5.4 Remote Registry Editing

RegEdt32 originated the concept of remotely editing another machine's Registry. This is invaluable for administrators, since it gives you the ability to peek into the Registry of a misconfigured or broken machine from the comfort of your office. As with most magic powers, this ability to edit the Registry from afar has some associated constraints and requirements.

First of all, you must have sufficient privilege to see the Registry on the remote machine. By default, NT Workstation machines allows anyone to connect to their Registries, as does NT Server Version 3.51 and earlier. NT Server 4.0 turns remote access off; Windows 2000 Professional and Server turn it on again. This privilege, which is discussed in the section Section 9.3 in Chapter 9, lets you view HKU and HKLM on the remote machine, but that's all. If you want to see the contents of HKCR, HKCC, or HKCU, you have to look in the appropriate section of the two keys you can see.^[3]

^[3] HKPD is, of course, not visible either; this isn't surprising since you can't see it in RegEdt32 at all.

Next, you must be able to modify the Registry on the remote machine. Let's say you're logged into a machine where your account has Administrator privileges. If you use RegEdt32 to open the Registry of another machine on your network where your account doesn't have Administrator access, you can see that machine's HKLM and HKU entries but you can't open them! This also holds true when your machine and/or the target are members of the same domain: to change data on the remote machine, you must have Administrator access on the remote machine.

RegEdt32 doesn't buffer or cache any Registry data from whatever remote machines you're connected to, and it won't automatically update windows containing remote machines' root keys. This means that your display can quickly lose sync with the target machine's Registry; make sure to refresh the display as needed.

5.4.1 Connecting to Remote Computers

You actually connect to remote machines' Registries with the RegistrySelect Computer command, which displays the standard Select Computer dialog shown in Figure 5.3. Neither RegEdt32 nor Windows 2000 makes any attempt to restrict the list of machines displayed so that it shows only machines that can actually talk to RegEdt32; the list may thus contain machines whose Registries you can't edit--including Win95, Windows 3.11, and even Unix machines running the Samba file server package! If you try to connect to a machine that doesn't support remote Registry editing, RegEdt32 tells you it can't connect to the remote machine. That's because remote Registry editing uses remote procedure calls (RPCs) over named pipes; you need to have RPC connectiviy and be talking to a machine that can handle RPCs.

Figure 5.3. The Select Computer dialog

Once you've successfully connected to a remote machine, its HKU and HKLM keys appear in new windows within the RegEdt32 frame window. Assuming that you have the right permissions, you can browse, edit, export, and otherwise modify the Registry on the remote machine as much as you'd like. You may freely close sets of root key windows that display data from remote machines. When you close the last window to a machine, RegEdt32 closes the Registry connection to that machine as well.