Skip to main content

USING WINDOWS ADMIN TOOLS LIKE A PRO/WINDOWS REGISTRY EDITOR

What is the Registry?

The Windows Registry is a hierarchical database that contains all of the configurations and settings used by components, services, applications, and pretty much everything in Windows.
The registry has two basic concepts to be aware of: Keys and Values. Registry Keys are objects that are basically folders, and in the interface even look exactly like folders. Values are a bit like the files in the folders, and they contain the actual settings.
When you open the Registry Editor for the first time, you’ll see a treeview on the left-hand pane that contains all of the keys, with values on the right-hand side. It’s about as simple as an interface gets.
clip_image002
The root-level keys that you see in the left-hand side of the screenshot are important. Each one houses a different set of information, so depending on what you are trying to do, you’ll need to know which section to browse down into.
The interesting thing that most people don’t know is that 3 of the 5 items on the root level aren’t actually there… they are just linked to items further down in one of the other keys.

HKEY_CLASSES_ROOT

Windows uses this section to manage file type associations, and it is usually abbreviated HKCR when being referenced in documentation. This key is actually just a link to HKLM\Software\Classes.
You can also use this section if you want to tweak the context menu for a particular file type.

HKEY_CURRENT_USER

Holds the user settings for the currently logged in user, and is usually abbreviated HKCU This is actually just a link to HKEY_USERS\. The most important sub-key in here is HKCU\Software, which contains user-level settings for most of your software.

HKEY_LOCAL_MACHINE

All of the system-wide settings are stored here, and it is usually abbreviated as HKLM. You’ll mostly use the HKLM\Software key to check machine-wide settings.

HKEY_USERS

Stores all of the settings for all users on the system. You’ll typically use HKCU instead, but if you need to check settings for another user on your computer, you can use this one.

HKEY_CURRENT_CONFIG

Stores all of the information about the current hardware configuration. This one isn’t used very often, and it just a link to HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current.

Creating New Keys and Values

Right-clicking on any key in the left-hand side of the window will give you a set of options, most of which are fairly straightforward and easy to understand.
clip_image003
You can create a new Key, which will show up as a folder on the left-hand side, or a new value, which will show up on the right-hand side. Those values can be a little confusing, but there are really only a couple of values that are used regularly.
  • String Value (REG_SZ) – This contains anything that will fit into a regular string. The vast majority of the time, you can edit human-readable strings without breaking everything.
  • Binary Value (REG_BINARY) – This value contains arbitrary binary data, and you will almost never want to attempt to edit one of these keys.
  • DWORD (32-bit) Value (REG_DWORD) – These are almost always used for a regular integer value, whether just 0 or 1, or a number from 0 to 4,294,967,295.
  • QWORD (64-bit) Value (REG_QWORD) – These are not used very often for registry hacking purposes, but it’s basically a 64-bit integer value.
  • Multi-String Value (REG_MULTI_SZ) – These values are fairly uncommon, but it works basically like a notepad window. You can type multi-line textual information into a field like this.
  • Expandable String Value (REG_EXPAND_SZ) – These variables have a string that can contain environment variables and is often used for system paths. So a string might be %SystemDrive%\Windows and would expand to C:\Windows. This means that when you find a value in the Registry that is set to this type, you can change or insert environment variables and they will be “expanded” before the string is used.
Fun Fact: DWORD is short for “Double Word”, because a “Word” is a term for the default unit of data used by a processor, and when Windows was created that was 16 bits. So a “word” is 16 bits, and a “Double Word” is 32 bits. While modern processors are all 64-bit, the Registry still uses the older format for compatibility.

The Favorites Menu

One of the really useful features that nobody seems to notice is the Favorites menu, which is great when you want to check a registry location regularly. What’s really fun is that you can export the list of favorites and use it again on another computer without having to browse down to the keys and add them to the favorites menu.
It’s also a great way to bookmark something in the registry if you are looking around in multiple locations, so you can easily flip back to the last place you were at.
clip_image004

Exporting Registry Files

You can export registry keys and all of the values contained underneath them by right-clicking on a key and choosing Export. This is really important if you are going to be making changes to your system.
clip_image005
Once you’ve got your exported registry file, you can double-click on it to enter the information back into the registry, or you can choose Edit to take a look at the contents in Notepad.
clip_image006
The registry hacking file format is pretty simple – value names on the left, and actual values on the right.
clip_image007

For more on registry hack files, make sure to read our guide on the subject.

Setting Permissions

Some of the registry keys won’t allow you to make changes by default. This is generally because you don’t have permission to those keys, but you can tweak the permissions scheme if you want by right-clicking a key and choosing Permissions, and then adjusting them from there.
clip_image008
We should note that this is not a good idea, and you should usually stay away from keys that require this much work to edit.

Loading Registry Hives

You can use the File -> Load Hive feature to load up a registry from an offline system. Perhaps you are troubleshooting another computer, and would like to see what is going on in the registry for a system that isn’t booting. So you boot the system from a rescue disk, or maybe a Linux live CD, and then copy the registry files onto your thumb drive.
Now you can open them up on another computer and look around by using the Load Hive option.
clip_image009

Where are these registry files stored?

You can find most of them in the Windows\System32\Config folder.
clip_image010
See those SAM, SECURITY, SOFTWARE, and SYSTEM files? They correspond to the same keys underneath the HKEY_LOCAL_MACHINE folder.
clip_image011
The data for the HKEY_CURRENT_USER branch is stored in your user folder, in a hidden file called NTUSER.DAT.

Backing Up Your Registry

You might have noticed over the years that every site that advises you to hack the registry in some way also tells you to backup your registry. But what’s the best way to do that?
You can’t export the entire registry to a file, and it wouldn’t work very well to import it again either. You also can’t easily access the files themselves on the hard drive, because they are completely locked. So that’s not going to work.
The best option to backup your registry? Create a System Restore point.
clip_image012
Rolling back a system restore point is quite easy.

Some Important Things to Note

While many people refuse to agree, the fact is that registry cleaners are pointless and should not be used. Cleaning up a few hundred keys out of a database of millions isn’t going to provide any performance boost, and any errors in the registry that resulted in a component not loading properly would be caught in Event Viewer or elsewhere, and could be fixed without resorting to cleaning the registry.
And don’t even get us started on registry “defrag”, which is complete nonsense these days. Perhaps back on Windows 95 with dirt-slow hard drives, it made sense. But now, with modern hard drives, or solid state drives that don’t need defragmenting at all? Don’t do it
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Setup a USB Flash Drive to Install Windows 7

If you have an ISO image of Windows 7, using Microsoft’s free utility is a quick and easy option to get the image on your USB flash drive. It requires XP SP2 or higher and if you’re using an XP machine you’ll need .NET Framework 2.0, and Microsoft Image Mastering API V2…both of which can be downloaded from the link below. It seemed to work best if I formatted the flash drive as NTFS before using the download tool. But that could be because of the flash drive I used…your mileage may vary.   It’s a pretty straight forward process, first browse to the location of your Windows 7 ISO file and click Next. Select USB device…this also helps you burn the ISO to DVD as well if you need that option. Choose your flash drive and click Begin copying. Now just wait for the process to complete. The drive will be formatted and files copied to the flash drive. When the process is finished you will be able to see the files on the flash drive as you would if you opened the installat...
1 comment
Read more

Configuring the Linksys WRT54GS Router for wifi

Basic ADSL Router setup The full GUI can be accessed at http://ui.linksys.com/WRT54G/v1-v4/4.20.7/index.htm location  The router will work out of the box, but has none of the security functions enabled as standard. It should be connected by Cat5 or 5e ethernet cable between a modem and the computer network as its job is to manage traffic and protect the network with its built-in firewall. Configuring the WRT54GS is quite straightforward thanks to its user-friendly web interface. To access it enter; http://192.168.1.1 into your web browser. You will be prompted to enter a username and password. Enter admin for both, you will be changing this later. Router Name This image above is of the first web interface showing the basic configuration settings. Nothing needs to be changed here for most home user setups, but I suggest changing the Router Name to something meaningful and changing the Time Zone. If you have made any changes, click Save at t...
1 comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are requ...
Post a Comment
Read more