What did it do?

The registry – that dumping ground for Windows software developers and the nesting grounds of so many malware packages out there. At times, it may seem hopelessly cluttered and virtually unintelligible, especially if you are trying to actually figure out what has gone wrong deep within and why your production server refuses to boot after uninstalling AVG or some other equally well-written software package.

But don’t despair, in server 2008, troubleshooting the registry is actually fairly simple – especially if you have performed due diligence and exported the registry file before the change.  In fact, it is very easy to compare two registry files and visually see the changes that have been made using the venerable File Comparison Tool (fc.exe).

This is especially handy in test environments where you may have several VMs set up with the identical copies of Server 2008 and want to see the effects of several different versions of a software package under review.

Let’s take a look at how to use this tool….

So, the first step is to export the unaltered registry. There are several ways this can be accomplished, but the hands-down fastest way of dumping this to a file is to do it from the command line.  It isn’t strictly necessary to run with elevated privileges to perform this, but I find that often this prevents a lot of unpredictable results, so I have made it a bit of a habit.

Here’s the command:  regedit /e <path with file name> 

For instance, if you want to create a file called  pre-shitty-av-install.reg on your C: drive your command would look like this:

 regedit /e C:\pre-shitty-av-install.reg 

Now go ahead and install or make the changes to the system that you are curious about and immediately afterward export the registry in the same fashion as above with your new file name.  For example:

regedit /e C:\post-shitty-av-install.reg  

Now, simply run the File Comparison Tool (fc.exe) and pipe the output to a text file for easy reading.  The command that we would use is

fc /u pre-shitty-av-install.reg post-shitty-av-install.reg > changes.txt 

Simply open the file in notepad, and you will see exactly what changes were made in the registry and how they might be affecting your Windows Server 2008 box.  Easy, simple and extremely useful….enjoy!

No comments:

Post a Comment

Copyright © 2010 Paul Guenette and Matthew Sleno.