Lovely Professional

University

TERM PAPER

Of

OPERATING SYSTEM

TOPIC :--HOW REGISTRY IS HELPFUL FOR

MANAGING SECURITY

SUBMITTED BY:-

ACKNOWLEDGEMENT
We cannot achieve anything worthwhile in the field of
technical education until or unless the theoretical
education acquired in the classroom is effectively
wedded to its practical approach that is taking place in
the modern industries and research institute. Although
an engineer can only be successful through sheer hard
work, but the contribution of his teachers and all those
who have been helpful cannot be over looked. I also
express thanks to my parents who put their great
valuable trust and helped me .Lastly, I offer my regards
and blessings to all of those specially who supported
me in respect during the completion of the project.

I express my deep sense of gratitude to LECT.

PUSHPENDRA for providing me requisite facilities and
cordial atmosphere during my training period.

********

What is the registry?

The registry is a database in Windows that contains important information about system
hardware, installed programs and settings, and profiles of each of the user accounts on your
computer. Windows continually refers to the information in the registry.

You shouldn't need to make manual changes to the registry because programs and
applications typically make all the necessary changes automatically. An incorrect change to
your computer's registry could render your computer inoperable. However, if a corrupt file
appears in the registry, you might be required to make changes.

We strongly recommend that you back up the registry before making any changes and that
you only change values in the registry that you understand or have been instructed to change
by a source you trust.

What is Registry Editor?

Registry Editor is a tool intended for advanced users. It's used to view and change settings in
the system registry, which contains information about how your computer runs. Windows
refers to this information and updates it when you make changes to your computer, such as
installing a new program, creating a user profile, or adding new hardware. Registry Editor
lets you view registry folders, files, and the settings for each registry file.

Ordinarily, you don't need to make changes to the registry. The registry contains complex
system information that's vital to your computer, and an incorrect change to your computer's
registry could render your computer inoperable. However, a corrupt registry file might
require changes. We strongly recommended that you back up the registry before making any
changes and that you only change values in the registry that you understand or have been
instructed to change.

How to open Registry Editor ?

To open the registry with elevated privileges, click Start, click All Programs, click
Accessories, right-click Command Prompt and then point to Run as administrator. In the
command prompt that opens, type regedit.exe.

System configuration information is stored centrally in a hierarchical database called the

registry. You can use Registry Editor to add and edit registry keys and values, restore the
registry from a backup or to default values, and to import or export keys for reference or
backup.

You can also print the registry and control which accounts have permission to edit the
registry.

MANAGING THE USER

REGISTRY
Manage your user registry by running various update and/or delete tasks after you have
configured the user registry as part of the installation and deployment process.

Initial security configuration is part of the installation instructions. This is a change from
previous versions of the information center. The information in this section assumes you have
already configured the user registry as part of the installation and deployment process. If you
are looking for instructions to initially setup your user registry, refer to the Installing
WebSphere Portal section of the information.
Clustered environment note: If you are running any of the following tasks after setting up
your clustered production environment, you will need to run an additional task to update the
security settings on the secondary nodes; see Configuring security after cluster creation for
information.

• Enabling application groups

Application groups is a concept that allows you to define user groups within the
 database user registry with members (users or groups) contained in the federated
LDAP user registry you configured. The benefit of application groups is that you can
create Groups that are only used in IBM WebSphere Portal.
• Managing your user registry on AIX
After installing and deploying IBM WebSphere Portal, which includes installing and
configuring the user registry, you can manage the user registry by running various
update and/or delete tasks. These tasks include, but are not limited to, adding a
property extension (lookaside) database, updating or deleting the entity type, and
deleting the registry.

•
• Managing your user registry on an HP-UX
After installing and deploying IBM WebSphere Portal, which includes installing and
configuring the user registry, you can manage the user registry by running various
update and/or delete tasks. These tasks include, but are not limited to, adding a
property extension (lookaside) database, updating or deleting the entity type, and
deleting the registry.
• Managing your user registry on i5/OS
After installing and deploying IBM WebSphere Portal, which includes installing and
configuring the user registry, you can manage the user registry by running various
update and/or delete tasks. These tasks include, but are not limited to, adding a
 property extension (lookaside) database, updating or deleting the entity type, and
deleting the registry.
• Managing your user registry on Linux
After installing and deploying IBM WebSphere Portal, which includes installing and
configuring the user registry, you can manage the user registry by running various
update and/or delete tasks. These tasks include, but are not limited to, adding a
property extension (lookaside) database, updating or deleting the entity type, and
deleting the registry.
• Managing your user registry on Solaris
After installing and deploying IBM WebSphere Portal, which includes installing and
configuring the user registry, you can manage the user registry by running various
update and/or delete tasks. These tasks include, but are not limited to, adding a
property extension (lookaside) database, updating or deleting the entity type, and
deleting the registry.
• Managing your user registry on Windows
After installing and deploying IBM WebSphere Portal, which includes installing and
configuring the user registry, you can manage the user registry by running various
update and/or delete tasks. These tasks include, but are not limited to, adding a
property extension (lookaside) database, updating or deleting the entity type, and
deleting the registry.

Add a Registry Key

To find or change any entry in the registry, use Registry Editor. Once you have opened
Registry Editor, you can proceed to add a registry key.

Caution
 Incorrectly editing the registry may severely damage your system. Before making
changes to the registry, you should back up any valued data on your computer.
Note
If you make a mistake that results in your computer not starting properly, you can
restore the registry. For instructions, see Restore the Registry.
To add a registry key

1. In Registry Editor, click the registry key under which you would like to add a new
key.
2. Click New on the Edit menu and then click Key.
3. Type a name for the new key and then press ENTER.

To change a value

1. In Registry Editor, click the entry you want to change.

2. On the Edit menu, click Modify.
3. In Value data, type the data for the value and then click OK.

Note
To make changes to a registry key, you must have the appropriate permissions. For more
information about permissions and security in this version of Windows, search Help and
Support for "Security best practices."

To find a string, value, or key

1. In Registry Editor, click Find on the Edit menu.

2. In Find what, type the string, value, or key you want to find.
3. Select the Keys, Values, Data, or Match whole string only check boxes to match the
type of search you want, and then click Find Next.

Note
To repeat the search, press F3.
Exporting registry files
To export all or part of the registry remotely, use Registry Editor. Once you have opened
Registry Editor, you can export the registry to a text file or to a hive file.

You can use a text editor like Notepad to work with registry files you create by exporting.

You can save registry files in the Windows format, as registration files, as binary hive files,
or as text files. Registry files are saved with .reg extensions, and text files are saved with .txt
extensions.

Export all or part of the registry

1. Open Registry Editor. If you want to save only a particular branch, select it.
2. On the File menu, click Export….
3. In File name, enter a name for the registry file.
4. In Save as type, select the file type you wish to use for the saved file (registration file,
registry hive file, text file, Windows 98/NT4.0 registration file).
5. In Export Range, use the radio buttons to select whether you want to export the entire
registry or only the selected branch.
6. Click Save.

Registry Editor provides a number of commands that are designed primarily for maintaining
your system. For example, Load Hive and Unload Hive allow a part of your system to be
temporarily downloaded onto another computer for maintenance. Before a hive can be loaded
or restored, it must be saved as a key, either to a floppy disk or to your hard disk.

Importing registry files

The Import… command in Registry Editor can import registry files of all types, including
text files and hive files.
 Import some or all of the
registry

1. Open Registry Editor.

2. On the File menu, click Import….
3. Find the file you want to import, click the file to select it, and then click Open.

Note
In Windows Explorer, double-clicking a file with the .reg extension imports the file into
the computer's registry.
Caution
A restored hive overwrites an existing registry key and becomes a permanent part of
your configuration. For example, to perform maintenance on part of your system, you
can use Export… to save a hive to a disk. When you are ready, you can then use
Import… on the File menu to restore the saved key to your system

To print all or part of the registry

1. Open Registry Editor.

2. Click the computer or top-level key of the registry area you want to print.
3. On the File menu, click Print….
4. Do one of the following:
o Click All to print the entire registry.

o Click Selected Branch and type a particular branch in the text box to print only
part of the registry.

5. Click OK.

Note
The average registry can take hundreds of pages to print. Consider printing only those
branches you need.

Restore the Registry

If certain keys or values in the registry key HKLM\System\CurrentControlSet are deleted or
given incorrect values, the registry may need to be restored before you can continue using the
computer.

To restore the
registry

1. Print these instructions. (If you are reading these instruction in Windows Help and
Support, click the print icon.) They will not be available after you shut down your
computer in step 3.
2. Open Registry Editor.
3. Click Start, point to the right-pointing arrow icon, and then click Shut Down.
4. Start the computer. When you see the message Please select the operating system to
start, press F8.
5. Use the arrow keys to highlight Last Known Good Configuration and then press
ENTER. NUM LOCK must be off before the arrow keys on the numeric keypad will
function.
6. Use the arrow keys to highlight an operating system, and then press ENTER.

Registry Key Security and Access Rights

7. The Windows security model enables you to control access to registry keys. For more
information about security, see Access-Control Model.
8. You can specify a security descriptor for a registry key when you call the
RegCreateKeyEx or RegSetKeySecurity function. If you specify NULL, the key gets
a default security descriptor. The ACLs in a default security descriptor for a key are
inherited from its direct parent key.
 9. To get the security descriptor of a registry key, call the RegGetKeySecurity,
GetNamedSecurityInfo, or GetSecurityInfo function.
10. The valid access rights for registry keys include the DELETE, READ_CONTROL,
WRITE_DAC, and WRITE_OWNER standard access rights. Registry keys do not
support the SYNCHRONIZE standard access right.
11. The following table lists the specific access rights for registry key objects.

Value
KEY_ALL_ACCESS (0xF003F)
KEY_CREATE_LINK (0x0020)
KEY_CREATE_SUB_KEY
(0x0004)
KEY_ENUMERATE_SUB_KEYS
(0x0008)
KEY_EXECUTE (0x20019)
KEY_NOTIFY (0x0010)
KEY_QUERY_VALUE (0x0001)
KEY_READ (0x20019)
KEY_SET_VALUE (0x0002)
Meaning
Combines the STANDARD_RIGHTS_REQUIRED,
KEY_QUERY_VALUE, KEY_SET_VALUE,
KEY_CREATE_SUB_KEY,
KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY,
and KEY_CREATE_LINK access rights.
Reserved for system use.
Required to create a subkey of a registry key.
Required to enumerate the subkeys of a registry key.
Equivalent to KEY_READ.
Required to request change notifications for a registry
key or for subkeys of a registry key.
Required to query the values of a registry key.
Combines the STANDARD_RIGHTS_READ,
KEY_QUERY_VALUE,
KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY
values.
Required to create, delete, or set a registry value.
Indicates that an application on 64-bit Windows should
operate on the 32-bit registry view. For more
information, see Accessing an Alternate Registry View.

KEY_WOW64_32KEY (0x0200) This flag must be combined using the OR operator with
the other flags in this table that either query or access
registry values.

Windows 2000: This flag is not supported.

KEY_WOW64_64KEY (0x0100) Indicates that an application on 64-bit Windows should
 operate on the 64-bit registry view. For more
information, see Accessing an Alternate Registry View.

This flag must be combined using the OR operator with

the other flags in this table that either query or access
registry values.

Windows 2000: This flag is not supported.

Combines the STANDARD_RIGHTS_WRITE,
KEY_WRITE (0x20006) KEY_SET_VALUE, and KEY_CREATE_SUB_KEY
access rights.

12.
13. When you call the RegOpenKeyEx function, the system checks the requested access
rights against the key's security descriptor. If the user does not have the correct access
to the registry key, the open operation fails. If an administrator needs access to the
key, the solution is to enable the SE_TAKE_OWNERSHIP_NAME privilege and
open the registry key with WRITE_OWNER access. For more information, see
Enabling and Disabling Privileges.
14. You can request the ACCESS_SYSTEM_SECURITY access right to a registry key if
you want to read or write the key's system access control list (SACL). For more
information, see Access-Control Lists (ACLs) and SACL Access Right.
15. To view the current access rights for a key, including the predefined keys, use the
Registry Editor (Regedt32.exe). After navigating to the desired key, go to the Edit
menu and select Permissions.

HOW Registry is helpful in security

If you’re involved in data security, you’re familiar with cryptography in some fashion and
you know that ciphers - algorithms for performing encryption and decryption - are what do
the work. You probably also know that there are a few quick-and-dirty algorithms for
encrypting data. One such algorithm is known as the Caesar Cipher, or ROT-13, a simple
algorithm that encrypts data by shifting each character 13 places in the alphabet while leaving
non-alpha characters untouched. It’s so simple that you can decrypt it manually, but it’s
enough to fool the casual observer. Anyone coming across something like cnffj beqsb egurf
rperg svyrf vfcnf fjbeq, is naturally going to assume it’s encrypted; in fact, it’s ROT-13 for
password for the secret files is password. I broke it up into five-character groups to make it
more convincing.

For whatever reason, Microsoft uses ROT-13 to encrypt data in some registry keys. One such
key is: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist. Here’s an
example: “HRZR_EHACNGU:P:\AFYBBXHC.RKR.” Decrypted, that’s
“UEME_RUNPATH:C:\NSLOOKUP.EXE.” (We’ll look at the UserAssist key in Part 3.) A
better way to hide data is to encode text-based information in binary format and store it in
binary form as a string in registry values of type REG_SZ. Given that binary data is common
in the registry, the technique would make it extremely difficult to retrieve the hidden
information.
In addition to using ROT-13 and binary encoding to obfuscate data, a suspect could take
advantage of a flaw in the registry editor to also make the data invisible to anyone but a
forensics examiner who knows about the flaw. From “Forensic Analysis of the Windows
Registry:”

The Windows 2000 and XP Registry Editor (regedit.exe or regedt32.exe) have an

implementation flaw that allows hiding of registry information from viewing and editing,
regardless of users access privilege (Secunia, 2005). The flaw involves any registry values
with name from 256 to 259 (maximum value name) characters long. The overly long registry
value (regardless of type) not only hides its own presence, but also subsequently created
values (regardless of type) in the same key (Franchuk, 2005). The editor stops displaying the
remaining of the values thinking the overly long value as the last value in that key. Suspect
could exploit such Registry Editor flaw to hide information.

The Windows console registry tool (reg.exe) can display these overly long registry values so
the hidden data can be recovered as evidence; however, given the sheer number of entries in
the registry, this process is not trivial.

Very few people are aware about even the existence of the windows registry of the computer,
let alone the utility of registry cleaning. This is the central database of the system that stores
information about the computer. All the details about the hardware that make up the system
and the software that runs on the system as well as the software that runs the hardware stored
in this database called the registry. This system database records all the activity that takes
place on the system. This can be regarding which user logged on to the system to the time
when the user logged off. It even records what sites were visited and what was downloaded.
This means that the operating system keeps on adding to the information in its database and
so it must grow as the days go by. In the bargain the system database will grow to such a size
with redundant and useless information that the speed of scanning the registry for information
that is called up by some program will be much more than the speed of the processor and so
the system will become sluggish and slow. Here is where the knowledge of how to use a
registry repair software will come handy to you.

To enhance the security of the Windows Management Instrumentation (WMI) shared

provider host process (wmiprvse.exe), changes were made to Windows platforms that secure
the provider host process with a service security identifier (SID). These changes introduce the
following running modes for the WMI shared host: secure and compatible.

The following sections are covered in this topic:

• Secure and Compatible Modes

• Registry Keys and Values
• Configuring a Provider to Run in Secure or Compatible Mode

Secure and Compatible Modes

Starting in Windows 7, the following two running modes for the WMI shared host process
were added:

Secure mode

WMI provider host process resources are secured with a service SID. Only the service
SID has permissions for these resources.

Compatible mode

The WMI shared provider host process is not secured with a service SID. The
provider host process allows access to the NetworkService or LocalService accounts
depending on the hosting model. For more information about hosting models, see
Provider Hosting and Security.

Windows XP with SP2 and later, all versions of Windows Server 2003,
Windows Vista, and Windows Server 2008: To access the registry keys and
values for controlling secure and compatible modes for the provider host
process, you must install the security update in KB 959454. For more
information, see the Microsoft Security Bulletin MS09-012.

What Is A Registry Cleaner?

It is a software that scan the registry of the system and identify broken links, files, fonts, and
any information that is not in any way needed or used by the system but is just lying there
taking up disk space and slowing down the registry operations. Free Microsoft registry
cleaner, ensuing, PC and express are some names associated with the registry maintenance
software. The program will identify and select such components and then prompt you to
clean or repair the registry by clicking on the appropriate link.

How Does A Registry Cleaner Work?

Once you have downloaded the registry cleaning program from the site onto your computer
you will have to install it. The program must be compatible to the resident operating system.
Installation of such programs is high on ease and takes a very less time. If you are using XP
you will not have to reboot the system for the program to work. Clicking on the exe program
will launch it. This is usually a link on the desktop. The program interface will prompt you to
scan the registry by clicking on 'scan registry' link. The scanning process will take about three
minutes to scan the registry and then display the redundant links on the page. Then it will ask
you to 'repair the registry by clicking on the 'repair' link. This process takes a couple of
seconds. When you reboot your system the computer will be running more smoothly and
efficiently because the junk has been removed from the system by the windows registry
cleaning software.

Author is admin and technical expert associated with development of computer security and
performance enhancing software like Registry Cleaner, Anti Spyware, Window Cleaner, Anti
Spam Filter. Learn how clean registry increase efficiency of computer. Visit our Home page
or Resource Center to read more about products and download free trial of a range of security
and performance enhancing software like

• Windows Registry Cleaner

• Anti Spyware and Anti Adware
• Windows and Internet Cleaner
• Anti Spam Filter for MS Outlook
• Anti Spam Filter for Outlook Express
You've probably heard it somewhere before. Your registry is what keeps all of the
information that your computer needs to be able to run all the programs you've installed and
even the basic functions of your operating system. One can never emphasize enough the
importance of keeping this registry in great shape. Neither can one downplay the importance
of registry cleaners.

As the brain of the computer is said to be the CPU, the registry shall be called the heart of
your computing life. Without it or with a failing registry, you'll probably be failing as far as
your documentation and storage requirements are concerned. That's because with a bungled
registry, you have a bungling computer and everything just tends to fall down like a domino.

Needless to say, the registry has to be kept in perfect shape all the time lest you run the risk
of putting your precious files in danger. So what can you do to make your registry as perfect
as it could be? Clean it, of course, but this is not something you can can just take for granted.
When choosing a registry cleaner, make sure it's something that will actually make your
computer perform better and not have things ending up compromising the stability of your
system.

Unless you're a pro, you're definitely going to need a program that will clean your registry so
you can keep at a good size, meaning, free of unwanted elements such remnant files from
software you've installed and uninstalled previously or drivers you no longer need. This could
also mean ridding your system of possible digital contaminants you may have unknowingly
downloaded from the Internet like viruses, worms or Trojans.

It's important to realize that as you use your computer over time, your registry tends to
accumulate files that it doesn't really need. This is part of the computing experience as far as
that registry is concerned. However, you can do your part by cleaning it regularly so it could
be kept at a healthy size, a size that won't make your computer take forever to perform a task,
a size that will make you confident that you are going to finish before deadline because
you've got a registry that won't be giving you lagging problems.

If you care about time and the precious moments that you could be losing just by waiting for
your snail-paced computer to start up, you're going to have to install a registry cleaner. Just
don't get anything that sounds or looks good, though. You have to make a research on which
brands have been satisfying clients and to what degree. And how else to capture a very
accurate of this than to check review sites.

Windows Registry FAQ

Facts about the Microsoft Windows Registry

In spite of the fact that the Registry is an essential part of the Windows operating system and
is in constant use, most PC users have little knowledge of it. In fact, an aura of mystery has
grown up around the Registry. In order to help average PC users understand the Registry
better, here are some short answers to frequently asked questions. More details will be found
on the other pages of this site.

What is the Windows Registry?

The Windows Registry is a central hierarchical database containing all the varied assortment
of information needed for the computer to run both the hardware and the software.

Why does Windows need a Registry? Other operating systems don't have one.

All operating systems need a way to store information about the system. There is more than
one way to do this and Apple and Linux have chosen a different method. Originally,
Windows kept information in a large number of separate INI files scattered throughout the
system. Then, beginning with Windows 95, Microsoft decided to centralize the information.

What do I need to know about the Registry?

Everyone should know how to back up and restore the Registry. More experienced PC users
can learn how to make their system run better by maintaining and tweaking the Registry.

Is the Registry a file that I can look at?

The Registry is actually a number of binary files. They are not directly accessible. However,
relevant parts are combined in a single hierarchical presentation that can be viewed with the
Windows utility called the Registry Editor.

What do I see if i use the Registry editor?

Information in the Registry is arranged in a tree-like system akin to folders and files. In the
Registry, the containers for information are called "keys". These are analogous to folders.
Keys can have subkeys just as folders can have subfolders. The name of data that is contained
in a key is called a "value". This is something analogous to a file name. The actual data can
have several formats and may be a string, a number, or a series of numbers.

Isn't it dangerous to touch the Registry?

As long as the Registry is always backed up first, judicious editing of the Registry can be
undertaken. Obviously, wholesale or random editing would not be advisable. Learn how to
safely edit or tweak the Registry on this page.

I can't find the Registry Editor in the Programs menu. Where is it?

Like a number of Windows system utilities, the Registry Editor is not listed in the Programs
menu. To open it, enter "regedit" in the Start-Run line or the Start search line.

What problems can the Registry have?

Because the Registry is in constant use and has entries from almost anything installed on
Windows, it can gradually accumulate unnecessary, corrupted, or broken entries. This can
cause decreased system performance. Malware infections also affect the Registry.

How do I avoid Registry problems?

Guard against spyware and adware. Avoid installing too many unneeded programs. Use
thorough ways to uninstall discarded programs. Use methods described on this page to keep
the Registry clean.

How do I fix or repair a Registry problem?

First, try using Windows System Restore to take the Registry back to a previous version. If
you have an additional backup, try that.. As a last resort, use a Registry cleaner to try to fix
the problem.