Think of registry editor as a large table where the system configurations and application settings are stored hierarchically. Various applications use the Windows registry in some way or the other and applications use the registry API to retrieve, modify or delete data from the registry. There are lots of things which can be done with Windows registry, however we will confine this article to understand the structure and operation of Windows registry.
Structure of Windows Registry
The Windows registry is made up of two fundamental elements – keys and values. The data stored in Windows registry is structured in a tree format where each node is called a key. Each key can contain several subkeys which again can contain more subkeys and so on. Each key also contains data entries called values. This depends from application to application; some application do not require to store values in a particular key. This is because the presence of the key is sufficient for the application to perform a task. On general instances, an application opens a key and uses the value associated with it. The name of a key can contain alphabets and numbers, they are not case sensitive but the use of backslash character () is not allowed.
Predefined Keys in Windows Registry
There are six Root Keys:
HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG HKEY_DYN_DATA
HKEY_CLASSES_ROOT: This root key stores information about registered applications, file associations and OLE object class ID’s. Shell and COM applications user the information stored in this key. This key also stores information for DDE and OLE support, thus allows backward compatibility with Windows registration databases. HKEY_CURRENT_USER: This key stores only user specific settings which means that the settings for currently logged in users (including administrators) are stored in this key. Each user’s settings is stored in a new NTUSER.DAT and USRCLASS.DAT files – you can check the files from My Computer -> OS Drive -> Documents and Settings. User specific settings and preferences include the settings for environment variables, startup items, program groups, active network connections and other application preferences. Whenever you use “Switch user” or Log off from one user and Log in back again – this key is triggered and it starts loading all the user defined system variables and environment modules. An example will make the situation more clear. Suppose Harry and Tom use the same computer and both of them use the same Word processor application for writing articles. Harry has chosen the default font as “Arial” while Tom has set “Verdana” as the default font. The Word processor has stored this information under HKEY_CURRENT_USER\Softwarename\ and whenever the system finds a specific user, it starts loading the environment from the application’s subkey defined under HKEY_CURRENT_USER HKEY_LOCAL_MACHINE : The subkeys defines under HKEY_LOCAL_MACHINE key define the physical state of the computer. This includes different issues – available system memory, bus type, installed hardware details and so on. The subkeys contain a complete list of hardware configuration data that has ever been used by the operating system. Other critical system information are also stored under this key, this includes network preferences, plug and play information, network security, server names and so on. There are four main subkeys of HKEY_LOCAL_MACHINE – SECURITY, SYSTEM, SOFTWARE and SAM. The files can be found from My Computer -> OS Drive -> Windows -> System 32 -> Config. The fifth subkey named “HARDWARE” is created dynamically and the data is not stored locally on disk. The SYSTEM subkey holds all the information about system drivers and services, while the SOFTWARE subkey contains Windows settings other software details. HKEY_USER: This key consists of subkeys that correspondsto HKEY_CURRENT_USER keys for each active user profile available on the operating system. Registry entries that are subordinate to this key define the user configuration for new users on the local machine as well the user configuration for the logged in user. HKEY_CURRENT_CONFIG: This root key contains information that are available at the run time and information available about the hardware profile of the operating system. The information available in this registry key is not stored to disk but it is dynamically generated when the system boots. The values stored in this key (and it’s subkeys) describe the differences between the current hardware configuration and the standard configuration of the operating system. This key can also be called an alias of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current HKEY_DYN_DATA: This key is used on older versions of Windows NT – Windows 95- Windows Me. It contains information about various hardware devices and network performance statistics. The information is gathered dynamically during system boot and stored in RAM but not on disk.
Editing the Windows Registry
To access Windows registry, type regedit in the search box of Windows start menu. If you are running Windows XP or earlier versions, go to Run -> regedit and hit Enter to open the registry editor.
Modifying the values of existing registry entries should be done carefully because any wrong changes made may lead to system instability. Further reading on Windows Registry:
- How to backup registry in Windows7 2. How to clean up Windows registry 3. Why Defragment the Windows Registry
