I Thought We Weren’t Supposed to Change Settings in the Registry?

by Shijaz Abdulla on 04.10.2009 at 21:34

Following is an excerpt taken from a Microsoft Technet article written by the Scripting Guys. It’s about the Windows Registry and I found it rather amusing:

As you probably know, Microsoft has a sort of love-hate relationship with the registry. The registry is the configuration database for Windows and Windows applications, and many options can only be set by manually changing a value in the registry. For example, if you’ve ever read a Microsoft Knowledge Base article, you’ve likely seen a sentence similar to this:

To correct this problem, change the following value in the registry.

Now that’s fine, except that this sentence is invariably followed by a disclaimer similar to this one:

Warning: Don’t ever change a value in the registry. Ever. We know we just told you to do that, but would you jump off a cliff if we told you to? Don’t ever change a value in the registry. Don’t even say the word registry. We know a guy once who said the word registry, and three days later he was hit by a bus. True story. As a matter of fact, you shouldn’t even have a registry on your computer. If you suspect that you do have a registry on your computer, call us and a trained professional will be dispatched to your office to remove the registry immediately. If you accidentally touch the registry, wash your hands with soap and water and call a doctor. Do not swallow the registry or get it in your eyes!

Now, to be honest, some of those fears are a bit exaggerated, and the disclaimer is there largely for legal reasons (remember, this is the day and age when you can order hot coffee in a restaurant and then sue the restaurant when the coffee they give you turns out to be, well, hot). If you do it correctly, changing the registry is perfectly harmless. At the same time, however, it’s true that there are certain values in the registry that should never be changed. In fact, changing them can pretty much wipe your computer out, once and for all. It’s like working on the bomb squad: if you snip the right wire, the bomb is defused and everything is fine. But if you snip the wrong one—Boom! You just created Microsoft Bob!

Um, not that we’re saying Microsoft Bob was a bomb or anything.

Opening blocked attachments in Outlook

by Shijaz Abdulla on 09.01.2008 at 10:23

Some file extensions are blocked by Microsoft Outlook for the potential damage that they may cause. File types blocked include EXE, COM, MDB and many others.

Outlook displays a message that it has blocked the attachment:

Sometimes it becomes necessary to “unblock” a particular file extension. One of the most common requests is to unblock Access database files (*.mdb). Let’s see how this can be done:

  1. On the desktop running Outlook, open Registry Editor.
  2. Navigate to HKEY_CURRENT_USERSoftwareMicrosoftOfficexx.x OutlookSecurity where xx.x is your Outlook version number (9.0, 10.0, or 11.0)
  3. Add a new string named Level1Remove
  4. Add value to this string with all the extensions that you want to unblock, separated by a semicolon. (For example: .mdb;.url ) Remember to put the dot before the extension.

It should, however, be kept in mind that unblocking a particular file type introduces new risk, as the user can also receive a malicious file of the same type from another user or the internet and he/she might inadvertently open it.

For Outlook 2007, you need to insert the string in the following key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice12.0OutlookSecurity. If the key path doesn’t exist, you can create it.

Hotfix for latest Vista-compatible version of ISA Firewall client

by Shijaz Abdulla on 09.07.2007 at 07:44

A problem has been found in the new Vista-compatible version of ISA Firewall client that was made available for download recently on the Microsoft website. [Read about it on my blog]

Programs like mobile phone connection optimizer software may install the Winsock Base Service Provider (BSP). BSPs sometimes bypass the Firewall client. To raise an alarm about the situation, ISA Firewall client displays one of those ugly yellow exclamation marks on the system tray icon. If you hover your mouse over it, it shouts “Firewall client is not installed properly”. An example of software that causes this condition is AT&T Comms Manager.

If this is too annoying for you, you can get rid of the warning:

  • Download and Install the hotfix
  • Open REGEDIT, find the key “HKEY_LOCAL_MACHINESOFTWAREMicrosoftFirewall Client 2004Policies” and add a new “DWORD” value “UiEnableCatalogValidation” and set it to “0″ (zero).

Modify a user’s registry hive without logging in

by Shijaz Abdulla on 23.06.2007 at 13:35

ModifyProfile, an ingenious freeware tool written by Marty List, lets you modify the HKEY_CURRENT_USER registry hive of any user on your machine, without requiring the user to login.

By design, Windows has a different HKEY_CURRENT_USER hive for every user that has a profile on the Windows computer. This is stored in the C:Documents & SettingsusernameNTUser.dat file in each user’s profile. This hive is “loaded” whenever the user logs in and is displayed in REGEDIT as the HKEY_CURRENT_USER hive. Depending on which user is logged in, the hive is different, because a different NTUser.dat file has been loaded.

Sometimes an administrator needs to change a registry value in the HKEY_CURRENT_USER hive of many or all users who log on to a particular system. I’ve seen that adminsitrators are usually confronted with this kind of a challenge on Terminal Servers, where multiple users estabish remote desktop/terminal sessions, and a change/restriction needs to be made in the HKEY_CURRENT_USER hive of all users.

Instead of having to login to each user’s session or write a login script to make the change, the administrator can pick a time when no user will be logged in (because the NTUser.dat file should not be “in use”) and use the ModifyProfile tool from the administrator’s command line.

For instance, I can implement a registry change stored in a .reg file for all users, by using a single command like:

ModifyProfile.exe /PROFILE:ALL /REG:”C:TEMPChanges.reg” /KEYNAME:TempHive
and ModifyProfile will open each user’s hive and do the job!