If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
registery files
"John John - MVP" wrote in message ... Don't delete these files. These files are created and changed as part of the normal Windows operation. The .evt files are Event Log files and are always in use, they can't be deleted from the Explorer GUI. If you want to delete them use the Event Viewer. If they are corrupt and in need of manual deletion you have to disable the Event Log Service and reboot to be able to delete them. The .log files are registry transactional logs, these files are used to recover failed registry changes and to assure atomicity of individual action in the registry. For example, if there is a power failure while you are trying to change a registry value the .log file will be used to ensure that the value that you were attempting to change doesn't have a meaningless value. These .log files are part of the normal Windows operation, as with the .evt files the .log files cannot be deleted while Windows is running. The .sav files are the original registry hives that were used during the text mode portion of the Windows installation, best not to delete these files, in 'extreme' repair attempts they could come in handy. John Ok I see. I wondered about those .sav files. Is disabling the vent handler though something I want to do? Atleast for a long time and not just a moment. You mentioned atomic, now does that have to do with the kernel? I have seen C functions called atom(). Bill |
Ads |
#17
|
|||
|
|||
registery files
Bill Cunningham wrote:
"John John - MVP" wrote in message ... Don't delete these files. These files are created and changed as part of the normal Windows operation. The .evt files are Event Log files and are always in use, they can't be deleted from the Explorer GUI. If you want to delete them use the Event Viewer. If they are corrupt and in need of manual deletion you have to disable the Event Log Service and reboot to be able to delete them. The .log files are registry transactional logs, these files are used to recover failed registry changes and to assure atomicity of individual action in the registry. For example, if there is a power failure while you are trying to change a registry value the .log file will be used to ensure that the value that you were attempting to change doesn't have a meaningless value. These .log files are part of the normal Windows operation, as with the .evt files the .log files cannot be deleted while Windows is running. The .sav files are the original registry hives that were used during the text mode portion of the Windows installation, best not to delete these files, in 'extreme' repair attempts they could come in handy. John Ok I see. I wondered about those .sav files. Is disabling the vent handler though something I want to do? Atleast for a long time and not just a moment. You mentioned atomic, now does that have to do with the kernel? I have seen C functions called atom(). No, you do not want to disable the Event Log! The log is an important source of information about 'stuff' that happens on your computer. Problems and errors are often recorded in the Event Log, the log can be an invaluable troubleshooting tool, it is almost always one of the first place to look when problems arise. You should familiarize yourself with the Event Viewer and make it a habit of taking a look in there once in a while, you might get early warnings of impending problems or be warned of things going on that would otherwise go unnoticed on your machine. To launch the Event Viewer enter eventvwr in the Start menur Run box. Atomicity: A transaction is a unit of work in which a series of operations occur between the BEGIN TRANSACTION and END TRANSACTION statements of an application. A transaction executes exactly once and is atomic — all the work is done or none of it is. Atomicity and Hive Recovery in the Registry The Registry ensures atomicity of individual actions. This means that any change made to a value (to set, delete, or save) either works or does not work: The result will not be a corrupted combination of the old and new configuration even if the system stops unexpectedly because of power failure, hardware failure, or software problems. For example, if an application sets a value for an entry and the system shuts down while this change is being made, when the system restarts, the entry will have either the old value or the new value, but not a meaningless combination of both values. In addition, the size and time data for the key containing the affected entry will be accurate whether the value was changed or not changed. Flushing Data In Windows NT, data is written to the Registry only when a flush occurs, which happens after changed data ages past a few seconds, or when an application intentionally flushes the data to the hard disk. The system performs the following flush process for all hives (except for the System hive): 1. All changed data is written to the hive's .log file along with a map of where it is in the hive, and then a flush is performed on the ..log file. All changed data has now been written in the .log file. 2. The first sector of the hive file is marked to indicate that the file is in transition. 3. The changed data is written to the hive file. 4. The hive file is marked as completed. Note If the system shuts down between steps 2 and 4, when the hive is next loaded at startup (unless it's a profile hive that is loaded at logon), the system sees the mark left in step 2, and proceeds to recover the hive using the changes contained in the .log file. That is, the .log files are not used if the hive is not in transition. If the hive is in transition, it cannot be loaded without the .log file. A different flush process is used for the System hive because it is an important element during system startup and is used too early during startup to be recovered as described in the previous flush process. The System.alt file contains a copy of the data contained in the System file. During the flush process, changes are marked, written, and then marked as done. Then the same flush process is followed for the System.alt file. If there is a power failure, hardware failure, or software problems at any point during the process, either the System or System.alt file contains the correct information. The System.alt file is similar to a .log file except that at load time, rather than having to reapply the logged changes, the system just switches to System.alt. The System.alt file is not needed unless the System hive is in transition. http://www.microsoft.com/resources/d....mspx?mfr=true Windows NT Workstation Resource Kit: Overview of the Windows NT Registry http://msdn.microsoft.com/en-us/libr...84(VS.71).aspx ACID Properties John |
#18
|
|||
|
|||
registery files
I remember I used to compress manually my registry files in win98. I
don't know if that can be done anymore or not. Everyone says get a registry compression tool. I have several registry cleaner tools and one cleans up where another is clueless. The following hive keys seem to have a header in them. That could recreate the registry. System, software, sam and hardware. I would rename my old user.dat and system.dat only onlt two registry files back then, import the saved reg files from DOS and have a new registry never needing to be compressed again. I also made a copy of the swap file then win386.??? something or other. defrag the copy, rename it and erase the original made by windows. Windows should also place the swap pagefile.sys now of course at the beginning of the drive. Can I use these little twinks with XP MCE now? I am running SP2 and I believe I have all the updates. I also have a copy of SSP3 but I'm just not running it right now. Bill |
#19
|
|||
|
|||
registery files
Bill Cunningham wrote:
I remember I used to compress manually my registry files in win98. I don't know if that can be done anymore or not. Everyone says get a registry compression tool. I have several registry cleaner tools and one cleans up where another is clueless. The following hive keys seem to have a header in them. That could recreate the registry. System, software, sam and hardware. I would rename my old user.dat and system.dat only onlt two registry files back then, import the saved reg files from DOS and have a new registry never needing to be compressed again. You don't really need to bother with these on any of the NT versions (Windows XP is NT 5.1) System Restore does registry backups. If you want to use another backup tool try Erunt. If you want to compact the registry try NTRegOpt, both are available he http://www.larshederer.homepage.t-online.de/erunt/ In my opinion registry cleaners are next to utterly useless and for most part they cause more harm than good, you really don't need to use these cleaners on Windows XP. I also made a copy of the swap file then win386.??? something or other. defrag the copy, rename it and erase the original made by windows. Windows should also place the swap pagefile.sys now of course at the beginning of the drive. Can I use these little twinks with XP MCE now? I am running SP2 and I believe I have all the updates. I also have a copy of SSP3 but I'm just not running it right now. If you want to defrag the pagefile use SysInternals' PageDefrag: http://technet.microsoft.com/en-us/s.../bb897426.aspx PageDefrag PageDefrag will also defrag the registry hives and the event logs. John |
#20
|
|||
|
|||
registery files
"John John - MVP" wrote in message ... No, you do not want to disable the Event Log! The log is an important source of information about 'stuff' that happens on your computer. Problems and errors are often recorded in the Event Log, the log can be an invaluable troubleshooting tool, it is almost always one of the first place to look when problems arise. You should familiarize yourself with the Event Viewer and make it a habit of taking a look in there once in a while, you might get early warnings of impending problems or be warned of things going on that would otherwise go unnoticed on your machine. To launch the Event Viewer enter eventvwr in the Start menur Run box. Atomicity: A transaction is a unit of work in which a series of operations occur between the BEGIN TRANSACTION and END TRANSACTION statements of an application. A transaction executes exactly once and is atomic — all the work is done or none of it is. Atomicity and Hive Recovery in the Registry The Registry ensures atomicity of individual actions. This means that any change made to a value (to set, delete, or save) either works or does not work: The result will not be a corrupted combination of the old and new configuration even if the system stops unexpectedly because of power failure, hardware failure, or software problems. For example, if an application sets a value for an entry and the system shuts down while this change is being made, when the system restarts, the entry will have either the old value or the new value, but not a meaningless combination of both values. In addition, the size and time data for the key containing the affected entry will be accurate whether the value was changed or not changed. Flushing Data In Windows NT, data is written to the Registry only when a flush occurs, which happens after changed data ages past a few seconds, or when an application intentionally flushes the data to the hard disk. The system performs the following flush process for all hives (except for the System hive): 1. All changed data is written to the hive's .log file along with a map of where it is in the hive, and then a flush is performed on the .log file. All changed data has now been written in the .log file. 2. The first sector of the hive file is marked to indicate that the file is in transition. 3. The changed data is written to the hive file. 4. The hive file is marked as completed. Note If the system shuts down between steps 2 and 4, when the hive is next loaded at startup (unless it's a profile hive that is loaded at logon), the system sees the mark left in step 2, and proceeds to recover the hive using the changes contained in the .log file. That is, the .log files are not used if the hive is not in transition. If the hive is in transition, it cannot be loaded without the .log file. A different flush process is used for the System hive because it is an important element during system startup and is used too early during startup to be recovered as described in the previous flush process. The System.alt file contains a copy of the data contained in the System file. During the flush process, changes are marked, written, and then marked as done. Then the same flush process is followed for the System.alt file. If there is a power failure, hardware failure, or software problems at any point during the process, either the System or System.alt file contains the correct information. The System.alt file is similar to a .log file except that at load time, rather than having to reapply the logged changes, the system just switches to System.alt. The System.alt file is not needed unless the System hive is in transition. http://www.microsoft.com/resources/d....mspx?mfr=true Windows NT Workstation Resource Kit: Overview of the Windows NT Registry http://msdn.microsoft.com/en-us/libr...84(VS.71).aspx ACID Properties John What device makes the log and sav files? My system doesn't seem to have a system.alt on it. Bill |
#21
|
|||
|
|||
registery files
Bill Cunningham wrote:
"John John - MVP" wrote in message ... No, you do not want to disable the Event Log! The log is an important source of information about 'stuff' that happens on your computer. Problems and errors are often recorded in the Event Log, the log can be an invaluable troubleshooting tool, it is almost always one of the first place to look when problems arise. You should familiarize yourself with the Event Viewer and make it a habit of taking a look in there once in a while, you might get early warnings of impending problems or be warned of things going on that would otherwise go unnoticed on your machine. To launch the Event Viewer enter eventvwr in the Start menur Run box. Atomicity: A transaction is a unit of work in which a series of operations occur between the BEGIN TRANSACTION and END TRANSACTION statements of an application. A transaction executes exactly once and is atomic — all the work is done or none of it is. Atomicity and Hive Recovery in the Registry The Registry ensures atomicity of individual actions. This means that any change made to a value (to set, delete, or save) either works or does not work: The result will not be a corrupted combination of the old and new configuration even if the system stops unexpectedly because of power failure, hardware failure, or software problems. For example, if an application sets a value for an entry and the system shuts down while this change is being made, when the system restarts, the entry will have either the old value or the new value, but not a meaningless combination of both values. In addition, the size and time data for the key containing the affected entry will be accurate whether the value was changed or not changed. Flushing Data In Windows NT, data is written to the Registry only when a flush occurs, which happens after changed data ages past a few seconds, or when an application intentionally flushes the data to the hard disk. The system performs the following flush process for all hives (except for the System hive): 1. All changed data is written to the hive's .log file along with a map of where it is in the hive, and then a flush is performed on the .log file. All changed data has now been written in the .log file. 2. The first sector of the hive file is marked to indicate that the file is in transition. 3. The changed data is written to the hive file. 4. The hive file is marked as completed. Note If the system shuts down between steps 2 and 4, when the hive is next loaded at startup (unless it's a profile hive that is loaded at logon), the system sees the mark left in step 2, and proceeds to recover the hive using the changes contained in the .log file. That is, the .log files are not used if the hive is not in transition. If the hive is in transition, it cannot be loaded without the .log file. A different flush process is used for the System hive because it is an important element during system startup and is used too early during startup to be recovered as described in the previous flush process. The System.alt file contains a copy of the data contained in the System file. During the flush process, changes are marked, written, and then marked as done. Then the same flush process is followed for the System.alt file. If there is a power failure, hardware failure, or software problems at any point during the process, either the System or System.alt file contains the correct information. The System.alt file is similar to a .log file except that at load time, rather than having to reapply the logged changes, the system just switches to System.alt. The System.alt file is not needed unless the System hive is in transition. http://www.microsoft.com/resources/d....mspx?mfr=true Windows NT Workstation Resource Kit: Overview of the Windows NT Registry http://msdn.microsoft.com/en-us/libr...84(VS.71).aspx ACID Properties John What device makes the log and sav files? My system doesn't seem to have a system.alt on it. A device? A device usually refers to hardware, the files are generated by Windows, I don't know the exact calls or functions that are used to create the files. My error about the system.alt file, I should not have pasted that information here. [quote] Windows XP and Windows Server 2003 do not maintain a System.alt hive because NTLDR on those versions of Windows can process the System.log file to bring up to date a System hive that has become inconsistent during a shutdown or crash. [end quote] http://live.sysinternals.com/Tools/W...s-Chapter4.pdf John |
|
Thread Tools | |
Display Modes | |
|
|