Potential Registry Problems
If the Registry is severely damaged, access to hardware and software
may be drastically limited, and the system may not even boot. Even
in a case of a minor problem, an application may not work as it
was designed, or may perform erratically.
Although Registry problems are rare, when they occur it can be
devastating to the system, to applications, or even to data. The
Registry is protected while it is running, so it is not possible
to copy, delete, or change the contents, except through a "certified"
program (installation programs, registry editing tools, and security
changes through User Manager for Domains and the Explorer). Because
of this protection, the Registry is quite secure--but it is not
bulletproof. Problems can and do occur, and you need to be prepared
to recognize them so you can fix them.
How to Recognize When You Have a Registry Problem
Most of us have heard of or felt the following symptoms, all of
them characteristic of Registry problems:
- "It worked yesterday, but
it won't work today."
- "It worked until I added
this software/hardware, and now I can't use it."
- "My system doesn't work
the way it used to."
- "When I try to shut down
the computer, it just keeps beeping and beeping."
- "My computer won't start
- "Eeeeeek! It's the dreaded
Blue Screen of Death!" (See Figure 3.1.)
An example of the Blue Screen of Death in Windows NT.
NOTE: The STOP message in Windows NT (lovingly
called the Blue Screen of Death) identifies the type of exception.
The second line qualifies the exception, showing whether it was
user mode (involving user-mode operating system software)
or kernel mode (involving the operating system or third-party
drivers or hardware). The third and fourth lines describe
which components were actually involved and at what addresses. The
error in Figure 3.1 shows that it was a SCSI driver that failed.
Check for compatibility and be sure you have the correct driver.
It could also be that the settings were in error, meaning either
they were wrong when they were added, or the Registry got corrupted
and reported them incorrectly.
Each one of the symptoms or complaints listed is serious, although
the seriousness of the problems varies. In any case, Registry problems
will force you to take the time for repair, wasting precious productivity
for your organization.
Recognizing the actual problem may not be as easy as recognizing
the symptom. When problems occur, you generally assume, rightly
or not, that it was something you did. That seems to be ingrained
in us from our youth. For example, if a program starts acting strangely,
we try to retrace our keystrokes to determine our mistakes. This
is reinforced by the first question that comes from the mouths of
support staff: "What did you do?" (with emphasis placed
on different words based on their disposition at the time).
It might not even have anything to do with user mistakes. Problems
in the Registry occur for various reasons, and often the symptoms
mask the real nature of the problem.
Rather than dealing with the symptoms, deal with the problems that
can occur. With every type of control available through the Registry,
there is a corresponding potential problem, as illustrated in Figure
Sometimes, it feels like a whole set of dominoes falling down.
One problem affects another, which limits the use of another item,
and so on. An example would be the effect of a Registry error in
the configuration of a network card. Without the correct information,
the card cannot be activated. Without the card activated, no data
can be transferred on the network, the server cannot be contacted
for logon, and no user validation is possible. The user gets an
error message that no domain controller can be found, and network
resources may not be available. Is it really a problem with the
server? Not at all.
The cascading effects of errors in the Registry.
The process can be difficult to stop, and often it is difficult
to determine exactly what caused it and where it started.
It is obvious, however, where it ends: a loss of productivity for
the organization, wasted time, and possibly even severe financial
If the Registry gets corrupted for any reason, system or application
functions may fail, and a support technician must isolate the problem
and repair it.
The Registry normally works, most of the time, without any problems.
It can, however, get corrupted in many ways. Programs that you add
to the system, system changes and problems, and manual changes are
the three main ways that errors are introduced. Of course, the results
of these errors can vary in their scope and seriousness.
The three most common ways the Registry gets corrupted are
- Applications and drivers are
added to the system
- Hardware changes from settings
- Users make changes to the Registry
It is impossible to prevent all errors from happening. If you know
what can happen, it is easier to troubleshoot errors. By protecting
the Registry (as outlined in Chapter 4, "Protecting the NT
Registry," and Chapter 6, "Protecting the Windows 95 Registry"),
you always have a safety net. By using the tools and procedures
discussed in Chapter 5, "Recovering from an NT Registry Failure,"
and in Chapter 7, "Recovering from a Windows 95 Registry Failure,"
you can recover from even the most severe problems. Take a look
at each of the types of problems in more depth.
Adding and removing programs account for the majority of errors
found in the Registry. Most users add between six and seven applications,
and add or upgrade drivers, four or five times per year. During
initial installation and setup, the numbers are even greater.
WARNING: One of the original
requirements for programs to receive the "Designed for Windows
95" logo was that the application is also compatible with Windows
NT. That requirement has been reduced to "tested on Windows
NT." At the very worst, if the application doesn't work with
NT, it is supposed to "degrade gracefully," which means
it will not damage NT. Unfortunately, that is not always the case,
particularly with applications that use Plug and Play. With no support
from NT for Plug and Play, many applications make unfortunate assumptions
that create serious problems in the Registry. To their credit, Microsoft
shipped a Software Compatibility List with the early betas of NT
4.0. Unfortunately, they did not continue that with the shipping
version, assuming that all the applications in the Windows 95 list
would work. Here are the most common reasons that applications cause
problems with the Registry:
- Poorly written application
(bugs)--There are no applications without bugs or errors.
In the best case, the errors that are there are minor, esoteric
problems that you may never see, which were left alone because
of time and money constraints. To a programmer, a problem may
be minor, but it becomes a major problem to you if it crashes
your system. With the current pace of operating-system and application-version
changes and updates, it is nearly impossible to ensure that everything
will work together correctly. Also, today's common practice of
releasing "beta" software to allow programmers and users
to prepare adequately is a two-edged sword. As an example, with
NT 4.0 beta 2, Microsoft released features that did not make the
final release and significantly changed other features. Applications
that expected or required certain elements may not work as well
- The widespread lack of flowcharting
program logic and using only pseudo-code to program may also create
severe problems. The logic may simply be flawed. A programmer
may have inadvertently hit an uppercase O when a zero was called
for. Many software vendors have been forced to severely slash
their development budgets, and users often face the brunt of errors.
NOTE: It sounds as if I don't appreciate programmers.
Actually, I do. I believe they do a tremendous job, even when faced
with unbelievable deadlines, massive budget cuts, incredible hours,
and more tedium than most people could ever live through. I am amazed
daily that computers and software can do what is considered commonplace.
Keep it up.
- Driver incompatibility--Most
drivers are tested in as many environments as possible before
being shipped to the general public. The open architecture of
the PC world creates significant risk because any type of eclectic
combination of parts and pieces is possible. Testing all combinations
and ensuring the compatibility of all the devices is impossible.
The other challenge arises when drivers for Windows 95 are used
for Windows NT. In all but one type of driver, the drivers are
unique between the platforms. Windows 95 drivers may directly
access the hardware they control, and Windows NT drivers are prohibited
from doing that. The exception to the rule of unique drivers is
modem drivers. The same drivers that are written for Windows 95
will work with Windows NT. NT 4.0 modem drivers will also work
with Windows 95. However, NT 3.5x drivers will not.
- Incorrect drivers used--If
an incorrect driver is used to activate a device, that device
may not work as designed. For example, Xircom has a great PCMCIA
modem for laptop computers. It uses a specific driver that is
on the manufacturer's driver diskette, and the driver also ships
with NT. However, depending on the firmware version on the card,
the driver may not work. There is an old version and a new version
of the card, and each requires a specific driver to work correctly.
NOTE: Because of the relationship between Windows 95
and Plug and Play, drivers in Windows 95 normally do not have the
same problem as in Windows NT. If a driver is replaced on the hard
disk by accident, or if the firmware changes, Windows 95 will simply
install a new driver.
- Incorrect entries added to
the Registry by the application during installation--During
installation, most applications use a file called SETUP.INF
for detailed information about what disks are required, which
directories should be created, where to copy files, and Registry
entries that need to be made to make the application work correctly.
If there is a mistake in the SETUP.INF file, the change
will still be made, and there may be serious problems.
- Incorrect associations set
between applications and file types by an application--When
an application is installed, default document types are recorded
in the Registry. A user can then double-click to start the application
and load the document. Many times, other applications use the
same extension. For example, the last graphics program loaded
will be the one launched when a TIF graphic is activated based
on the settings in the Registry. Occasionally, completely different,
non-compatible applications will use the same extensions on their
document files, and the document-loading shortcut won't work.
In the best of cases, you may still have to change the associated
application to another.
- Errors created during the
uninstall process--Whether you remove applications through
Add/Remove programs in the Control Panel, through a proprietary
uninstall feature of the application, or through a third-party
utility, you run a risk of damaging the Registry. Besides taking
out the program, auxiliary, and data files, an uninstall routine
may attempt to remove Registry entries as well. It may inadvertently
remove required entries for other applications because it is nearly
impossible for the system to know all the entries accessed by
- Errors in fonts--When
the font ID in the Registry gets corrupted, you will see a different
font than the one listed in the application. It can be annoying
and may require you to remove some or all of your fonts and replace
them. For an example, see Figure 3.3.
The actual font does not match the name of the font.
Unfortunately, you may find out about these problems too late, after
you have lost time, money, and/or data. Also, you are almost powerless
to truly solve them, because someone else wrote the program, and
most people do not have the expertise required to change the application
itself. The best you can do as an administrator is to repair the
Registry and look for an update or replacement.
DO YOU REALLY WANT
The term "bug-free
applications" means that the program will work, as promised,
the first time and each and every time. In order to have that, everyone
would either have to have systems that are all exactly alike, or
wait for every possible bug to be worked out before we got the programs.
I am not sure we would like either. On the other hand, do we have
to put up with error-prone, buggy, poorly designed, and poorly executed
programs? No! Even the software behemoths have learned the hard
way that they need to have well-designed, well-written, and extremely
well-tested software to compete. Vote with your feet, and with your
pen. Let them know how you feel, and then always get the best software
and drivers you can. If the software and hardware/driver companies
want to stay in the business, they will have to continually strive
to do better.
If the computer system itself has a problem, the Registry can become
corrupted. Usually, these errors can be prevented with proper system
care and management.
- Virus--Viruses are an
insidious attempt to affect our systems by changing the nature
of files. Much as viruses attack the human body by replacing good
cells with bad, or damaging the cells that are there, computer
viruses do the same thing with files on disk drives. You get them
the same way, too. Contact with infected drives allows the viruses
to migrate to a clean disk. Normally, you get them from floppies
that have been infected by another system, from files downloaded
from online and Internet services, and very occasionally, from
application installation disks.
TIP: Windows NT is actually quite resistant to most strains
of computer viruses. For example, it will not allow viruses to invade
the boot sector. Some of the new viruses, such as Word macro viruses,
can be devastating to the Registry. A simple virus-checking program,
such as those from Symantec/Norton Utilities and McAfee and Associates,
works very well.
- The actual NT Registry size is greater than the Maximum
Registry Size in the Control Panel--The maximum Registry size
is directly related to the size of the maximum paging file. Although
it cannot get larger than 12MB, if your system has only 32MB of
RAM, the maximum Registry size is 8MB. If the size of the Registry
hits or tries to exceed the maximum Registry size, it will no
longer be usable, and may cause a STOP error.
- What you can do about this problem is to change the maximum
Registry size with the System functions in the Control Panel.
Select the Virtual Memory button in the Performance tab, and set
the Maximum Registry Size as shown in Figure 3.4. If the paging
file size needs to be adjusted, you will be prompted automatically.
WARNING: Reducing the
size of the paging file in the Virtual Memory portion of the System
section of the Control Panel in NT may reduce the maximum Registry
size. Even though the system will warn you, some of those warnings
go unheeded, and the Registry may be in peril. It is highly recommended
that you make sure the maximum Registry size is at least 2MB larger
than the current size. If you are going to be adding hardware or
several new user accounts, check this before proceeding.
This is not a problem in Windows 95; it always has a variable size
for the Registry.
- Electrical surges, spikes,
or brownouts--Nearly all power problems can be easily avoided
with good surge protectors and UPS devices (uninterruptible power
supplies). Starting at less than $50 for good surge devices and
less than $100 for UPS devices, it's cheap insurance against error.
Not only will a UPS make your hardware last longer, but if anything
is being written to or read from the hard disk at the time of
the power problem, it is most likely that information will be
damaged or destroyed unless a UPS keeps the system running, even
without normal power.
- Disk problems--Most of
the time you will replace hard disks because of capacity limitations
far sooner than you would because of hardware failure. If the
whole hard drive fails, of course, you will have to restore your
Registry from a backup. The other concern is the failure of individual
sectors or clusters on the drive. Although it is highly unlikely
with today's systems, a fault in the surface of the drive media
may make parts of the disk unreadable, including those where the
Registry files are located. Regular maintenance is critical, and
a good backup is vital.
TIP: Windows NT file systems include the capability to
hot-fix the drive (that is, repair errors on the fly) most of the
time without your even being aware that there was a problem. If
you have a Registry problem resulting in the Blue Screen of Death,
it may help to run CHKDSK.EXE from the \WINNT\SYSTEM32
When people manually edit the Registry, they are prone to make
errors because of the complexity of the data, and the errors may
be significant enough to cause the system to quit working. It is
very unfortunate that Microsoft has chosen to deal with the Registry
and Registry editing as a "black art," leaving many people
in the dark as to the real uses of all the settings in the systems.
Microsoft's refusal to adequately, and publicly, supply information
about the correct settings is extremely frustrating to system administrators.
Certainly, more damage has and will be done because of lack of knowledge
than because of too much information. Most of the actual edited
changes that are made by users are done with the Registry editors.
Copying Another Systems Registry
Copying other Registries is a very serious mistake many users make.
Just because it works on the other machine doesn't mean it will
automatically work on this one. Much of what is in the Registry
is specific to the individual system, even if the hardware is the
same. Copying the files that make up the Registry to another system
will not work. Characteristically, if another system's Registry
is used, most of the hardware will not work, and user and security
issues may make the data and application information inaccessible.
There are some parts of the Registry items that can be used for
another system, however, and the special procedure for doing that
is shown in Chapter 11, "Remote Registry Editing."
If you could eliminate all the problems listed in this chapter,
Windows NT and 95 would run without failure almost indefinitely.
That is probably not realistic. However, knowing how the Registry
can get corrupted can help you use better system-management techniques
and may prompt you to take better care of it.