Finding an Application's Registry Keysby Mitch Tulloch, author of Windows Server Hacks
In previous articles, we've looked at using administrative templates for making modifications to machine (HKLM) and user (HKCU) portions of the Windows registry of remote computers using Group Policy. To do this, you can either use the default templates Microsoft provides for its Windows platforms and Office products, or you can create your own custom templates for configuring third-party and in-house applications you've deployed on your network. Or if you like you can take the easy way out and use Policy Maker, a tool by Desktop Standard (formerly AutoProf) that I reviewed earlier on this site. Desktop Standard even provides a free version of this tool called PolicyMaker Registry Extension that makes it a snap to use Group Policy to deploy registry changes to remote machines, without having to go to all the trouble of learning the syntax for administrative templates.
This begs a question, of course: how do you know which registry values you need to deploy for a third-party or in-house app you want to manage using Group Policy? One tool you can use to do this is Regmon, a real-time registry monitoring tool available for free from Sysinternals. Using Regmon, you can watch your registry values actually change when you configure different aspects of an application. This can usually enable you to determine which registry values need to be deployed using Group Policy in order to configure your target desktops in the manner you desire.
If you're not familiar with using Regmon, here's a simple example of how it works. Say you want to want to use Group Policy to change the default font for Notepad on desktop machines. Start by downloading Regmon onto a test computer which is configured similarly to other desktops. Run Regmon with administrator credentials and press CTRL+L to create an include filter that will cause Regmon to watch only for registry changes associated with running Notepad:
Figure 1: Configuring Regmon to watch Notepad.exe
Now close Regmon, start Notepad, and then restart Regmon and allow it to begin capturing registry events (CTRL+E toggles this). Switch to Notepad and select Font from the Format menu, and change the default font from Lucida Console to Arial (for example). No changes are made to the registry until you close Notepad, at which time its configuration settings are written to HKCU\Software\Microsoft\Notepad. Now browse the registry changes in Notepad and find the one that contains the new font setting:
Figure 2: Registry value for default Notepad font
Let's say you want to make all your desktop computers use Garamond as their default Notepad font. Using Desktop Standard's free PolicyMaker Registry Extension tool, open the Group Policy Object Editor for the Group Policy Object (GPO) you want to use and select User Configuration\User Settings\Registry:
Figure 3: Using Desktop Standard's free PolicyMaker Registry Extension tool
Right-click on the Registry node at the left and select New-->Registry Item, then specify the key path and value you want to deploy as shown next:
Figure 4: Deploying the value "Garamond" to the registry key HKCU\Software\Microsoft\Notepad\IfFaceName using PolicyMaker
Click OK to create the policy and close Group Policy Object Editor. The next time policy is processed on the client machines, the default font for Notepad will be changed to Garamond.
There are lots of freeware and shareware registry tools out there. So which one do you use to monitor registry changes on your machines? I like Regmon because I've been using it for a while and am familiar with it. It's also a good tool for other things, such as pinpointing the last action performed by an application just before it crashed. Regmon is one of many powerful tools developed by Mark Russinovich and utilized extensively in Microsoft Windows Internals, a book he co-authored with David Solomon that is essential reading if you want to "peek under the hood" at how Windows actually works.
Return to the Windows DevCenter.