Windows Registry Article Index for
Windows 		Website Links For
Windows 		 

Information About

Windows Registry
  CATEGORIES ABOUT WINDOWS REGISTRY
   
windows components
   
registry
   
configuration files
   
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



The Windows Registry was introduced to tidy up the profusion of per-program INI File s that had previously been used to store configuration settings for Windows programs. These files tended to be scattered all over the system, which made them difficult to keep track of.


REGISTRY STRUCTURE

The Registry is split into a number of logical sections. These are generally known by the names of the definitions used to access them in the Windows API , which all begin "HKEY" (an abbreviation for "Handle to a Key"); often, they are abbreviated to a three- or four-letter short name starting with "HK".

Each of these keys is divided into subkeys, which may contain further subkeys, and so on. Any key may contain values. These values can be:
  • String Value

  • Binary Value

  • DWORD Value (numbers between 0 and 4,294,967,295 – 1 )

  • Multi-String value

  • Expandable String Value

    • Each key has a default value, which is in effect a value with the same name as the key. Registry keys and values are specified with a syntax similar to Windows' filenames, using backslashes to indicate levels of hierarchy. E.g. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE key.


The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER nodes have a similar structure to each other; applications typically look up their settings by first checking for them in "HKEY_CURRENT_USER\Software\Vendor's name\Application's name\Version\Setting name", and if the setting is not found looking instead in the same location under the HKEY_LOCAL_MACHINE key. When writing settings back, the reverse approach is used — HKEY_LOCAL_MACHINE is written first, but if that cannot be written to (which is usually the case if the logged in user is not an administrator), the setting is stored in HKEY_CURRENT_USER instead.


HKEY_CLASSES_ROOT

Abbreviated HKCR, HKEY_CLASSES_ROOT stores information about registered applications, including associations from file extensions and OLE object class ids to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes is used.


HKEY_CURRENT_USER

Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged in user. HKCU mirrors the current user's subkey of HKEY_USERS.


HKEY_LOCAL_MACHINE

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are general to all users on the computer. This key is found within the file %SystemRoot%\System32\Config\system on NT-based versions of Windows. Information about system hardware is located under the SYSTEM key.


HKEY_USERS

Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user registered on the machine.


HKEY_CURRENT_CONFIG

Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time.


EDITING THE REGISTRY


Manual editing

The registry can be edited manually in Microsoft Windows by running regedit.exe or regedt32.exe in the Windows directory. However, careless registry editing can cause irreversible damage. Many optimization and " Hacking " tools are available to modify this portion of the Windows operating system. It is preferable to use one of the many registry cleaners available.

A simple implementation of the current registry tool appeared in Windows 3.x , called the "Registration Info Editor" or "Registration Editor". This was basically just a Database of applications used to edit embedded OLE objects in documents.

Windows NT introduced permissions for Registry editing. Windows NT 4 and Windows 2000 were distributed with both the Windows 9x REGEDIT.EXE program and Windows NT 3.x's REGEDT32.EXE program. There are several differences between the two editors on these platforms:
  • REGEDIT.EXE had a left-side tree view that began at "My Computer" and listed all loaded hives. REGEDT32.EXE had a left-side tree view, but each hive had its own window, so the tree displayed only keys. --- REGEDIT.EXE represented the three components of a value (its name, type, and data) as separate columns of a table. REGEDT32.EXE represented them as a list of strings.

  • REGEDIT.EXE was written for the Win32 API and supported right-clicking of entries in a tree view to adjust properties and other settings. REGEDT32.EXE was written for the Win32 API and required all actions to be performed from the top menu bar.

  • Because REGEDIT.EXE was directly ported from Windows 95 , it did not support permission editing (permissions do not exist on Windows 9x). Therefore, the only way to access the full functionality of an NT registry was with REGEDT32.EXE.

  • REGEDIT.EXE only supports string (REG_SZ), binary (REG_BINARY), and DWORD (REG_DWORD) values. REGEDT32.EXE supports those, plus expandable string (REG_EXPAND_SZ) and multi-string (REG_MULTI_SZ). Attempting to edit unsupported key types with REGEDIT.EXE on Windows 2000 or Windows NT 4 will result in registry corruption and, possibly, an unbootable system.Microsoft's '' Windows 2000 Security Hardening Guide '' version 1.3, published May 15 , 2003 , says "It is highly recommended to use regedt32.exe (a.k.a. the Windows NT registry editor) and not regedit.exe (a.k.a. the Windows 95 registry editor) to modify registry settings. Both editors ship with Windows 2000 and regedit.exe is generally perceived as easier to use. However, regedit.exe does not support all the registry data types and will convert certain types it does not understand. Certain values will not be read properly if they are converted and this can cause serious problems with the system, including failure to boot."


Windows XP was the first system to integrate these two programs into one, adopting the old REGEDIT.EXE interface and adding the REGEDT32.EXE functionality. The differences listed above are not applicable on Windows XP and newer systems; REGEDIT.EXE is the improved editor, and REGEDT32.EXE simply invokes REGEDIT.EXE.


Command line editing

On NT-based systems the registry can be manipulated from the Command Line with the reg.exe utility. It is included in Windows XP and can be downloaded separately for previous versions.

reg.exe Operation List