Guy's Best Practice and Litmus Test Ezine #6 - Registry Tips
This week's newsletter is in two halves; the first half features Registry
Tips and stories, while the second half has follow up on last week's Exchange
Tips.
Contents for Ezine #6Registry Tips
Hacking the registry is an emotive term. It brings to mind thoughts of
expert knowledge, with a dash of bravado and more than a hint of forbidden
fruit.
How Dangerous is editing the registry? In my opinion everyone goes
through 5 stages before they master the registry.
- Fear of the new language
- Wonderment of the Power of Regedit
- Complacency - I can do anything
- Panic
- Respect for the Registry
Automatic Logon has all the ingredients of a registry hack: a security risk,
specialist business use and most of all AutoAdminLogon is fun to implement.
AutoAdminLogon creates a huge security loophole by allowing a machine to start
without requiring anyone to logon. So what can be the justification? The answer
is installation scripts, especially where you apply service packs immediately
after the main install. If the script turns on AutoAdminLogon, then the
installation engineer does not have to visit the machine midway through the job.
A clever script will then reset AutoAdminLogon to zero, meaning off one the task
has completed.
Instructions to set AutoAdminLogon
First Objective - Open Regedit then drill down to:
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\winlogon.
If AutoAdminLogon exists then Double Click on AutoAdminLogon and set value =1
(Numeric 1)
If AutoAdminLogon does NOT exist then go to: Edit (Menu), New, String Value,
Type AutoAdminLogon
Second Objective - Create DefaultPassword
In regedit, you need to go to the EDIT menu, New, String Value type
DefaultPassword.
To get AutoAdminLogon to work you need to add DefaultPassword to the same
WINLOGON area.
Set the password to what ever it needs to be for the DefaultUser to logon
successfully.
Note 1: You will need a reboot
Note 2: The DefaultUser does not have to be Administrator, set it to who ever is
most appropriate.
Note 3: To break out of AutoAdminLogon and select a different username, keep
your finger on the Shift key before logon.
See Windows 8
AutoAdminLogon Registry Settings.
Calculating IP Address
ranges is a black art, which many network managers solve by creating custom
Excel spreadsheets. IPAT cracks this problem of allocating IP addresses
in networks in two ways:
For Mr Organized there is a nifty subnet
calculator, you enter the network address and the subnet mask, then IPAT
works out the usable addresses and their ranges.
For Mr Lazy IPAT
discovers and then displays the IP addresses of existing computers.
Download the Free IP Address Tracker
Damon Runyan had character in his book who was always giving horse racing
tips. He had a catch phrase ' and a Tale goes with it' meaning there was always
an interesting story behind the 'Tip'. Well I have ' and a Tale goes with it',
for my next registry tip.
Evans Twp - RegisteredOwner
In my homeland of Wales, Twp (pronounced Tupp) means a stupid person. The IT
manager of a company I was working with was called Evans and in common with many
mangers he was not very IT literate. So one of the techies, Dai 'eighteen
months', nicknamed the manager Evans Twp. (Dai lost half of one ear in a Rugby
scrum so he only had an ear and a half!).
The IT department took on a new lad called Peter. Now practical jokes are often
part of initiation for new workers and this company was no exception. Peter's
first job was to install 5 new servers. During the set-up he came to the
Organization Menu and he asked Dai 'eighteen months' what he should enter. Dai
said "Put Evans Twp in the box". When Peter proudly showed off the new server he
was taken aback when Mr Evans went ballistic and accused Peter of undermining
his authority. What had happened was Mr Evans saw that the 'Registered To' in
the System Icon said: - Evans Twp! (Meaning: Evans the stupid one!)
I was visiting the company doing other work when I heard of Peter's distress.
Poor lad was told that he had to come in a the weekend and reinstall the servers
with proper company name as the 'Registered Owner'. I took him aside and showed
him how to find RegisteredOwner using Regedit. We found Evans Twp and changed it
to a more appropriate value. Peter was thrilled as it only took a moment and he
did not have to sacrifice his weekend.
INSTRUCTIONS TO SET REGISTEREDOWNERMethod Drill down to: HKEY_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
Double Click RegisteredOwner then change the value to what you want. Re-open the
System Icon and check your new value
Here are my latest views on the 5 stages on
mastering the registry.
Two readers wrote in to make some valuable points about Exchange 2003
migration.
C.H. Pointed out that one Migration Path would be Exchange 2003 on an Exchange
2003 member server in a Windows 2000 domain.
B.G. Emphasised that it is 'Best Practice' to run deployment tool = exeploy.hta
from the Wizard at the Startup screen. Do not run exdeploy.exe directly.
Circular Logging SOUNDS like a good idea, but it does not get the Guy seal of
approval.
Best Practice Professionals: Think of disaster recovery, they disable circular logging 99%
of the time
Amateurs: Think Circular Logging is best practice for database logs
Why is Circular Logging not best practice?
During disaster recovery, if you have over-written the transaction logs then you
can only restore as far as the last backup. When all the logs are available,
Exchange automatically replays the logs and recovers all the transactions.
What is Circular Logging?Exchange, SQL and Active Directory databases all rely on transaction or
write-ahead logs. Events can be quickly written to the logs, then later
'committed' to the main database file. Circular logging over-writes these
transaction logs to save disk space.
Where do you check the circular logging setting?a) Open the Exchange Administrator, double-click Servers.
b) Select the server which has the storage group you want to enable
circular logging.
c) Right-click the storage group, and then click Properties.
d) On the General tab, click Enable circular logging, and then click Yes.
Why does such a potentially harmful setting exist?
The one time you may need circular logging is if your disk is full. When you
first install a database you always think 'no way will the disk ever get full' -
experience teaches it will!
Windows 8 Registry
• Windows 8 new features •
Windows 8 Metro UI •
AutoAdminLogon •
Win 8 Registry
• Windows 8 Registry
Hacks •
IP Address Manager •
Win 8 Start Menu •
E 170 Registry
• Litmus Tests •
Windiff •
Regedit • Ezines
• E 107 Reg •
E 84 Reg •
E 7 Registry Tips •
E 6 Reg •
Registry
|
