Understanding the Windows Registry
The Windows registry is one part of the Windows operating system that the average user will probably never access. It can be intimidating, confusing to a user, and making the wrong change within it can prevent Windows from loading. Many Windows and application settings are stored within the registry, which makes it very powerful for customizing an application or Windows itself.
I won’t go into detail about the various Windows settings that can be changed within this post, but I will introduce the organization and structure of the registry.
Accessing the Registry
Accessing the Windows registry is just a matter of running an application included with Windows. The application is not included on the start menu, so you will need to execute it manually.
Use the following steps to access the registry:
- Click Start->Run. The Run dialog will be displayed.
- Type regedit in the dialog.
- Click the OK button.
The registry editor application will now be displayed on the screen. The next few ections will describe how the registry is organized.
On the left side of the registry editor you will notice what looks like some folders. These folders are called hives and store information about your applications, Windows, and computer. Each hive stores specific information. The following table provides a brief description of each hive.
|HKEY_CLASSES_ROOT||Stores any object registration so that applications know where to find objects and how to use them. File extension information, such as which program to use to open a specific file, is also stored here.|
|HKEY_CURRENT_USER||Any settings specific to your user ID is stored in this hive. This includes such things as your specific Windows settings (desktop background, personal folders, and sounds) as well as any application settings that are used by you. Sometimes when you install applications you can specify to only install for your ID or everyone who logs in. If you specify you only, then the application will install its settings in this hive. If you choose everyone, then the HKEY_LOCAL_MACHINE hive is used.|
|HKEY_LOCAL_MACHINE||This hive is similar to the HKEY_CURRENT_USER hive but all settings stored here can be used by all users. Many application and Windows settings are found here as they may need the same settings for all users, such as an install location.|
|HKEY_USERS||When a user logs in, the HKEY_CURRENT_USER key is retrieved from this hive. Expanding this hive shows all the HKEY_CURRENT_USER hives for all users of the computer. The .DEFAULT key within this hive is used as a default hive for a new user.|
Keys and Values
Expanding a hive will display a list of what looks like sub-hives. These sub-hives are actually called keys. The key path are referenced similar to a directory structure: Hive\Key Name\Key Name. If you click on a key, you may see some other values appear on the right.
These values are comprised of a name and data. The data can be of the type string, binary, DWORD, QWORD (64-bit Windows, VISTA+), multi-string and expandable string. Most of the values stored are a string, binary or DWORD data type.
You may notice that every key has at least one value called (Default). This value will always be there, and sometimes may even have a value. If it doesn’t have a value it will be displayed with a (value not set) value.
All settings within the registry are stored in a hive-key-value arrangement.
Application and Windows Values
In this section we will look at how applications and Windows settings are stored in the registry. We will assume that the application is installed for all users so we will focus on the HKEY_LOCAL_MACHINE hive.
For most applications, the settings will usually be stored under the SOFTWARE\Company Name\Application Name arrangement. For example Microsoft products will be located in the SOFTWARE\Microsoft keys and each product will have a subkey in there. This is the easiest way of finding a specific setting for an application.
For example, to find what applications are executed at startup, just look in the SOFTWARE\Microsoft\Windows\CurrentVersion\Run key. If you want to stop something from running, and it is listed here, just delete the value on the right side. This may come in handy if some spyware or virus executes a program on Windows start.
Often times if you need to remove spyware or a virus manually, you may need to edit or delete a registry value. Using this post, you can easily figure out which registry key you will be removing, and what it may affect.
Registry Becoming Obsolete?
It seems Microsoft’s new method of storing application settings is through the use of XML files. The .Net framework makes extensive use of these XML files which have the extension .config. Even though the XML files are being used more and more, I don’t think the registry will be disappearing any time soon. Too many applications will depend on it for many years to come.
The Windows registry stores application and Windows settings for a specific user as well as all users on a computer. The registry is comprised of various hives that contain many keys and values. Although it can be easily modified, you must do so only if you know what you are changing, as changing the wrong setting can affect your computer in a bad way.