During capture I got some registry entries I cannot find any info about, anyone know if these are junk or not or can refer to any URL as I can't find anything regarding these.

HKLM\SOFTWARE\Microsoft\ESENT\Process\rundll32\DEBUG
Value Name: Trace Level
Data Type: REG_SZ
Value Data: <blank>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD
Value Name (REG_DWORD) & Data:
Enable = 1
Enumerate as ICD = 0
IO Priority = 0
Palettized Formats = 1
SwapSync = 1
Use Generic Stencil = 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
Value Name: DisplayParams
Data Type: REG_BINARY
Value Data: <long line>
Registry description from: http://www.ez-pc.org/?midx=205&didx=40
To change the font that is used in the MS-DOS window:
Open the registry editor
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\MS-DOS Emulation
Change the value of Font to Courier New (or any other fixed space font you have available)
Close the registry editor.
Restart the computer for the change to take effect.


I created a C:\logs directory and shared it manually
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares
Value Name: logs
Data Type: REG_MULTI_SZ
Value Data:
CSCFlags=0
MaxUses=4294967295
Path=C:\logs
Permissions=0
Remark=
Type=0

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\Security
Value Name: logs
Data Type: REG_BINARY
Value Data: <long line>
Registry description:
http://support.microsoft.com/kb/125996

Hope anyone have any insite of these registry entries and maybe what to do.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
From memory...

- SOFTWARE\Microsoft\ESENT key is connected with Task Manager
- lanmanserver key will record local shares
- MS-DOS Emulation key, I think you've already discovered is connected with the DOS command prompt window and behaviour of CMD.EXE
- MCD is connected with the OpenGL mini-client driver
Answered 11/10/2008 by: VBScab
Red Belt

Please log in to comment
0
Hi Ian & thanks for the info!

Did a search for ESENT and only found some details regarding HKLM\SYSTEM\CurrentControlSet\Services\ESENT
at: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbm_mon_pzgc.mspx?mfr=true
The Database object relates to the Extensible Storage Engine (ESENT), the transacted database system that stores all Active Directory objects. This performance object is not installed by default. The counters on the Database object enable you to perform advanced tuning of Active Directory. You can also use some of the counters to help determine whether you need more disk drives for storage of logs or database.

I'm not sure they relay to the same though but as it's talking about performance maybe the "Trace Level" under the DEBUG key is some how connected. The application is Java driven if that makes any sense.
Answered 11/10/2008 by: AngelD
Red Belt

Please log in to comment
0
ESENT

That is antivirus as I use the same program at home :)

http://www.eset.com/

At least I am 90% sure thats the name of the service I see in taskmanager anyway.

P
Answered 11/10/2008 by: Inabus
Second Degree Green Belt

Please log in to comment
0
Nice guess Paul,

However, I do not have any anti-virus on my clean packaging machine.
Except for WPS I only installed "J2SE Development Kit 5.0 Update 15" and .NET Framwork 1.1 + SP1 and 2.0 as it's required for the application.

The application I'm working with is "Versant Developer Suite 6.0.5.3"

Thanks anyway!
Answered 11/10/2008 by: AngelD
Red Belt

Please log in to comment
0
Bah, ill go back in my box then :p

I will say, before I close the lid, that the ESNET key is on my machine here as well and appears to be part of the O/S and having also checked a clean virgin XP SP2 build I can also confirm its on there too I would therefore remove it from your snap.

P
Answered 11/11/2008 by: Inabus
Second Degree Green Belt

Please log in to comment
0
Paul,

During capture the DEBUG key is created with the Trace Level entry so don't know if it's needed or not for the application.
Answered 11/12/2008 by: AngelD
Red Belt

Please log in to comment
0
In your position, Kim, I'd leave it out and ProcMon the app as it runs. If it attempts to read/write the entry, put it back.
Answered 11/13/2008 by: VBScab
Red Belt

Please log in to comment
0
Well, now that is a good idea!
Didn't even think about ProcMon [8|]
Answered 11/13/2008 by: AngelD
Red Belt

Please log in to comment
0
Hmmm...perhaps I need to mention it more...what do you think?
Answered 11/13/2008 by: VBScab
Red Belt

Please log in to comment
0
Yeah, as every other doesn't seems to work for me [;)]
Answered 11/13/2008 by: AngelD
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity