Previous Table of Contents Next


Finding Service And Device Driver Information In The Registry

When you install a service under Windows NT on your computer, the setup program for the service creates service-specific subkeys under the HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet\Services\ServiceOrDeviceName key, where ServiceOrDeviceName is the name of the installed service or device. If you look at the Server service key (in the registry as LanmanServer), as shown in Figure 12.4, you can see some of the system-specific keys you might encounter while traversing the registry.


Figure 12.4  Examining a service key with the Registry Editor.

A service’s root key contains service-specific information that you can use to determine various dependencies, the service’s display name, the service’s startup type, the executable file for the service, and various other bits of information. This information can be extremely valuable in troubleshooting a failed service or gaining a fuller understanding of how Windows NT functions. The basic subkeys you might find of interest include the following:

  DependsOnGroup—Specifies that the service or device depends on other services or devices before it can be started. While not all inclusive, Table 12.2 includes a list of service and device dependencies for the base Windows NT product.
 
Table 12.2 Windows NT Server DependsOnGroup values.

Service Or Device Depends On Group Display Name
4mmdat SCSI miniport N/A
bh NDIS Network Monitor Agent Driver
Cdfs SCSI CDROM Class N/A
Cdrom SCSI miniport N/A
Disk SCSI miniport N/A
DLC NDIS DLC Protocol
LanmanServer TDI Server
LanmanWorkstation TDI Workstation
LmHosts Network Provider TCP/IP NetBIOS Helper
NetBIOS TDI NetBIOS Interface
Parallel Parallel arbitrator N/A
ParVDM Parallel arbitrator N/A
Scsiprnt SCSI miniport N/A
Scsiscan SCSI miniport N/A
Sfloppy SCSI miniport N/A
SimpTcp TDI Simple TCP/IP Services
Streams NDIS Streams Environment


  DependsOnService—Specifies that the service depends on other services before it can be started. While not all inclusive, Table 12.3 includes a list of service dependencies for the base Windows NT product.
 
Table 12.3 Windows NT Server DependsOnService values.

Service Depends On Service(s) Display Name
Alerter LanmanWorkstation Alerter
Browser LanmanWorkstation, LanmanServer, LmHosts Browser
ClipSrv NetDDE Clipbook Server
DHCP Afd, NetBT, TCPIP DHCP Client
DHCP Server Rpcss, NTLMSSP DHCP Server
DNS Afd, NetBT, TCPIP, Rpcss, NTLMSSP Microsoft DNS Server
GopherSvc Rpcss, NTLMSSP Gopher Publishing Service
LdapSVC Rpcss Microsoft LDAP Service
Messenger LanmanWorkstation, NetBIOS Messenger
MSFTPSvc Rpcss, NTLMSSP FTP Publishing Service
NetBT TCPIP WINS Client(TCP/IP)
NetDDE NetDDEDSDM Network DDE
NetLogon LanmanWorkstation, LmHosts Net Logon
NmAgent bh Network Monitor Agent
NsoSvc Rpcss, NTLMSSP Microsoft Netshow OnDemand Server Service
Parallel Parport N/A
ParVDM Parport N/A
RASArp TCPIP Remote Access ARP Service
RASAuto RasMan Remote Access Autodial Manager
RASMan tapisrv Remote Access Connection Manager
Remote Access Lanman Server, RasMan, NetBIOS, NetBt, Nbf Remote Access Server
Replicator LanmanServer, LanmanWorkstation Replicator
RPCLocator LanmanWorkstation, RDR Remote Procedure Call (RPC) Locator
SimpTcp Afd Simple TCP/IP Services
SNMP TCPIP, EventLog SNMP Service
SNMPTrap TCPIP, EventLog SNMP Trap Service
W3Svc Rpcss, NTLMSSP World Wide Web Publishing Service
WINS Rpcss, NTLMSSP Windows Internet Name Service


  DisplayName—Specifies the full text-based name used for display purposes.
  ErrorControl—Specifies a value that is used to determine how Windows NT will handle an error during a service or device startup. If the value is 0x0 (No Error), no error will be reported. If the value is 0x1 (Normal), an error will be reported, but the system startup process will continue. If the value is 0x2 (Severe Error) or 0x3 (Critical Error), an error will be reported, and the Last Known Good Configuration will be used.
  Group—For convenience, device drivers can be ranked in a group. This group specifies a load order for the device drivers at startup time. While not all inclusive, the following list includes the service groups for the base Windows NT product:
  BASE—Beep, KsecDD, Null
  Boot Files System—Fastfat, Fs_Rec
  Event Log—EventLog
  Extended Base—Modem, Parallel, Scsiprnt, Serial
  File System—Cdfs, Msfs, Npfs, Ntfs
  Filter—Cdaudio, Changer, Diskperf, Ftdisk, Simbad
  Keyboard Class—Kbdclass
  Keyboard Port—i8042prt
  NDIS—EE16, NDIS
  NetBIOSGroup—NetBIOS
  NetDDEGroup—NetDDE
  Network—Mup, Rdr, Srv
  NetworkProvider—LanmanWorkstation
  Parallel Arbitrator—Parport
  PCI Configuration—PCIDump
  PlugPlay—PlugPlay
  Pointer Class—Mouclass
  Pointer Port—Busmouse, Inport, Sermouse
  Port—None
  PNP_TDI—NetBT, Tcpip
  Primary Disk—Abiosdsk, Atdisk, Floppy, Sfloppy
  RemoteValidation—NetLogon
  SCSI CDROM Class—Cdrom
  SCSI Class—Disk, Scsiscan
  SCSI Miniport—Aha154x, Aha174x, aic78xx, Always, ami0nt, amsint, Arrow, atapi, BusLogic, Cpqarray, dac960nt, dce376nt, Delldsa, DptScsi, dtc329x, Fd16_700, Fd7000ex, Fd8xx, mitsumi, mkecr5xx, Ncr53c9x, Ncrc700, Ncrc710, ncrc810, Oliscsi Ql10wnt slcd32, Sparrow, Spock, T128, T13B, tmv1, Ultra124, Ultra14f Ultra24f, Wd33c93
  SpoolerGroup—Spooler
  Streams Drivers—None
  System Bus Extender—Pcmcia
  TDI—Afd, DHCP
  Video—Ati, Cirrus, Dell_DGX, Et400, Jazzg30, Jazzg364, Jzvxl484, mga, mga_mil, ncr77c22, psidisp, qv, s3, tga, v7vram, VgaSave, wd90c24a, wdvga, weitekp9, Xga
  Video Init—VgaStart
  Video Save—VgaSave
  ImagePath—Specifies the full path and file name of the application to load.
  Start—Specifies the startup value for the service or device driver. These values include:
  0x0—Only applicable to device drivers and specifies that the device driver is a Boot time device. Boot time devices are considered part of the driver stack and are loaded automatically as part of the boot loader process.
  0x1—Only applicable to device drivers and specifies that the device driver is a System device loaded by the I/O subsystem at kernel initialization.
  0x2—Specifies that the service or device is an Auto Load service or device and is started at system startup by the Service Control Manager.
  0x3—Specifies that the service or device is a Load On Demand service or device and can be started at any time by the Service Control Manager.
  0x4—Specifies that the service or device is a Disabled service or device and can be loaded at any time by the Service Control Manager, but not started.
  Type—Specifies the type of service or device driver. These values include:
  0x1—A kernel mode device driver.
  0x2—A file system device driver. File system device drivers are also kernel mode drivers.
  0x4—An argument list for a hardware device.
  0x10—A Win32 application that operates in its own process address space and provides an interface to the Service Control Manager. This allows the Service Control Manager to start, stop, pause, and continue a service. Not all services support the pause and continue commands.
  0x20—A Win32 service that can operate in a shared address space with other Win32 services.


Note:  You might also encounter the key ObjectName in a service key. This key contains the account name the service will use to log on to the computer when started, if the type is a Win32 service (0x10 or 0x20). If the type is a kernel mode device driver (0x1) or file system device driver (0x2), then the key contains the driver object name that the Windows NT I/O Manager will use to load the device driver.


Previous Table of Contents Next