry Export Open the . Getting Started with .reg file with your registry.How to Create . If necessary make changes to the values and then import the .Whilst it is easy to import the contents of a . I leave creating and testing the content of the . Remember that unlike clicking in a GUI. you simply double-click a text file with .reg file into the registry.Reg files is to modify the operating system's behaviour by changing values in your registry.reg files Purpose of . examine it in Notepad. Perhaps you have seen such .reg file into the registry. Another advantage is because it's a text file you can open with Notepad and then edit the values easily.

Export. click on the File menu.Reg File With Notepad Beware.reg files into a dedicated folder. Click on the Vista Start Button. if you double click a . type 'Regedit' in the 'Start Search' dialog box.Control_RunDLL \ "sysdm.exe" "Userinit"="C:\ \ Windows\ \ system32\ \ userinit.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon] "ReportBootOk"="1" "Shell"="explorer." "VmApplet"="rundll32 shell32. Launch Regedit.reg file in notepad. The default path will be 'Documents'. 4. The best procedure for reading the .cpl\ "" "AutoRestartShell"=dword:00000001 "PowerdownAfterShutdown"="0" "ShutdownWithoutLogon"="0" "cachedlogonscount"="10" "forceunlocklogon"=dword:00000000 "passwordexpirywarning"=dword:0000000e "Background"="0 0 0" "DebugServerCommand"="no" "WinStationsDisabled"="0" "DisableCAD"=dword:00000000 "scremoveoption"="0" "ShutdownFlags"=dword:00000027 "AutoAdminLogon"="1" "DefaultUserName"="Guyt" "DefaultPassword"="P££sw0rd" Tweaking the Vista registry by Guy Thomas Page 41 .reg file the default behaviour is for Vista to try and add the contents to your registry. however you may wish to save the .exe. From inside Regedit. Navigate to the area of the registry that you are interested in. Remember the path.reg file extension. Open the . Note the . for example c:\ reg. or 'Open with'.Reg File with Registry Export 1. from the shortcut menu. for example: HKLM\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon 3. Windows Registry Editor Version 5. File Menu .reg file from the Winlogon registry folder. 2. Example .reg file is to right-click and then select 'Edit'. what that does is open the xyz. select Export and choose 'Selected Branch'.How to Create a .

00 . Created by Guy Thomas. Created by Guy Thomas [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon] "Values"="settings" Blank Lines You need a blank line between each set of .reg file.Reg Files Registry Editor Quite reasonably.reg files that it creates report to be from Version 5."DefaultDomainName"="cp" [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon\ GPExtensions] Dissecting the . Incidentally. Windows Registry Editor Version 5.0 use 'REGEDIT4'. very first line of your . the correct name is: 'Windows Registry Editor Version 5.reg file contains the name of the Registry editor. (See first example in the table in the page above. Later registries are backwardly compatible. For Vista. the. Comments If you create your own . Older registries such as Windows 95 and NT 4. Purpose to display the Build Number on the desktop [HKEY_CURRENT_USER\ Control Panel\ Desktop] "PaintDesktopVersion"=dword:00000001 Tweaking the Vista registry by Guy Thomas Page 42 .0 in its Help / 'About' menu.) . thus Vista understands 'REGEDIT4'. and the first path. then it is possible to place judicious comments by preceding that line with a semi-colon. even though Vista's regedit reports to be version 6.00 . XP and Windows Server 2003. There is also a blank line between the Registry Editor Version.00. strange but true.reg paths. the . Windows Registry Editor Version 5.00'. There is no need for a blank line between individual entries for the same path.

for example: [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon] One . for example: "Shell"="explorer.reg file can contain multiple paths.(Correct) "DefaultPassword"="-" (Wrong) Tweaking the Vista registry by Guy Thomas Page 43 . the . like this: "DefaultPassword"=Note if you erroneously enclosed the minus sign in speech marks ("-"). 0000000e in hex is 14 in decimal.reg File The registry is huge.The Body of a . Observe the [square brackets] which enclose the path. for example: "passwordexpirywarning"=dword:0000000e. Deleting Registry Entries The secret of deleting registry entries is to master the minus [-] sign. I mentioned the phrase. However. "DefaultPassword"=. For simplicity. Here is an example. Earlier. one of the first lines in the . If you try this export experiment you will see zillions of Group Policy settings underneath: [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon\ GPExtensions] A plain entry in the . Incidentally.probably not what you intended.reg file means a REG_SZ type of value. then you need to master the minus sign. I have truncated the exported . if the new value creates a conflict. Consequently. we set DefaultPassword with: "DefaultPassword"="P££sw0rd" To delete the value called DefaultPassword append equals and then minus. The default behaviour is to keep all existing registry entries. With hexadecimal entries. whereas REG_SZ are more flexible and take text or decimal numbers. note the word dword to the right of the equals sign. then you would be setting the default password as equal to minus .reg file (above) and not shown the second and third paths.reg file is the path to the values you wish to merge.reg file. REG_DWORDS take only hexadecimal numbers. and append the values in the . If you want to delete an existing entry. strictly speaking. 'add keys and values'. to recap. I should have used the word merge instead of add.reg setting wins.exe".

then we can specify the values. DWORD (32-bit) Value . call for regedit and right-click in the right pane.reg file. give me a new folder. Binary Value (REG_RESOURCE_LIST) .Hexadecimal value (not decimals). see the screen shot to the right. or a new container object. How to Create a .reg file. for example: Windows Registry Editor Version 5.Reg File with Notepad When you need to create your own . While it is easy to create your own .Hexadecimal. here is a reminder of a few simple syntax rules. Key . However. String Value . Expandable String Value . and now you should see a list of all the possible registry types.Registry Types By far the most common registry types are REG_SZ (String Value) and REG_DWORD (dword). Then follows the path enclosed in [square brackets] Windows Registry Editor Version 5. At the top. capable of even bigger numbers. to see the full list. Multi-String (REG_EXPAND_SZ).00 Next comes a blank line.Text or numbers.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon] Once we have defined the folder in the registry that we wish to amend. it is probably easiest to start with an existing file and modify its settings. One way to obtain such a file would be to export a branch of the registry using regedit. select New. QWORD (64-bit) Value . for example: "DefaultUserName"="Guyt" "DefaultPassword"="P££sw0rd" "DefaultDomainName"="cp" Tweaking the Vista registry by Guy Thomas Page 44 .Machine readable 1 and 0 used by drivers. the file needs the name of the registry editor. String values separated by commas or spaces.Expandable in the sense that they can contain variables which are resolved when a program calls for this data.Means.

"Matching open and closing" speech marks.reg. then a blank line. Tweaking the Vista registry by Guy Thomas Page 45 . remember the . finally. precede the final value with dword: and don't use speech marks for the right side of the equals sign.reg examples. the actual settings that you wish to merge with the registry.Here is the completed .00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon] "DefaultUserName"="Guyt" "DefaultPassword"="P££sw0rd" "DefaultDomainName"="cp" Observe the rhythm of the REG_SZ syntax. for example: "ShutdownFlags"=dword:00000027 (Correct) "ShutdownFlags"="dword:00000027" (Wrong) @ At symbol As you get more experienced with .Creating a . Once you have an example . "ValueName" = "string".reg file What I recommend is that you start learning the syntax and structure from an existing . you may discover the @.00 [HKEY_CLASSES_ROOT\ . Since the @ is found on the first line of the code proper.reg file. In the case of hex numbers.xml] @="xmlfile" "Content Type"="text/xml" "PerceivedType"="text" [HKEY_CLASSES_ROOT\ .reg file as seen in notepad. then pay close attention to the layout. for example Auto.reg file extension. Thus rather than saying Default="xmlfile" The . Obey the rules of the quotes. Windows Registry Editor Version 5. You can obtain this special file by exporting a branch of the registry with regedit. known as REG_DWORD.xml\ PersistentHandler] @="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}" Summary . As you save.reg file uses: @="xmlfile" Windows Registry Editor Version 5. this is a clue that it means the default setting.reg file. start with the name of the Registry Editor Version.

Disable with NoDriveTypeAutoRun Build Number and PaintDesktopVersion Hide the Public Folder from the Vista Desktop Increase Simultaneous Downloads Rename the Computer Icon Registered Owner . what next? How do you view the new settings? You could take the ruthless approach and reboot the machine. Double-click the . 1. often the only way to see HKLM changes Next.Classic Registry Editor Example Roaming Profile .reg file. Create a VBScript file employing the . Control Panel Log off / Log on.reg file AutoAdminLogon Autoplay . select Merge from the drop-down menu. Right-click the .reg files. 2.g. There are also a couple of tricky ways that I only mention for completeness.regwrite method.reg settings into the registry What to do once you have applied the . Alternatively. 3. 4.g. e.reg file Once you have added the new values to the registry. Works well for many of the HKCU settings Reboot.Disable Shortcut . you could run through this progression: Press F5 . I will show you how to merge these text files with your registry.It works in some contexts. desktop settings Close. there are at least three ways of transferring information from the . I have specific examples of . Tweaking the Vista registry by Guy Thomas Page 46 . Execute the command: Regedit /s path to xyz. File (menu) Import.Reg Files The purpose of this page is to provide examples of . e.reg files.reg settings into the registry Typical Microsoft. then reopen the interface. Launch Regedit then select. What to do once you have applied the .Examples of . 5. In addition.reg file.reg file.Remove Arrow How to transfer the .reg. How to transfer the . into your registry.

00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon] "AutoAdminLogon"="1" "DefaultUserName"="Guyt" "DefaultPassword"="P££sw0rd" "DefaultDomainName"="cp" Setting AutoAdminLogon requires you to restart the operating system.AutoAdminLogon Here are the settings that you must change in order for my Auto. for example Auto. Make the amendments to suit your machine and username.Disable with NoDriveTypeAutoRun Media Change Notification (MCN) messages from the CD-ROM driver trigger AutoPlay. Autoplay .xxx". However if.reg file.reg Windows Registry Editor Version 5. Copy the settings below into a text file. Windows Registry Editor Version 5. "AutoAdminLogon"="1" "DefaultUserName"="xxx" "DefaultPassword"="xxxx0xxxx" "DefaultDomainName"="xxx. You can disable Autoplay by configuring the appropriate value of NoDriveTypeAutoRun. these messages are suppressed then the CD will not automatically start playing. Definitely needed in a domain situation.reg example file to work on your system.00 [HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer] "NoDriveTypeAutoRun"=dword:00000091 Tweaking the Vista registry by Guy Thomas Page 47 .reg extension. Here is an example . save the file with .

Build Number and PaintDesktopVersion What this . it displayed the Public folder on my Vista desktop.reg file does is add a message displaying the Build Number to the bottom right of you desktop.reg settings into the registry. Tweaking the Vista registry by Guy Thomas Page 48 . In this script I set the value of each dword to zero: "{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000000.reg extension.reg. thus. consequently.00 [HKEY_CURRENT_USER\ Control Panel\ Desktop] "PaintDesktopVersion"=dword:00000001 Note this registry setting is a dword (and not a REG_SZ). for example Build. Copy the instructions below into a text file. to see this registry hack in action I created an additional 'opposite' script.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIco ns] [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIco ns\ NewStartPanel] "{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000001 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIco ns\ ClassicStartMenu] "{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000001 Note: There was no Public folder on my Vista Desktop. is to turn 'hide' off. observe the colon and the lack of speech marks around the 000000001. Hide the Public Folder from the Vista Desktop Windows Registry Editor Version 5. What this script below does. Windows Registry Editor Version 5. Then refer to How to transfer the . save the file with . in plain English.

74.00.00.00.73.00. What's encoded in hex is: %username% at %computername%.00.72.00.75. The code below will change the desktop icon called 'Computer' to display: Username at MachineName.00.00.25.6d.00.00.65.00.65.reg extension.61.00.00. Windows Registry Editor Version 5.00.00.00.00.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIco ns] [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIco ns\ NewStartPanel] "{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000000 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ HideDesktopIco ns\ ClassicStartMenu] "{4336a54d-038b-4685-ab02-99bb52d3fb8b}"=dword:00000000 Rename the Computer Icon Is the example script below voodoo? It sure is magic.00. save the file with .63.00.74.6e.75.25.6e.65.70.00 Notice that LocalizedString=hex(2): This is the way to script the data type called 'Expanded String'.6d.72.00.6f.\ 00.6d. Copy the instructions below into a text file.00.00.'Opposite' Script to Display the Public Folder Windows Registry Editor Version 5.65.00.20.00. Tweaking the Vista registry by Guy Thomas Page 49 .00.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Classes\ CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}] "LocalizedString"=hex(2):25. for example Computer.61.00.00.00.20.\ 25.61.reg.

Windows Registry Editor Version 5.Disable Registry tweak to prevent roaming profiles saving on the local machine. Tweaking the Vista registry by Guy Thomas Page 50 .00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion] "RegisteredOrganization"="Computer Performance" "RegisteredOwner"="Guy" Roaming Profile . then double click and merge with your registry.reg file.reg.reg file.reg.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ explorer\ Shell Icons] "29"="%SystemRoot%\ \ noarrow. Example registry .reg extension. Windows Registry Editor Version 5.ico.reg extension. logoff / logon. finally try restarting your computer. you must get noarrow. save the file with . for example Owner.ico. try this progression: press f5 (refresh). Remember to include the name of the Registry Editor. also keep the second line blank. In order to see the fruits of your work. Copy the instructions below into a text file. Windows Registry Editor Version 5. for example Arrow. your RegisteredOwner is not "Guy". Note: For this . Your organization is not called "Computer Performance". Copy my example into notepad.reg examples The technique is the same for all these.0" Summary of . and. save the file with . My point is that you should make changes before you import my Owner. save the file with .reg files.reg example to work.00 [HKEY_LOCAL_MACHINE\ SOFTWARE\ Policies\ Microsoft\ Windows\ System] "DeleteRoamingCache"=dword:00000001 Shortcut . unzip and copy to Vista's \ windows folder.Remove Arrow Copy the instructions below into a text file.Registered Owner Classic Registry Editor Example Let me take a wild guess.reg extension.

My foibles include thrashing around in the HKEY_LOCAL_MACHINE section. you would configure the subfolder under HKEY_CURRENT_USER which corresponded to a particular user. Most common of all. The Tweaking the Vista registry by Guy Thomas Page 51 . More often than not. I can soon correct my errors. you would edit the HKEY_CURRENT_USER. Can be abbreviated to 'HKLM'. The HKEY_LOCAL_MACHINE\ Software\ Classes key contains default settings that can apply to all users on the local computer.Vista's Registry Structure It really does help troubleshooting if you understand the registry's structure. when I should be tracing a setting in the HKEY_USERS hive. HKEY_CLASSES_ROOT This information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. These settings ensure that the correct program opens when you launch Windows Explorer. Another of my common blunders is creating a REG_DWORD instead of a REG_SZ. HKEY_USERS Contains all the actively loaded user profiles on the computer. knowledge of the layout will prevent you navigating to the wrong section. In particular. Registry Folder or Hive What it contains HKEY_LOCAL_MACHINE Holds configuration settings for the computer (no matter which user logs on).0. or vice versa. thanks to my experience of the registry structure. Topics for Vista's Registry Structure Types of Registry Folders Registry Data Types Registry Files and Their Physical Location Types of Registry Folders The layout of the Vista registry is remarkably similar to that found in NT 4. While I still occasionally make these and other mistakes. Subsets of Main Hives HKCR is an alias of HKEY_LOCAL_MACHINE\ Software. Windows 2000 and XP.

However. REG_SZ String Value A fixed-length text string. Tweaking the Vista registry by Guy Thomas Page 52 . REG_SZ can also hold numbers. REG_MULTI_SZ Multi-String Value A multiple string. HKCU for short Registry Data Types Data type Common Name Description REG_DWORD DWORD Value Data represented by a 32-bit integer (4 bytes long). Separate each entry by spaces. However. Displayed in hexadecimal format. A data type capable of holding more than one value. The above REG_SZ and REG_DWORD are by far the most common registry types. HKEY_CURRENT_USER Contains the settings for the user who is currently logged on. HKEY_CURRENT_CONFIG Contains settings which control the hardware profile that is used by the computer at startup. REG_BINARY Binary Value Raw binary data.HKEY_CURRENT_USER\ Software\ Classes key contains settings that override the default settings and apply only to the interactive user. I include the other types below for completeness. This data type is by system variables. or other marks. REG_EXPAND_SZ Expandable String Value A variable-length data string. commas.

REG_LINK Link A Unicode string naming a symbolic link. Sam.REG_QWORD QWORD Value Data represented by a number that is a 64-bit integer. designed to store a resource list. Registry Files and Their Physical Location Registry Hive Supporting files in \ Windows\ System32\ Config HKEY_LOCAL_MACHINE\ SAM Sam. Sam. This data is written to the registry by the system or applications and is displayed in Registry Editor in hexadecimal format.sav Tweaking the Vista registry by Guy Thomas Page 53 . REG_NONE None Data with no particular type. REG_RESOURCE_REQUIREMENTS_LIST Binary Value A series of nested arrays that are designed to store a device driver's list of possible hardware resources. This data is displayed in a Binary Value.log. REG_FULL_RESOURCE_DESCRIPTOR Binary Value A series of nested arrays that is designed to store a resource list that is used by a physical hardware device. REG_RESOURCE_LIST Binary Value A series of nested arrays.

log.log.alt.HKEY_LOCAL_MACHINE\ Security Security.dat.log. Software. System.sav HKEY_LOCAL_MACHINE\ System System. Default.sav HKEY_LOCAL_MACHINE\ Software Software. System.log HKEY_USERS\ DEFAULT Default. System.sav.sav HKEY_CURRENT_CONFIG System. Ntuser. Security.sav Tweaking the Vista registry by Guy Thomas Page 54 . Software. Default. System.dat. Ntuser.log.log. Security.alt. System. System.

Windiff is the forgotten utility. To be fair. please remember where you saved this file. for example.reg file. Be prepared to ignore non-significant areas of the files.) 2. the situation arises where you change a computer setting. Tweaking the Vista registry by Guy Thomas Page 55 . and then you want to know where in the registry that setting is to be found. it still has the same clunky interface. If your ultimate goal is to create a . perhaps they have taken the view that you cannot improve on perfection. Topics for Windiff The Windiff Master Plan Windiff's Three Quirks Case Study 1: Mysterious Disappearing Recycle Bin Case Study 2: Vista Display Settings Change on Awaken Get your copy of Windiff The Windiff Master Plan The master plan to discover a particular registry setting is deceptively simple: Export the registry to a file. then change the setting using a GUI. you will isolate the place in the registry which held the GUI setting.0 days. Now export the registry again.Windiff Find Settings in the Registry Windiff is Microsoft's most underused utility. Time and time again. but naturally. Find the values and data corresponding to your change. create a . but also amongst Microsoft's development team. With perseverance. Identify the registry area of interest. a menu. Open the exported file in notepad. Use the normal GUI to make a change to the desktop. Export 'All' the registry. If possible. Cross reference your Windiff findings with the detail in notepad. start by researching the values with Windiff. or any Vista feature that interests you.again. 3. 6. Export 'All' the registry . time stamps. and highlighting the differences. Compare the two exported files using Windiff. (The reason I say ALL is to be sure that you include the setting under investigation. 4. When it comes to exploring the registry. and compare the before and after files in Windiff. not only amongst users.reg file with just the one setting to prove that you truly have found the correct area of the registry. Windiff really is a hidden treasure. Microsoft have made no changes to Windiff since NT 4. Here are detailed instructions for mastering Windiff: 1. Windiff does a superb job of comparing files. save to a different file. 7. 5.

reg files. export only the 'Branch' HKEY_LOCAL_MACHINE. launch regedit and try another Export. the other to turn it off. and removing the tick next to 'Show Identical Lines'. for the first run through of Windiff choose to export 'All' the registry.Guy's Tactics The practical challenges are overcoming Windiff's quirks.. this twin request is obvious.. Tweaking the Vista registry by Guy Thomas Page 56 . See screenshot showing the Vista File menu. once you are alert to the potential problem. Second File . To be frank. Ultimate success is creating two . then you will get swamped with data. and also sharpening your registry research skills. Make sure that you focus on: Compare Files. as a result you can concentrate on the interesting parts.and when it is prompting you for the second file.The Knack Now for the most difficult knack of using Windiff. I also call for the assistance of Notepad... the very first time I used Windiff it all seemed a blur. however. the differences. Change. Thus I recommend going to Windiff's Options menu. it seemed to be asking for the same file twice rather than two discreet files. Stay flexible. I thought that there was something wrong with the program. there are three Windiff quirks that you should know about: 1) Files v Directories Windiff compares directories as well as files.. both to examine the registry entries and to create . What this does is filter the files.just The Knack.. one turn the setting on. Intellectually. 2) First File. When I ran Windiff for the second. and subsequent times. then I repeat the experiment but export only a 'Branch' rather than the whole registry.. and read the screen. Fortunately. Read the above screenshots to see what I mean. Windiff asks you for two files . including those lines where there is no difference. I realized that the initial confusion was my fault. For example. Three Quirks in Windiff's Before you start experimenting with the registry.. What I often do is a preliminary experiment to identify potential areas in the registry.reg files. or be ruthless. but for the second run. when it comes to the practical task it is not clear when Windiff is asking you for the first file. Export sequence. then there is no problem . decide whether to keep ploughing through Windiff looking for the crucial difference.fair enough. 3) Show Identical Lines If you allow Windiff to show all lines. In order to make its comparison.

{645FF040-5081-101B-9F08-00AA002F954E}. I wanted to find the value which controls 'show / hide' for the Recycle bin.reg. hide / show. (Desktop right-click -->Personalize). exporting 'All' the registry produced a huge file with lots of possible entries that could be controlling the Recycle Bin. Clearly this is a job for Windiff. Repeat the Windiff experiment. my real goal was to find the setting in the registry.reg. load the First File = DisplayBefore.reg. file = DisplayBefore. Export 'All' the registry. see screenshot below. the problem is that the Recycle bin mysteriously disappears from Vista's desktop. Windiff Method As a preliminary step.reg. a difference of dword:00000000 and dword:00000001 made sense. make sure that the Recycle Bin is displayed.reg. Windiff Results As anticipated. filter the entries by navigating to: Options (Menu) remove the tick next to Show Identical Lines. Export 'All' the registry (again). the most significant value was: {645FF040-5081-101B-9F08-00AA002F954E}. While I discovered how to recover the bin through the Desktop --> Personalize menu.reg. file after = UserNoBin. thus it was easier to track down the critical value. Then load the Second File = DisplayAfter. Also. Once again. Additional research revealed that this is indeed the CLSID for the Recycle Bin. file = DisplayAfter. Once I filtered Windiff's entries. Delete the Recycle Bin from the desktop. Launch Windiff. This second experiment produced less data. To compare the differences. Tweaking the Vista registry by Guy Thomas Page 57 . turned out to be the crucial registry entry. but export only the HKEY_CURRENT_USER Registry Branch File before = UserBinYes. since zero and one corresponding to: off / on or.Case Study 1: Mysterious Disappearing Recycle Bin In a nutshell.

00 [HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ HideDesktopIcons\ C lassicStartMenu] "{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000000 [HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ HideDesktopIcons\ NewStartPanel] "{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000000 I also created a file with the 'opposite' setting: dword:00000001 instead of dword:00000000.reg files.00 [HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ HideDesktopIcons\ C lassicStartMenu] "{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000001 [HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ HideDesktopIcons\ NewStartPanel] "{645FF040-5081-101B-9F08-00AA002F954E}"=dword:00000001 If you save each of these two snippets into a .Proof that Windiff revealed the correct registry setting My next experiment was to open the exported registry file in notepad. Then I truncated the file to include just the settings below: (Note the first two lines are needed by all .reg file. Tweaking the Vista registry by Guy Thomas Page 58 .) Windows Registry Editor Version 5. namely the reference to the registry editor. Just remember after you apply the .reg file. Windows Registry Editor Version 5. followed by a blank line. then press F5 to refresh the desktop. then you can employ the pair of them to toggle displaying the Recycle Bin on the desktop.

What this case illustrates is the classic technique of how to employ Windiff.reg. the display mysteriously moved down a resolution of 1024 by 768. My actual problem was that when my Vista laptop went into sleep mode.\ displaybefore. but when Vista awakened.\ displayafter. Make sure that you check the options menu: Show Identical Lines is NOT selected.reg. Windiff Registry Comparison Note that you can see the filenames in the grey bar near the top of the screenshot. the menus were not so easy to read. Launch Windiff. here is an interesting difference: Tweaking the Vista registry by Guy Thomas Page 59 . For example. load the First File = DisplayBefore. Before sleep the resolution was 1280 by 800. Scroll down. Chose Options (Menu) remove the tick next to Show Identical Lines.reg:. then wait a minute or so for Windiff to make the file comparisons. Compare the differences.Case Study 2: Problem: Vista Display Settings Change on Awaken The fine details of this problem are not important in our quest to understand how Windiff works. and thus discover a registry setting. Export the whole registry (again). and consequently. Change the display settings from 1280 by 800 to 1024 by 768. Double click on the top line. This was irritating because the icons and text were distorted.reg.reg. file = DisplayAfter. . Then load the Second File = DisplayAfter. file = DisplayBefore. what you are looking for is display resolution settings. the display resolution kept changing. but ignore hex data and ignore date values. Windiff Experiment Export the whole registry.

Notepad comparison Windiff highlights (literally) "DefaultSettings.reg file. Tricks and Good Practice Don't be conned into thinking you have found the setting.YResolution="DWORD:00000300" DefaultSettings. It looks like we have found the crucial registry value DWORD DefaultSettings. then you get the correct Branch first time. 1) Export registry Branch 2) Change setting 3) Export registry Branch again 4) Compare the files with Windiff By highlighting the word Branch.XResolution"=dword:00000500 "DefaultSettings. and your . On the other hand if you are lazy or con yourself.reg file with notepad.reg file that you have found the correct value in the registry.DefaultSettings.YResolution"=dword:00000320 Equivalent Settings 500 Hex = 1280 Decimal 320 Hex = 800 Decimal Trap When you are preparing the . CurrentControlSet and ControlSet001 are usually one and the same.YResolution"=DWORD:00000320 If you search through the DisplayBefore. thus configuring ControlSet002 instead of ControlSet001 is likely to produce undesired effects. the trap is to choose the wrong ControlSet.reg file will be useless. or skilful. If you are lucky. Keep going through the 4 stage cycle until you can demonstrate with . While Hex 320 is Decimal 800. Tweaking the Vista registry by Guy Thomas Page 60 . However. then you get the wrong Branch. then you find several entries in under HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Hardware Profiles\ Current\ System [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Hardware Profiles\ Current\ System\ CurrentControlSet\ Control\ VIDEO] "DefaultSettings.YResolution. which is usually the Last Known Good. Where have we seen 768 and 800 before? Why in the display settings that we are investigating. Background research reveals that Hex 300 = Decimal 768.YResolution="DWORD:00000320" (See screenshot). I want to encourage you to keep refining the area of the registry that you are researching. beware of configuring CurrentControlSet002.

Tweaking the Vista registry by Guy Thomas Page 61 . Believe that sooner or later. you will discover the registry value that corresponds to the GUI setting. You also need to overcome Windiff's quirks. or a menu setting in the registry. and then trawl through dozens of lines containing registry differences.Summary of Windiff Windiff is a hidden gem for unearthing where to find a Vista desktop. To master Windiff requires the painstaking approach of a research scientist.

Decide whether to save 'All' of the registry. Fittingly. this is my most-loved Vista Registry tip. then right-click and choose 'Open with'. The advantage of keeping the default . click on Regedit's File menu and select Export. then you can merge the settings with the registry of the current machine.reg file extension is that if you double click the file. Alternatively. Once you have found your registry value. Tweaking the Vista registry by Guy Thomas Page 62 . and before you make any changes. take a timeout . launch notepad first.reg file by altering the 'Files of type' dialog box. rather than exporting 'All' of the registry. Exporting is straightforward. Tag the value by clicking on Regedit's Favorites menu. 'I'll Export Selected branch'. and then open the . Regedit s Export The secret of editing the registry safely is to practice with Regedit's Export and Import until you achieve mastery.think. yet you know that one day you will have to return to fine-tune the data. pause. Regedit's 'Add to Favorites' is ideal for that moment when you have taken ages to find a value. Once you have found a particular registry setting. or just the 'Selected branch'.Guy's List of Vista Regedit Tips Add to Favorites Menu Regedit s Export and Import Regedit's Find Comparing Two Machines Regedit's Own Help Remote Registry Service Best Practice for Editing the Vista Registry Pay Attention to Detail Best Practice Add to Favorites Menu Add to Favorites is a classic case of learning a technique in one area (IE7 or Mozilla) and applying the knowledge to another area . If I am going to examine the file in Notepad I export just the subset. and choose 'Add to Favorites'. If you need to examine the file with Notepad.Regedit.

you may ask questions such as. this regedit technique is very similar to an Export. then you will see 'Find'. it is worth experimenting with the various boxes. A variation of the 'gotcha' is when editing the HKLM\ System\ ControlSets. One use of 'Find' is to check that we have arrived at the correct place. in the case of a registry import. Import. Other methods include VBScript and Run. HKLM. As you may expect. The trap is that you edit a value in the users section of the registry. Note 2: In passing. Addendum While I did not like the IsShortCut registry tweak. What I do is press F3 to discover if there are indeed more instances of the value that I am editing.reg file. what I want is the System\ CurrentControlSet and not ControlSet2 or 3. Finally. 'Find' teaches us the correct terminology. F3 was indispensable for finding about 5 instances of this value. To speed up your search. and navigate to the place where you saved the . Values or Data. for example. Tweaking the Vista registry by Guy Thomas Page 63 . I admit that this tip is only really useful when you are making complex changes. renaming the Computer Icon. you could also double click a .reg file and merge with the registry. Regedit's Find If you click on Regedit's Edit menu. 'Where should I store all these . instead of the machine section. In passing.reg extension may ring a few bells with files that you have seen when installing programs in Vista or XP. then click on the File menu.reg files?' I am afraid that only you know the answer to this location question. If the changes did not produce the expected result. Note 1: As an additional safety measure consider renaming the registry value. regedit /s file name. then the surest way to return the registry to its previous state is to import the . Microsoft provide at least two ways of performing most tasks. By this I mean rename the REG_SZ or DWORD. Regedit s Import My primary use of Regedit s Import is to return the registry to its former state. therefore try ticking combinations of: Keys. HKCU.As a by-product of trying a registry Export. You begin by launching regedit. Keys are the registry folders.reg file. this . we have Data in the form of a string or a hex number. This is the file that I carefully exported before I started experimenting. while Values are the REG_SZ or DWORDs that we may be adding to the registry.

I realize that one difficulty of this approach is that you many not know where in the registry to look for a particular value. What I can say by way of encouragement. before I pressed F8. but healthy machine. While you can apply this simple idea for general troubleshooting. Continues Tweaking the Vista registry by Guy Thomas Page 64 . I am determined to change attitudes. and that is cajoling you to try Vista's built-in help. One answer is to experiment at the healthy machine. I still learn something new every time I press F1. Export the entire registry. or HKLM. Values and Data. but not Classes Root or Current User. Here are two recent examples of Regedit's help. then export the registry again. while the old are jaundiced by bad experiences of help in earlier Windows systems. otherwise I could not make a selection from the restore options. and open Vista's built-in help. 1) During a registry restore. I needed to make sure that the Num Lock key was off. make full use of the three 'Look at' boxes. is that as an IT professional and a Microsoft MVP. make a change in the area that you are troubleshooting. The young traditionally ignore help. While this is a thankless mission. Now use the Windiff utility to investigate precisely which area(s) of the registry are affected by your actions. 2) I asked help: Why are 'Unload Hive' and 'Load Hive' are greyed out? The answer was I had to first select either HKUsers. My point is to speed up your search. Keys. Comparing Two Machines One of the most under-used troubleshooting techniques is comparing the damaged machine with a similar. Regedit's Own Help I have a hidden agenda here.Look at the Keys Here is another example of employing 'Find' to reach the Winlogon registry Key quickly. it really comes into its own when researching registry settings.

remember that their natural units are hexadecimal not plain decimal. To start the Remote Registry services 1. To make sure you in the right place. The danger is forgetting to set back to Manual when you have finished your task. Click on the Start Button. Of all my Vista registry tips. Begin by asking yourself. should you start the Remote Registry service? If you do. With DWORDS. or applying a fix from an article on the web. and select Start from the short-cut menu. meaning "string data". there are also important REG_DWORD values. the decision to start the service is based on security rather than technical difficulty. See more on Connect Network Registry Pay Attention to Detail This is the situation: you are following instructions from TechNet. in the Start Search dialog box.Remote Registry Service Imagine this situation: you are sitting at a machine and considering a new risky project for regedit. Tweaking the Vista registry by Guy Thomas Page 65 . 'Am I modifying or adding this new setting?' If you are adding. Scroll down the list of services until you come to the 'Rs'. when you should be drilling down into the HKCU section. Another decision: Should you change the 'Startup Type' from 'Manual' to 'Automatic'? My advice is choose 'Automatic' while you are experimenting with regedit. or just a new value? Be aware that while most values are REG_SZ. get into the habit of seeking out the vital word. 3. keep an eye on the menu bar at the very bottom of the regedit interface. In a nutshell. Remote Registry editing is the technique to employ if you are troubleshooting why a machine hangs after booting. right-click Remote Registry. type: 'Services'. The downside of allowing Remote Registry access is that it could open back-doors for hackers. 2. one of the most annoying mistakes is to start at the HKLM registry hive. meaning hex data. then it will be easier to troubleshoot problems from another machine. My registry tip is this. When you are editing the registry. is it a whole key. Now the question is.

Check out the . Guy Thomas May 2007. for example.uk Should you find any good registry tweaks. and test how it restores a previous version of your registry files.sav files in the \ system32\ config folder. Research Volume Shadow Copy. think laterally. make a point of studying each page's 'Key Learning Points'. Occasionally Vista may provide a new GUI to configure a setting. As you work through my registry examples. what else could you do? I urge you to consider configuring a Group Policy rather than tweaking the registry.Best Practice for Editing the Vista Registry Before you make any changes to the registry settings. you could launch the Control Panel --> Users and un-tick the setting called. Follow-up If you find any error please email me guy@computerperformance.co. remember to try Last Known Good as your first recovery option. Instead of risking making changes with your registry editor. get into the habit of exporting at least that branch of the registry. instead of launching regedit and changing the value for AutoAdminLogon. If your computer has a serious problem. Tweaking the Vista registry by Guy Thomas Page 66 . 'Users must enter a user name and password. Backup the system state before you try anything radical in the registry. which requires pressing F8 at boot-up.' Learn how to perform a remote registry edit with: Connect Network Registry. then please send them to me at the above email address. Seek alternative methods.

com. The unregistered version of Win2PDF is for evaluation or non-commercial use only.daneprairie. .This document was created with Win2PDF available at http://www.