Where can I find information about inbuilt registry keys for Windows Server 2008 R2?

Asked Dec 15 '11 at 12:25

Active Dec 15 '11 at 12:38

Viewed 918 times

Is there a resource for looking up the description and/or usage of W2K8 R2 registry keys? I need to understand integrity checksum change messages appearing in OSSEC logs on Amazon EC2 instances.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Epoch

Firewall related?

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

What could be changing interface settings? Does it get updated every reboot? During use?

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASP.NET_2.0.50727\Names

PIDs of worker processes. Seems legit.

The list goes on - I'd like to be able to look up and find out about any registry entry that changes. The alerts are useless if I can't understand them.

edited Dec 15 '11 at 12:38

MDMarra

100,183
32
195
326

asked Dec 15 '11 at 12:25

xddsg

3,202
2
26
33

Microsot has fairly detailed registry explanations on Technet and even public knowledgebases. – SpacemanSpiff Dec 15 '11 at 12:57
@SpacemanSpiff I've found the [2003 Technet reference](http://technet.microsoft.com/en-us/library/cc778196(WS.10).aspx) listed in [this ticket](http://serverfault.com/questions/5673/good-resources-to-learn-about-the-windows-registry), but not 2008 R2. The Epoch key is not listed in the 2003 reference. – xddsg Dec 15 '11 at 13:11

Where can I find information about inbuilt registry keys for Windows Server 2008 R2?

0 Answers0