Demystifying The Windows Registry
Demystifying The Windows Registry
Blogs
Chat
Search
Search Forums
RSS
Help
Advanced Search
Search with Google
Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups or other malware infecting your computer? If so, Start Here!
Are you having trouble using this site? Then you should visit the New User Orientation Center!
Bleeping Computer -> Tutorials -> Advanced Microsoft Topics -> Demystifying the Windows Registry
Search
(Views: 74,653)
Tell a friend
Print Tutorial
Add to del.icio.us!
Submit to reddit!
digg it!
Submit to My-Tuts!
Sponsors
Introduction
The Registry
Editing the Registry
Backing Up the Registry
Conclusion
Introduction
Antivirus
Purchase Premiere
Anti Spyware
software from
Kaspersky
Help Desk
Software
Help desk software
from Parature - the
best solution for
your company
Ever since Windows 95, the Windows operating system has been using a centralized hierarchical
database to store system settings, hardware configurations, and user preferences. This database
is called the Windows Registry or more commonly known as the Registry. When new hardware is
installed in the computer, a user changes a settings such as their desktop background, or a new
software is installed, this information is stored in the registry. The operating system then
continually references this information during its operation. Though understanding the Registry
will provide good knowledge into the inner workings of your computer, it is important to take
extreme care when working with the Registry as modifying it incorrectly can cause problems with
the use of your operating system.
The Registry
Overview
The registry is a key component of the Windows operating system. It is so important, that
without it, Windows would not even run. When a new piece of hardware or software is installed in
Windows, it stores its configuration into the Registry. This allows Windows to retrieve that
information at later dates such as when it is starting up. As Windows starts it will read the
configuration in the registry and know what drivers need to be loaded, what settings to be
applied, and what resources need to be allocated in order for this equipment to work. Because
this information is stored in the Registry on your hard drive, Windows has this information
available each time it boots up.
The registry, though, is not only for operating system settings. User preferences and application
settings are stored in the Registry as well. When you change your desktop background or screen
saver, these details are stored in the Registry. Now when you shutdown Windows and start it up
again at a later date, your preferences are available and loaded automatically. Application
settings such as what directory you would like to download files to or what your default font is in
a word processor are stored here as well. As you can see the Registry contains information that is
not only vital to the use of the operating system, but also essential in allowing you to customize
Windows to your particular tastes.
Structure of the Registry
The Registry is a hierarchical structure similar to what you see when looking at a directory/file
tree on your computer. You have a main key, or Hive, with Keys, Subkeys and then Values. Each
of these are discussed below:
Hives - Hives are the top most portions of the hierarchical data tree with each Hive containing a
certain category of information. For example one Hive may contain the configuration that applies
to the particular user logged on, while another Hive will contain information about the hardware
installed in the computer. Depending on the version Windows that you are running there will be 5
or 6 different hives. Below we have outlined the 6 possible hives:
HKEY_CURRENT_USER (HKCU) This Hive contains the preferences and configuration for the particular user who is currently
logged in. If a different user is logged onto the same machine, then the information in this
Hive would change corresponding to that particular user's configuration.
HKEY_LOCAL_MACHINE (HKLM) This Hive contains the configuration for the actual computer. The information in this Hive
remains the same regardless of the user currently logged on.
HKEY_CLASSES_ROOT (HKCR) This Hive contains the information for that pertains to the core user interface such as file
associations and shortcuts.
HKEY_USERS (HKU) This Hive contains the user information for all the users that have ever logged onto this
computer.
Web
Search
BC
HKEY_CURRENT_CONFIG (HKCC) This Hive contains the information about current hardware configuration. This Hive is linked
to the HKLM Hive.
HKEY_DYN_DATA (HKDD) This Hive is found only on Windows 95/98/ME. It contains information about hardware Plug
and Play. This Hive is linked to the HKLM Hive.
Keys - Keys are an organizational unit in the Registry. Keys are containers that can either
contain values or further subkeys. Subkeys themselves, can contain further subkeys. Keys are
similar to folders in that they can contain further subkeys or the file, or what we call values in the
Registry.
Values - Values contain the actual data that is being stored in a Key or a Subkey. There are quite
a few different types of values that can be stored in the Registry, but the most common that you
will see are binary, strings, and DWORD values.
When visualizing the Registry you should look at the Hives, Keys, and Subkeys as the path that
you will need to navigate in order to reach the final stored information which is the Value.
An example Registry key can be seen below. This Registry key controls what your initial start
page will be when using Internet Explorer.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
When we break this Key down to its components we can see the following:
HKEY_CURRENT_USER is the Hive that this key is associated with.
Software is a Key
Microsoft - This is a Subkey
Internet Explorer - This is a Subkey
Main - This is a Subkey
Start Page - This is the Value that the actual data is stored in. For this particular Value, the data
will be the start page that you want Internet Explorer to use.
Where the Registry is stored
The Registry itself is stored on your computer in certain files. Below we detail what files and their
locations are used to store the Registry based upon the particular version of Windows.
For Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, the Registry files
are stored in the following directories:
Systemroot\System32\Config
Systemroot\Profiles\Username
The names for the registry files are:
Sam, Sam.log, Sam.sav
Security, Security.log, Security.sav
Software, Software.log, Software.sav
System, System.alt, System.log, System.sav
System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log
Default, Default.log, Default.sav
For Windows 98, the registry files are named User.dat and System.dat and are stored in the C:
\Windows directory.
For Windows Millennium Edition, the registry files are named Classes.dat, User.dat, and System.
dat and are stored in the C:\Windows directory.
You then would type in the appropriate information into the Value data field and press the OK
button.
To delete values, instead of double-clicking on a value name you would right-click on the value
and then select Delete. This method can also be used to delete keys or subkeys. To add a value
you click on the Edit menu option and then select New and pick the appropriate type.
It is also possible to export and import Registry values into your Registry. To export a particular
Key or Subkey you would click once on the key you would like to export and then click on File and
then Export. Then select a directory and filename to export the Registry key to. Likewise, you can
also Import keys into the Registry by clicking on Import and then selecting the file that you had
exported previously.
2. At the command prompt type the following lines, pressing ENTER on your keyboard after
each line:
cd windows
attrib -r -h -s system.dat
attrib -r -h -s system.da0
attrib -r -h -s user.dat
attrib -r -h -s user.da0
ren system.dat system.daa
ren system.da0 system.da1
ren user.dat user.daa
ren user.da0 user.da1
copy system.bak system.dat
copy user.bak user.dat
WARNING : This will restore the previous backup that you had made. If you had chosen an
extension other than .bak when you had backed up the Registry previously, then substitute
that extension above.
3. Restart your computer.
Backing Up the Windows 98/ME Registry
1. Click the Start button, then click Run.
2. Type scanregw in the field and press the OK button.
3. When the program has finished scanning the Registry for errors it will ask if you would like
to back up the Registry.
4. Click the Yes prompt and the program will create the backup.
5. When it is completed, press the OK button.
Restoring the Windows 98/ME Registry
1. For Win98, reboot your computer and press and hold the CTRL button. Then choose Safe
Mode Command Prompt Only from the startup menu and press enter. For Windows ME,
start your computer with a startup disk and select Start Computer without CD-ROM
Support.
2. You will now be at a command prompt. Type c:\windows\command\scanreg /restore and
press enter on your keyboard. A screen will will appear with a list of the previous Registry
backups sorted by date. Using the arrow keys, select the Registry backup you would like to
restore and press enter. A known previously working Registry backup will have the word
Started next to the date.
3. Scanreg will now restore the Registry and check it for errors. When it is done you will
receive confirmation and you should now press enter to reboot your computer. If you had
booted your computer with a floppy, please remove the floppy first before rebooting.
Backing Up the Windows XP/2000/2003 Registry
1. Click on Start, then All Programs, then Accessories, then System Tools, and then click on
Backup. If you do not see the Backup utility you will need to install it using your XP or
2003 CD.
2. When the program launches, if you are not in the wizard, select the Backup Wizard Option.
3. When the Wizard opens press the Next button.
4. Select "Only back up the System State Data". Keep pressing next until you see Finish.
5. Press the Finish button to start the Registry backup.
6. When it is completed you will see a report of the backup. You can then press the Close
button and then exit the program.
Restoring the Windows XP/2000/2003 Registry
Option 1:
1. Click on Start, then All Programs, then Accessories, then System Tools, and then click on
2.
3.
4.
5.
6.
Backup. If you do not see the Backup utility you will need to install it using your XP or
2003 CD.
When the program launches, if you are not in the wizard, select the Backup Wizard Option.
When the Wizard opens press the Next button.
This screen will list all the known backups that were done previously. Select the System
State backup that you would like restored.
Press the next button and then the Finish button.
When it is completed you will see a report of the backup. You can then press the Close
button and then exit the program.
default c:\windows\system32\config
sam c:\windows\system32\config
security c:\windows\system32\config
software c:\windows\system32\config
system c:\windows\system32\config
NOTE: If it prompts you to overwrite the existing files, select Y for yes.
8. When you are finished, type exit and press enter.
9. Remove your Windows CD and reboot.
Conclusion
Understanding and knowing how to backup the Registry is an important part of keeping your
computer secure and running efficiently. It must be stressed that modifying any portion of the
Registry should be done with the utmost care as incorrect usage of the Registry could make your
computer inoperable.
As always if you have any comments, questions or suggestions about this tutorial please do not
hesitate to tell us in the computer help forums.
-Lawrence Abrams
Bleeping Computer Microsoft Advanced Concepts Tutorial
BleepingComputer.com: Computer Support & Tutorials for the beginning computer user.
Add to del.icio.us!
Submit to reddit!
digg it!
Submit to My-Tuts!
Created:
This article is published and created for http://www.bleepingcomputer.com, otherwise known as Bleeping
Computer, and is covered by all copyright laws. All articles on this website are copyright 2003-2007 by
Bleeping Computer, LLC. All right reserved. Use of these articles is limited to viewing and printing for
personal use only. If you would like to use this material or portions of this material for other purposes you
must receive explicit permission from Bleeping Computer before reprinting or redistributing this article in any
medium.
We have a total of (115) Tutorials in our Database & (6,511,270) Total Views
Category Jump
Advertise
About Us
Discussion Forums
Terms of Use
RSS Feeds
Site Map
Startups
www.hp.com
The File