Lovely Professional

University

TERM PAPER

Of

OPERATING SYSTEM

TOPIC :--HOW REGISTRY IS HELPFUL FOR

MANAGING SECURITY

SUBMITTED BY:-

ACKNOWLEDGEMENT

 

We cannot achieve anything worthwhile in the field of technical

education until or unless the theoretical education acquired in the

classroom is effectively wedded to its practical approach that is

taking place in the modern industries and research institute.

Although an engineer can only be successful through sheer hard

work, but the contribution of his teachers and all those who have

been helpful cannot be over looked. I also express thanks to my

parents who put their great valuable trust and helped me .Lastly, I

offer my regards and blessings to all of those specially who

supported me in respect during the completion of the project.

I express my deep sense of gratitude to LECT. PUSHPENDRA for

providing me requisite facilities and cordial atmosphere during my

training period.

********

What is the registry?

The registry is a database in Windows that contains important information about system

hardware, installed programs and settings, and profiles of each of the user accounts on your

computer. Windows continually refers to the information in the registry.

You shouldn't need to make manual changes to the registry because programs and

applications typically make all the necessary changes automatically. An incorrect change to

your computer's registry could render your computer inoperable. However, if a corrupt file

appears in the registry, you might be required to make changes.

We strongly recommend that you back up the registry before making any changes and that

you only change values in the registry that you understand or have been instructed to change

by a source you trust.

What is Registry Editor?

Registry Editor is a tool intended for advanced users. It's used to view and change settings in

the system registry, which contains information about how your computer runs. Windows

refers to this information and updates it when you make changes to your computer, such as

installing a new program, creating a user profile, or adding new hardware. Registry Editor

lets you view registry folders, files, and the settings for each registry file.

Ordinarily, you don't need to make changes to the registry. The registry contains complex

system information that's vital to your computer, and an incorrect change to your computer's

registry could render your computer inoperable. However, a corrupt registry file might

require changes. We strongly recommended that you back up the registry before making any

changes and that you only change values in the registry that you understand or have been

instructed to change.

How to open Registry Editor ?

To open the registry with elevated privileges, click Start, click All Programs, click

Accessories, right-click Command Prompt and then point to Run as administrator. In the

command prompt that opens, type regedit.exe.

System configuration information is stored centrally in a hierarchical database called the

registry. You can use Registry Editor to add and edit registry keys and values, restore the

registry from a backup or to default values, and to import or export keys for reference or

backup.

You can also print the registry and control which accounts have permission to edit the

registry.

MANAGING THE USER

REGISTRY

Manage your user registry by running various update and/or delete tasks after you have

configured the user registry as part of the installation and deployment process.

Initial security configuration is part of the installation instructions. This is a change from

previous versions of the information center. The information in this section assumes you have

already configured the user registry as part of the installation and deployment process. If you

are looking for instructions to initially setup your user registry, refer to the Installing

WebSphere Portal section of the information.

Clustered environment note: If you are running any of the following tasks after setting up

your clustered production environment, you will need to run an additional task to update the

security settings on the secondary nodes; see Configuring security after cluster creation for

information.

Enabling application groups

Application groups is a concept that allows you to define user groups within the

database user registry with members (users or groups) contained in the federated

LDAP user registry you configured. The benefit of application groups is that you can

create Groups that are only used in IBM WebSphere Portal.

Managing your user registry on AIX

After installing and deploying IBM WebSphere Portal, which includes installing and

configuring the user registry, you can manage the user registry by running various

update and/or delete tasks. These tasks include, but are not limited to, adding a

property extension (lookaside) database, updating or deleting the entity type, and

deleting the registry.

Managing your user registry on an HP-UX

After installing and deploying IBM WebSphere Portal, which includes installing and

configuring the user registry, you can manage the user registry by running various

update and/or delete tasks. These tasks include, but are not limited to, adding a

property extension (lookaside) database, updating or deleting the entity type, and

deleting the registry.

Managing your user registry on i5/OS

After installing and deploying IBM WebSphere Portal, which includes installing and

configuring the user registry, you can manage the user registry by running various

update and/or delete tasks. These tasks include, but are not limited to, adding a

property extension (lookaside) database, updating or deleting the entity type, and

deleting the registry.

Managing your user registry on Linux

After installing and deploying IBM WebSphere Portal, which includes installing and

configuring the user registry, you can manage the user registry by running various

update and/or delete tasks. These tasks include, but are not limited to, adding a

property extension (lookaside) database, updating or deleting the entity type, and

deleting the registry.

Managing your user registry on Solaris

After installing and deploying IBM WebSphere Portal, which includes installing and

configuring the user registry, you can manage the user registry by running various

update and/or delete tasks. These tasks include, but are not limited to, adding a

property extension (lookaside) database, updating or deleting the entity type, and

deleting the registry.

Managing your user registry on Windows

After installing and deploying IBM WebSphere Portal, which includes installing and

configuring the user registry, you can manage the user registry by running various

update and/or delete tasks. These tasks include, but are not limited to, adding a

property extension (lookaside) database, updating or deleting the entity type, and

deleting the registry.

Add a Registry Key

To find or change any entry in the registry, use Registry Editor. Once you have opened Registry

Editor, you can proceed to add a registry key.

Caution

Incorrectly editing the registry may severely damage your system. Before making

changes to the registry, you should back up any valued data on your computer.

Note

If you make a mistake that results in your computer not starting properly, you can

restore the registry. For instructions, see Restore the Registry.

To add a registry key

1. In Registry Editor, click the registry key under which you would like to add a new

key.

2. Click New on the Edit menu and then click Key.

3. Type a name for the new key and then press ENTER.

To change a value

1. In Registry Editor, click the entry you want to change.

2. On the Edit menu, click Modify.

3. In Value data, type the data for the value and then click OK.

Note

To make changes to a registry key, you must have the appropriate permissions. For more

information about permissions and security in this version of Windows, search Help and

Support for "Security best practices."

To find a string, value, or key

1. In Registry Editor, click Find on the Edit menu.

2. In Find what, type the string, value, or key you want to find.

3. Select the Keys, Values, Data, or Match whole string only check boxes to match the

type of search you want, and then click Find Next.

Note

To repeat the search, press F3.

Exporting registry files

To export all or part of the registry remotely, use Registry Editor. Once you have opened

Registry Editor, you can export the registry to a text file or to a hive file.

You can use a text editor like Notepad to work with registry files you create by exporting.

You can save registry files in the Windows format, as registration files, as binary hive files, or as text

files. Registry files are saved with .reg extensions, and text files are saved with .txt extensions.

Export all or part of the registry

1. Open Registry Editor. If you want to save only a particular branch, select it.

2. On the File menu, click Export….

3. In File name, enter a name for the registry file.

4. In Save as type, select the file type you wish to use for the saved file (registration file,

registry hive file, text file, Windows 98/NT4.0 registration file).

5. In Export Range, use the radio buttons to select whether you want to export the entire

registry or only the selected branch.

6. Click Save.

Registry Editor provides a number of commands that are designed primarily for maintaining

your system. For example, Load Hive and Unload Hive allow a part of your system to be

temporarily downloaded onto another computer for maintenance. Before a hive can be loaded

or restored, it must be saved as a key, either to a floppy disk or to your hard disk.

Importing registry files

The Import… command in Registry Editor can import registry files of all types, including text files

and hive files.

Import some or all of the registry

1. Open Registry Editor.

2. On the File menu, click Import….

3. Find the file you want to import, click the file to select it, and then click Open.

Note

In Windows Explorer, double-clicking a file with the .reg extension imports the file into

the computer's registry.

Caution

A restored hive overwrites an existing registry key and becomes a permanent part of

your configuration. For example, to perform maintenance on part of your system, you

can use Export… to save a hive to a disk. When you are ready, you can then use

Import… on the File menu to restore the saved key to your system

To print all or part of the registry

1. Open Registry Editor.

2. Click the computer or top-level key of the registry area you want to print.

3. On the File menu, click Print….

4. Do one of the following:

o Click All to print the entire registry.

o Click Selected Branch and type a particular branch in the text box to print only

part of the registry.

5. Click OK.

Note

The average registry can take hundreds of pages to print. Consider printing only those

branches you need.

Restore the Registry

If certain keys or values in the registry key HKLM\System\CurrentControlSet are deleted or given

incorrect values, the registry may need to be restored before you can continue using the computer.

To restore the registry

1. Print these instructions. (If you are reading these instruction in Windows Help and

Support, click the print icon.) They will not be available after you shut down your

computer in step 3.

2. Open Registry Editor.

3. Click Start, point to the right-pointing arrow icon, and then click Shut Down.

4. Start the computer. When you see the message Please select the operating system to

start, press F8.

5. Use the arrow keys to highlight Last Known Good Configuration and then press

ENTER. NUM LOCK must be off before the arrow keys on the numeric keypad will

function.

6. Use the arrow keys to highlight an operating system, and then press ENTER.

Registry Key Security and Access Rights

7. The Windows security model enables you to control access to registry keys. For more

information about security, see Access-Control Model.

8. You can specify a security descriptor for a registry key when you call the

RegCreateKeyEx or RegSetKeySecurity function. If you specify NULL, the key gets

a default security descriptor. The ACLs in a default security descriptor for a key are

inherited from its direct parent key.

9. To get the security descriptor of a registry key, call the RegGetKeySecurity,

GetNamedSecurityInfo, or GetSecurityInfo function.

10. The valid access rights for registry keys include the DELETE, READ_CONTROL,

WRITE_DAC, and WRITE_OWNER standard access rights. Registry keys do not

support the SYNCHRONIZE standard access right.

11. The following table lists the specific access rights for registry key objects.

Value Meaning

KEY_ALL_ACCESS (0xF003F)

Combines the STANDARD_RIGHTS_REQUIRED,

KEY_QUERY_VALUE, KEY_SET_VALUE,

KEY_CREATE_SUB_KEY,

KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY,

and KEY_CREATE_LINK access rights.

KEY_CREATE_LINK (0x0020) Reserved for system use.

KEY_CREATE_SUB_KEY

(0x0004)Required to create a subkey of a registry key.

KEY_ENUMERATE_SUB_KEYS

(0x0008)Required to enumerate the subkeys of a registry key.

KEY_EXECUTE (0x20019) Equivalent to KEY_READ.

KEY_NOTIFY (0x0010)Required to request change notifications for a registry

key or for subkeys of a registry key.

KEY_QUERY_VALUE (0x0001) Required to query the values of a registry key.

KEY_READ (0x20019)

Combines the STANDARD_RIGHTS_READ,

KEY_QUERY_VALUE,

KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY

values.

KEY_SET_VALUE (0x0002) Required to create, delete, or set a registry value.

KEY_WOW64_32KEY (0x0200) Indicates that an application on 64-bit Windows should

operate on the 32-bit registry view. For more

information, see Accessing an Alternate Registry View.

This flag must be combined using the OR operator with

the other flags in this table that either query or access

registry values.

Windows 2000:  This flag is not supported.

KEY_WOW64_64KEY (0x0100)

Indicates that an application on 64-bit Windows should

operate on the 64-bit registry view. For more

information, see Accessing an Alternate Registry View.

This flag must be combined using the OR operator with

the other flags in this table that either query or access

registry values.

Windows 2000:  This flag is not supported.

KEY_WRITE (0x20006)

Combines the STANDARD_RIGHTS_WRITE,

KEY_SET_VALUE, and KEY_CREATE_SUB_KEY

access rights.

12.  

13. When you call the RegOpenKeyEx function, the system checks the requested access

rights against the key's security descriptor. If the user does not have the correct access

to the registry key, the open operation fails. If an administrator needs access to the

key, the solution is to enable the SE_TAKE_OWNERSHIP_NAME privilege and

open the registry key with WRITE_OWNER access. For more information, see

Enabling and Disabling Privileges.

14. You can request the ACCESS_SYSTEM_SECURITY access right to a registry key if

you want to read or write the key's system access control list (SACL). For more

information, see Access-Control Lists (ACLs) and SACL Access Right.

15. To view the current access rights for a key, including the predefined keys, use the

Registry Editor (Regedt32.exe). After navigating to the desired key, go to the Edit

menu and select Permissions.

HOW Registry is helpful in security

If you’re involved in data security, you’re familiar with cryptography in some fashion and

you know that ciphers - algorithms for performing encryption and decryption - are what do

the work. You probably also know that there are a few quick-and-dirty algorithms for

encrypting data. One such algorithm is known as the Caesar Cipher, or ROT-13, a simple

algorithm that encrypts data by shifting each character 13 places in the alphabet while leaving

non-alpha characters untouched. It’s so simple that you can decrypt it manually, but it’s

enough to fool the casual observer. Anyone coming across something like cnffj beqsb egurf

rperg svyrf vfcnf fjbeq, is naturally going to assume it’s encrypted; in fact, it’s ROT-13 for

password for the secret files is password. I broke it up into five-character groups to make it

more convincing.

For whatever reason, Microsoft uses ROT-13 to encrypt data in some registry keys. One such

key is: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist. Here’s an

example: “HRZR_EHACNGU:P:\AFYBBXHC.RKR.” Decrypted, that’s

“UEME_RUNPATH:C:\NSLOOKUP.EXE.” (We’ll look at the UserAssist key in Part 3.) A

better way to hide data is to encode text-based information in binary format and store it in

binary form as a string in registry values of type REG_SZ. Given that binary data is common

in the registry, the technique would make it extremely difficult to retrieve the hidden

information.

In addition to using ROT-13 and binary encoding to obfuscate data, a suspect could take

advantage of a flaw in the registry editor to also make the data invisible to anyone but a

forensics examiner who knows about the flaw. From “Forensic Analysis of the Windows

Registry:”

The Windows 2000 and XP Registry Editor (regedit.exe or regedt32.exe) have an

implementation flaw that allows hiding of registry information from viewing and editing,

regardless of users access privilege (Secunia, 2005). The flaw involves any registry values

with name from 256 to 259 (maximum value name) characters long. The overly long registry

value (regardless of type) not only hides its own presence, but also subsequently created

values (regardless of type) in the same key (Franchuk, 2005). The editor stops displaying the

remaining of the values thinking the overly long value as the last value in that key. Suspect

could exploit such Registry Editor flaw to hide information.

The Windows console registry tool (reg.exe) can display these overly long registry values so

the hidden data can be recovered as evidence; however, given the sheer number of entries in

the registry, this process is not trivial.

Very few people are aware about even the existence of the windows registry of the computer,

let alone the utility of registry cleaning. This is the central database of the system that stores

information about the computer. All the details about the hardware that make up the system

and the software that runs on the system as well as the software that runs the hardware stored

in this database called the registry. This system database records all the activity that takes

place on the system. This can be regarding which user logged on to the system to the time

when the user logged off. It even records what sites were visited and what was downloaded.

This means that the operating system keeps on adding to the information in its database and

so it must grow as the days go by. In the bargain the system database will grow to such a size

with redundant and useless information that the speed of scanning the registry for information

that is called up by some program will be much more than the speed of the processor and so

the system will become sluggish and slow. Here is where the knowledge of how to use a

registry repair software will come handy to you.

To enhance the security of the Windows Management Instrumentation (WMI) shared

provider host process (wmiprvse.exe), changes were made to Windows platforms that secure

the provider host process with a service security identifier (SID). These changes introduce the

following running modes for the WMI shared host: secure and compatible.

The following sections are covered in this topic:

Secure and Compatible Modes

Registry Keys and Values

Configuring a Provider to Run in Secure or Compatible Mode

Secure and Compatible Modes

Starting in Windows 7, the following two running modes for the WMI shared host process

were added:

Secure mode

WMI provider host process resources are secured with a service SID. Only the service

SID has permissions for these resources.

Compatible mode

The WMI shared provider host process is not secured with a service SID. The

provider host process allows access to the NetworkService or LocalService accounts

depending on the hosting model. For more information about hosting models, see

Provider Hosting and Security.

Windows XP with SP2 and later, all versions of Windows Server 2003, Windows Vista, and Windows

Server 2008: To access the registry keys and values for controlling secure and compatible modes for

the provider host process, you must install the security update in KB 959454. For more information,

see the Microsoft Security Bulletin MS09-012.

What Is A Registry Cleaner?

It is a software that scan the registry of the system and identify broken links, files, fonts, and

any information that is not in any way needed or used by the system but is just lying there

taking up disk space and slowing down the registry operations. Free Microsoft registry

cleaner, ensuing, PC and express are some names associated with the registry maintenance

software. The program will identify and select such components and then prompt you to

clean or repair the registry by clicking on the appropriate link.

How Does A Registry Cleaner Work?

Once you have downloaded the registry cleaning program from the site onto your computer

you will have to install it. The program must be compatible to the resident operating system.

Installation of such programs is high on ease and takes a very less time. If you are using XP

you will not have to reboot the system for the program to work. Clicking on the exe program

will launch it. This is usually a link on the desktop. The program interface will prompt you to

scan the registry by clicking on 'scan registry' link. The scanning process will take about three

minutes to scan the registry and then display the redundant links on the page. Then it will ask

you to 'repair the registry by clicking on the 'repair' link. This process takes a couple of

seconds. When you reboot your system the computer will be running more smoothly and

efficiently because the junk has been removed from the system by the windows registry

cleaning software.

Author is admin and technical expert associated with development of computer security and

performance enhancing software like Registry Cleaner, Anti Spyware, Window Cleaner, Anti

Spam Filter. Learn how clean registry increase efficiency of computer. Visit our Home page

or Resource Center to read more about products and download free trial of a range of security

and performance enhancing software like

Windows Registry Cleaner

Anti Spyware and Anti Adware

Windows and Internet Cleaner

Anti Spam Filter for MS Outlook

Anti Spam Filter for Outlook Express

You've probably heard it somewhere before. Your registry is what keeps all of the

information that your computer needs to be able to run all the programs you've installed and

even the basic functions of your operating system. One can never emphasize enough the

importance of keeping this registry in great shape. Neither can one downplay the importance

of registry cleaners.

As the brain of the computer is said to be the CPU, the registry shall be called the heart of

your computing life. Without it or with a failing registry, you'll probably be failing as far as

your documentation and storage requirements are concerned. That's because with a bungled

registry, you have a bungling computer and everything just tends to fall down like a domino.

Needless to say, the registry has to be kept in perfect shape all the time lest you run the risk

of putting your precious files in danger. So what can you do to make your registry as perfect

as it could be? Clean it, of course, but this is not something you can can just take for granted.

When choosing a registry cleaner, make sure it's something that will actually make your

computer perform better and not have things ending up compromising the stability of your

system.

Unless you're a pro, you're definitely going to need a program that will clean your registry so

you can keep at a good size, meaning, free of unwanted elements such remnant files from

software you've installed and uninstalled previously or drivers you no longer need. This could

also mean ridding your system of possible digital contaminants you may have unknowingly

downloaded from the Internet like viruses, worms or Trojans.

It's important to realize that as you use your computer over time, your registry tends to

accumulate files that it doesn't really need. This is part of the computing experience as far as

that registry is concerned. However, you can do your part by cleaning it regularly so it could

be kept at a healthy size, a size that won't make your computer take forever to perform a task,

a size that will make you confident that you are going to finish before deadline because

you've got a registry that won't be giving you lagging problems.

If you care about time and the precious moments that you could be losing just by waiting for

your snail-paced computer to start up, you're going to have to install a registry cleaner. Just

don't get anything that sounds or looks good, though. You have to make a research on which

brands have been satisfying clients and to what degree. And how else to capture a very

accurate of this than to check review sites.

Windows Registry FAQ

Facts about the Microsoft Windows Registry

In spite of the fact that the Registry is an essential part of the Windows operating system and

is in constant use, most PC users have little knowledge of it. In fact, an aura of mystery has

grown up around the Registry. In order to help average PC users understand the Registry

better, here are some short answers to frequently asked questions. More details will be found

on the other pages of this site.

What is the Windows Registry?

The Windows Registry is a central hierarchical database containing all the varied assortment

of information needed for the computer to run both the hardware and the software.

Why does Windows need a Registry? Other operating systems don't have one.

All operating systems need a way to store information about the system. There is more than

one way to do this and Apple and Linux have chosen a different method. Originally,

Windows kept information in a large number of separate INI files scattered throughout the

system. Then, beginning with Windows 95, Microsoft decided to centralize the information.

What do I need to know about the Registry?

Everyone should know how to back up and restore the Registry. More experienced PC users

can learn how to make their system run better by maintaining and tweaking the Registry.

Is the Registry a file that I can look at?

The Registry is actually a number of binary files. They are not directly accessible. However,

relevant parts are combined in a single hierarchical presentation that can be viewed with the

Windows utility called the Registry Editor.

What do I see if i use the Registry editor?

Information in the Registry is arranged in a tree-like system akin to folders and files. In the

Registry, the containers for information are called "keys". These are analogous to folders.

Keys can have subkeys just as folders can have subfolders. The name of data that is contained

in a key is called a "value". This is something analogous to a file name. The actual data can

have several formats and may be a string, a number, or a series of numbers.

Isn't it dangerous to touch the Registry?

As long as the Registry is always backed up first, judicious editing of the Registry can be

undertaken. Obviously, wholesale or random editing would not be advisable. Learn how to

safely edit or tweak the Registry on this page.

I can't find the Registry Editor in the Programs menu. Where is it?

Like a number of Windows system utilities, the Registry Editor is not listed in the Programs

menu. To open it, enter "regedit" in the Start-Run line or the Start search line.

What problems can the Registry have?

Because the Registry is in constant use and has entries from almost anything installed on

Windows, it can gradually accumulate unnecessary, corrupted, or broken entries. This can

cause decreased system performance. Malware infections also affect the Registry.

How do I avoid Registry problems?

Guard against spyware and adware. Avoid installing too many unneeded programs. Use

thorough ways to uninstall discarded programs. Use methods described on this page to keep

the Registry clean.

How do I fix or repair a Registry problem?

First, try using Windows System Restore to take the Registry back to a previous version. If

you have an additional backup, try that.. As a last resort, use a Registry cleaner to try to fix

the problem.