Demystifying the Windows Registry

Bleeping Computer Donate

Blogs

Chat

Search

Search Forums
RSS

Help

Advanced Search
Search with Google

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups or other malware infecting your computer? If so, Start Here!
Are you having trouble using this site? Then you should visit the New User Orientation Center!
Bleeping Computer -> Tutorials -> Advanced Microsoft Topics -> Demystifying the Windows Registry

Home Sections Popular New Tutorials

Enter keywords that you would like search our tutorials for:
Please note that all keywords must be 4 or more characters long.

Search

Demystifying the Windows Registry

by Bleeping Computer on 29th of Jun 2004

(Views: 74,653)
Tell a friend

Print Tutorial
Add to del.icio.us!

Submit to reddit!

digg it!

Submit to My-Tuts!

Demystifying the Windows Registry

Table of Contents
1.
2.
3.
4.
5.

Sponsors

Introduction
The Registry
Editing the Registry
Backing Up the Registry
Conclusion

Introduction

http://www.bleepingcomputer.com/tutorials/tutorial74.html (1 of 8)5/13/2007 3:27:25 PM

Antivirus
Purchase Premiere
Anti Spyware
software from
Kaspersky

Help Desk
Software
Help desk software
from Parature - the
best solution for
your company

Demystifying the Windows Registry

Ever since Windows 95, the Windows operating system has been using a centralized hierarchical
database to store system settings, hardware configurations, and user preferences. This database
is called the Windows Registry or more commonly known as the Registry. When new hardware is
installed in the computer, a user changes a settings such as their desktop background, or a new
software is installed, this information is stored in the registry. The operating system then
continually references this information during its operation. Though understanding the Registry
will provide good knowledge into the inner workings of your computer, it is important to take
extreme care when working with the Registry as modifying it incorrectly can cause problems with
the use of your operating system.

The Registry
Overview
The registry is a key component of the Windows operating system. It is so important, that
without it, Windows would not even run. When a new piece of hardware or software is installed in
Windows, it stores its configuration into the Registry. This allows Windows to retrieve that
information at later dates such as when it is starting up. As Windows starts it will read the
configuration in the registry and know what drivers need to be loaded, what settings to be
applied, and what resources need to be allocated in order for this equipment to work. Because
this information is stored in the Registry on your hard drive, Windows has this information
available each time it boots up.
The registry, though, is not only for operating system settings. User preferences and application
settings are stored in the Registry as well. When you change your desktop background or screen
saver, these details are stored in the Registry. Now when you shutdown Windows and start it up
again at a later date, your preferences are available and loaded automatically. Application
settings such as what directory you would like to download files to or what your default font is in
a word processor are stored here as well. As you can see the Registry contains information that is
not only vital to the use of the operating system, but also essential in allowing you to customize
Windows to your particular tastes.
Structure of the Registry
The Registry is a hierarchical structure similar to what you see when looking at a directory/file
tree on your computer. You have a main key, or Hive, with Keys, Subkeys and then Values. Each
of these are discussed below:
Hives - Hives are the top most portions of the hierarchical data tree with each Hive containing a
certain category of information. For example one Hive may contain the configuration that applies
to the particular user logged on, while another Hive will contain information about the hardware
installed in the computer. Depending on the version Windows that you are running there will be 5
or 6 different hives. Below we have outlined the 6 possible hives:
HKEY_CURRENT_USER (HKCU) This Hive contains the preferences and configuration for the particular user who is currently
logged in. If a different user is logged onto the same machine, then the information in this
Hive would change corresponding to that particular user's configuration.
HKEY_LOCAL_MACHINE (HKLM) This Hive contains the configuration for the actual computer. The information in this Hive
remains the same regardless of the user currently logged on.
HKEY_CLASSES_ROOT (HKCR) This Hive contains the information for that pertains to the core user interface such as file
associations and shortcuts.
HKEY_USERS (HKU) This Hive contains the user information for all the users that have ever logged onto this
computer.

http://www.bleepingcomputer.com/tutorials/tutorial74.html (2 of 8)5/13/2007 3:27:25 PM

Web
Search

BC

Demystifying the Windows Registry

HKEY_CURRENT_CONFIG (HKCC) This Hive contains the information about current hardware configuration. This Hive is linked
to the HKLM Hive.
HKEY_DYN_DATA (HKDD) This Hive is found only on Windows 95/98/ME. It contains information about hardware Plug
and Play. This Hive is linked to the HKLM Hive.
Keys - Keys are an organizational unit in the Registry. Keys are containers that can either
contain values or further subkeys. Subkeys themselves, can contain further subkeys. Keys are
similar to folders in that they can contain further subkeys or the file, or what we call values in the
Registry.
Values - Values contain the actual data that is being stored in a Key or a Subkey. There are quite
a few different types of values that can be stored in the Registry, but the most common that you
will see are binary, strings, and DWORD values.
When visualizing the Registry you should look at the Hives, Keys, and Subkeys as the path that
you will need to navigate in order to reach the final stored information which is the Value.
An example Registry key can be seen below. This Registry key controls what your initial start
page will be when using Internet Explorer.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
When we break this Key down to its components we can see the following:
HKEY_CURRENT_USER is the Hive that this key is associated with.
Software is a Key
Microsoft - This is a Subkey
Internet Explorer - This is a Subkey
Main - This is a Subkey
Start Page - This is the Value that the actual data is stored in. For this particular Value, the data
will be the start page that you want Internet Explorer to use.
Where the Registry is stored
The Registry itself is stored on your computer in certain files. Below we detail what files and their
locations are used to store the Registry based upon the particular version of Windows.
For Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, the Registry files
are stored in the following directories:
Systemroot\System32\Config
Systemroot\Profiles\Username
The names for the registry files are:
Sam, Sam.log, Sam.sav
Security, Security.log, Security.sav
Software, Software.log, Software.sav
System, System.alt, System.log, System.sav
System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log
Default, Default.log, Default.sav
For Windows 98, the registry files are named User.dat and System.dat and are stored in the C:
\Windows directory.
For Windows Millennium Edition, the registry files are named Classes.dat, User.dat, and System.
dat and are stored in the C:\Windows directory.

http://www.bleepingcomputer.com/tutorials/tutorial74.html (3 of 8)5/13/2007 3:27:25 PM

Demystifying the Windows Registry

How to edit the Registry

In order to modify values in the Registry you need to use a program called a Registry Editor.
Windows comes with a program called regedit.exe or otherwise known as Registry Editor. To
launch this program you should click on the Start button, then click on the Run option, and in the
field type regedit.exe and press the OK button. This will launch the Registry Editor.
When you open Registry Editor you will see two panes. The left pane is your navigation pane. By
default it will list all the Hives with a + or - next to each one. You can click the + to expand the
tree underneath that Hive revealing Keys and Subkeys. You would keep navigating the Subkeys
until you reach the desired location and then click on it once to highlight it. Then you will see in
the right pane a listing of the values associated with that key.
In the screenshow below you will see an image of the Registry Editor where I have navigated to
the key:
HKEY_CURRENT_USER\Control Panel\Colors

Figure 1. Registry Editor

In Figure 1 above, the Hive that we are in is HKEY_CURRENT_USER. They Key is Control Panel
and the Subkey is Colors. The right hand portion shows all the Values contained in the subkey
Colors.
To modify a Value, you would double-click on the value name and a screen similar to Figure 2
below would appear.

http://www.bleepingcomputer.com/tutorials/tutorial74.html (4 of 8)5/13/2007 3:27:25 PM

Demystifying the Windows Registry

Figure 2: Modifying a Value

You then would type in the appropriate information into the Value data field and press the OK
button.
To delete values, instead of double-clicking on a value name you would right-click on the value
and then select Delete. This method can also be used to delete keys or subkeys. To add a value
you click on the Edit menu option and then select New and pick the appropriate type.
It is also possible to export and import Registry values into your Registry. To export a particular
Key or Subkey you would click once on the key you would like to export and then click on File and
then Export. Then select a directory and filename to export the Registry key to. Likewise, you can
also Import keys into the Registry by clicking on Import and then selecting the file that you had
exported previously.

Backing up the Registry

Viruses, Spyware, and other Malware can cause corruption and damage to the Registry. With this
in mind, it is important to backup your registry so that you know you have a clean copy stored
safely on your hard drive in case of an emergency. Below we have outlined the steps to backup
and restore your Registry under the various versions of Windows.
Backing Up the Windows 95 Registry
1. Reboot your computer and when you see "Starting Windows 95" press the F8 key. Then
choose Safe Mode Command Prompt Only from the startup menu and press enter.
2. At the command prompt type the following lines, pressing ENTER on your keyboard after
each line:
3. cd \windows
attrib -r -h -s system.dat
attrib -r -h -s user.dat
copy system.dat *.bak
copy user.dat *.bak
WARNING: These steps make the assumption that you do not have any files named system.
bak or user.bak. If you do have files with these names, change the extension in the steps
above to something else.
4. Restart your computer.
Restoring the Windows 95 Registry
1. Reboot your computer and when you see "Starting Windows 95" press the F8 key. Then
choose Safe Mode Command Prompt Only from the startup menu and press enter.

http://www.bleepingcomputer.com/tutorials/tutorial74.html (5 of 8)5/13/2007 3:27:25 PM

Demystifying the Windows Registry

2. At the command prompt type the following lines, pressing ENTER on your keyboard after
each line:
cd windows
attrib -r -h -s system.dat
attrib -r -h -s system.da0
attrib -r -h -s user.dat
attrib -r -h -s user.da0
ren system.dat system.daa
ren system.da0 system.da1
ren user.dat user.daa
ren user.da0 user.da1
copy system.bak system.dat
copy user.bak user.dat
WARNING : This will restore the previous backup that you had made. If you had chosen an
extension other than .bak when you had backed up the Registry previously, then substitute
that extension above.
3. Restart your computer.
Backing Up the Windows 98/ME Registry
1. Click the Start button, then click Run.
2. Type scanregw in the field and press the OK button.
3. When the program has finished scanning the Registry for errors it will ask if you would like
to back up the Registry.
4. Click the Yes prompt and the program will create the backup.
5. When it is completed, press the OK button.
Restoring the Windows 98/ME Registry
1. For Win98, reboot your computer and press and hold the CTRL button. Then choose Safe
Mode Command Prompt Only from the startup menu and press enter. For Windows ME,
start your computer with a startup disk and select Start Computer without CD-ROM
Support.
2. You will now be at a command prompt. Type c:\windows\command\scanreg /restore and
press enter on your keyboard. A screen will will appear with a list of the previous Registry
backups sorted by date. Using the arrow keys, select the Registry backup you would like to
restore and press enter. A known previously working Registry backup will have the word
Started next to the date.
3. Scanreg will now restore the Registry and check it for errors. When it is done you will
receive confirmation and you should now press enter to reboot your computer. If you had
booted your computer with a floppy, please remove the floppy first before rebooting.
Backing Up the Windows XP/2000/2003 Registry
1. Click on Start, then All Programs, then Accessories, then System Tools, and then click on
Backup. If you do not see the Backup utility you will need to install it using your XP or
2003 CD.
2. When the program launches, if you are not in the wizard, select the Backup Wizard Option.
3. When the Wizard opens press the Next button.
4. Select "Only back up the System State Data". Keep pressing next until you see Finish.
5. Press the Finish button to start the Registry backup.
6. When it is completed you will see a report of the backup. You can then press the Close
button and then exit the program.
Restoring the Windows XP/2000/2003 Registry
Option 1:
1. Click on Start, then All Programs, then Accessories, then System Tools, and then click on

http://www.bleepingcomputer.com/tutorials/tutorial74.html (6 of 8)5/13/2007 3:27:25 PM

Demystifying the Windows Registry

2.
3.
4.
5.
6.

Backup. If you do not see the Backup utility you will need to install it using your XP or
2003 CD.
When the program launches, if you are not in the wizard, select the Backup Wizard Option.
When the Wizard opens press the Next button.
This screen will list all the known backups that were done previously. Select the System
State backup that you would like restored.
Press the next button and then the Finish button.
When it is completed you will see a report of the backup. You can then press the Close
button and then exit the program.

Option 2 (Only for XP and 2003):

1. Insert your Windows CD into your computer and reboot.
2. When it prompts you to "Press Any Key to Boot from CD", press any key.
3. When the screen appears that gives you the options to Setup, Repair or Quit, press R on
your keyboard to enter repair mode.
4. At the next screen select the installation of windows you would like to work on. For most
people there will be only one option.
5. When prompted enter your administrator password and press enter on your keyboard.
6. When you get the prompt, type cd repair to enter the directory where a Registry backups
is stored.
7. Type the following lines, pressing enter on your keyboard after each line:
copy
copy
copy
copy
copy

default c:\windows\system32\config
sam c:\windows\system32\config
security c:\windows\system32\config
software c:\windows\system32\config
system c:\windows\system32\config

NOTE: If it prompts you to overwrite the existing files, select Y for yes.
8. When you are finished, type exit and press enter.
9. Remove your Windows CD and reboot.

Conclusion
Understanding and knowing how to backup the Registry is an important part of keeping your
computer secure and running efficiently. It must be stressed that modifying any portion of the
Registry should be done with the utmost care as incorrect usage of the Registry could make your
computer inoperable.
As always if you have any comments, questions or suggestions about this tutorial please do not
hesitate to tell us in the computer help forums.
-Lawrence Abrams
Bleeping Computer Microsoft Advanced Concepts Tutorial
BleepingComputer.com: Computer Support & Tutorials for the beginning computer user.

Add to del.icio.us!

Submit to reddit!

digg it!

Submit to My-Tuts!

Created:
This article is published and created for http://www.bleepingcomputer.com, otherwise known as Bleeping
Computer, and is covered by all copyright laws. All articles on this website are copyright 2003-2007 by
Bleeping Computer, LLC. All right reserved. Use of these articles is limited to viewing and printing for
personal use only. If you would like to use this material or portions of this material for other purposes you
must receive explicit permission from Bleeping Computer before reprinting or redistributing this article in any
medium.

http://www.bleepingcomputer.com/tutorials/tutorial74.html (7 of 8)5/13/2007 3:27:25 PM

Demystifying the Windows Registry

We have a total of (115) Tutorials in our Database & (6,511,270) Total Views

Category Jump

Advertise

About Us

Discussion Forums

Terms of Use

The Computer Glossary

Privacy Policy | Contact Us

Chat | Tutorials
|

Support Bleeping Computer

Resources | Spyware/HJ Detector

Database

RSS Feeds

The HP ProLiant DL360 G5 server

Pinpoint problems earlier with Systems Insight Manager softwareand manage multiple operating systems with
one simple interface.

http://www.bleepingcomputer.com/tutorials/tutorial74.html (8 of 8)5/13/2007 3:27:25 PM

Site Map

Startups

2003-2007 All Rights Reserved Bleeping Computer LLC.

www.hp.com

The File