Registry trivia and tools

Readers suggest some useful tools for working with the Windows registry.

Shameless Plug Department: We have discussed spam many times and our alter ego has banged on about it in Backspin to the point where our esteemed editor has threatened physical violence if another spam column is presented. If you are fighting spam you might be interested in the free seminar, “Blocking Spam: Stop Unwanted Content Enterprisewide,” that I am presenting with Network World.

We continue our registry exploration. Reader Greg Martin wrote “Regedt32 is needed to modify security. Regedit cannot do so.” Quite true, under Windows NT and 2000 there are two versions of the registry editor: regedt32.exe and regedit.exe (under Windows 98 and ME there is only regedit.exe to entertain you).

There are a few differences between the two utilities: regedt32.exe has a security menu to examine and edit permissions of subtrees, keys and subkeys; each hive is displayed in its own dedicated window; you can set an option to work in read-only mode; you can edit values longer than 256 characters as well as edit REG_MULTI_SZ entry values; and you can load multiple registry files at the same time.

On the other hand, regedit.exe has a better search facility; all the keys are visible in one window (like Explorer), subkeys can be bookmarked, it opens the last subtree edited, the registry can be exported to a text file, and you can import a .REG file from the command line.

Under Windows XP you can launch regedt32.exe or regedit.exe – either way, you get the same program, which combines some of the features of both editors and leaves out others. For example, there is no multiwindow display but you can edit permissions.

Reader Mark Mills recommends Aelita’s ERDisk, which he describes as a “great tool for backing up all the PC’s registries on a network, creating ERD CD-ROMs, or remotely fixing a user’s registry without his intervention.” Not content with one recommendation, Mills also suggests, “For those who just like to back up their registries in one or two clicks, or defrag [their] registry, try Erunt – yes it is freeware!”

Erunt is definitely cool, and the program’s author, Lars Hederer, makes an interesting observation: “The Export registry function in Regedit is useless to make a complete backup of the registry. Neither does it export the whole registry (for example, no information from the Security hive is saved), nor can the exported file be used later to replace the current registry with the old one. Instead, if you reimport the file, it is merged with the current registry, leaving you with an absolute mess of old and new registry keys.”

The registry defrag that Mills mentioned is done by a freeware program included with Erunt called Ntregopt, which works under Win NT/2000/XP. He suggests using Ntregopt regularly, especially after installing or uninstalling a program.

Hederer says Ntregopt works by “recreating each registry hive ‘from scratch,’ thus removing any slack space that may be left from previously modified or deleted keys,” but it “does not change the contents of the registry in any way, nor does it defrag the registry files ‘on-disk’ (as the PageDefrag program from SysInternals does). The optimization done by Ntrgopt is simply compacting the registry hives to the minimum size possible.”

This leads us to PageDefrag. Written by Mark Russinovich for Win NT 4.0, 2000 and XP, PageDefrag, another freeware utility, can defragment files that are open for exclusive access by the operating system. This includes paging files and Registry hives.

Russinovich says “Paging and Registry file fragmentation can be one of the leading causes of performance degradation related to file fragmentation in a system,” and never was a truer word spoken. Or written.

You need to explore Russinovich’s site, SysInternals  – he and his partner, Bryce Cogswell, offer scores of freeware utilities that are priceless for diagnosing and exploring the gory details of all versions of Windows.

You might want to check out another of SysInternals tool called Regmon. Regmon runs on Win 95, 98, Me, NT, 2000, XP and .Net Server, and is designed to monitor and display all Registry activity in real time. You can filter and search for keys and data so you can analyze how Windows and applications use the registry. You will be surprised at how busy the registry is.

If you want to learn something obscure and potentially useful about the registry, check out SysInternals story on hidden registry keys.

Expose your keys at gearhead@gibbs.com.