Windows registry: A user's guide

You might have heard about windows registry.Many of us use registry without even knowing exactly how it works.In this article i will explain windows registry with the discussion being limited only to windows XP ,as i dont care about vista(i switched back you see) and 98 is dead.

• What is registry?

It is a directory which stores different settings and options.All the contents are arranged in hierarchal manner. It provides information and settings for all the hardware, operating system and currently installed programs alongwith the changes made to default system configurations.

• Structure of Windows registry:

As i said the registry is arranged in hierarchal manner.It has five main branches and each can expanded into sub-branches called "Keys".Each key can contain one or more "Values".The value can be of different types such as string (_SZ), binary(_BINARY), Double word(_DWORD) or even no type(_NONE).

• Where is it stored?

In windows XP it is stored in two directories depending upon corresponding "Hives". Each of these hives need support files containing its data. "%SystemRoot%\System32\Config" and "%SystemRoot%\Profiles\Username" are the directories that contain these files.

• Branches:

The windows XP registry is divided into five main branches(Hives).These branches are named starting with "HKEY" and these names are then abbreviated to four letters starting with "HK".
I have listed all branches in accordance with the order they appear in XP registry.

1. HKEY_CLASSES_ROOT:(HKCR)
   

This key contains all the file extension associations and COM class registration information such as ProgIDs, CLSIDs, and IIDs.
Actually this information is a compilation of registration and file extension information stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. The HKCR key provides a view of the registry that merges the information from these two sources.

2.HKEY_CURRENT_USER:(HKCU)

As the name suggests this hive stores all the data related to the currently logged-in user. You can find this as "NTUSER.DAT" in "%SystemRoot%\Profiles\Username"
The information stored under this hive includes control panel settings, system events etc.

3.HKEY_LOCAL_MACHINE (HKLM)

This branch contains information about all of the hardware and software installed on your computer.
A list of all active hives can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

4.HKEY_USERS:(HKU)

This key contains the information related to all the users currently registered with the system.

5.HKEY_CURRENT_CONFIG:(HKCC)

This branch points to the part of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration. It contains information about the hardware profile that is used by the local computer at system startup.

• Moving through the registry:

The Registry Editor (regedit.exe) is included with Windows enables manual editing as well as viewing of the contents of the Registry. To use this just type "regedit" at RUN and hit "Enter".
After this you'll see a window divided into two panes. The left side shows a tree with folders (see image for reference), and the right side shows the contents (values) of the currently selected folder (key).
To expand any branch, click on the little plus sign [+] to the left of any folder, or just double-click on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side

• Editing the registry:

This can also be called as "importing into" the registry.

1. Manual editing:

A new key or value can be added by selecting New from the Edit menu. You can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete.Few registry edits will need you to restart system to take effect.

2.Using Registration entries:(.reg files)

The registry can be edited by simply merging ".Reg" file in it. Again it can be done manually by double clicking or by using logon/logoff scripts. The examples for these can be found here and here.

• Exporting:

Can also be referred as "backing up" of the registry.
Just ope the Registry Editor, select a branch, and choose "Export" from the File menu. Then, specify a filename, and press OK. The file will be saved as ".Reg" file.By opening it in Notepad (right-click on it and select Edit) its contents can be viewed.To apply it to the registry just open it by double clicking.


PS:
If you like this article and are interested in learning .reg scripts then leave a comment i'll be happy to explain in next article.