Starting the Registry Editor
As you see a bit later, the
Registry’s files are binary files, so you can’t edit them directly.
Instead, you use a program called the Registry Editor, which enables you
to view, modify, add, and delete any Registry setting. It also has a
search feature to help you find settings and export and import features
that enable you to save settings to and from a text file.
To launch the Registry Editor, follow these steps:
1. | Log on to Windows Home Server.
|
2. | Select Start.
|
3. | In the Start menu Search box, type regedit.
|
4. | Press Enter.
|
Figure 1
shows the Registry Editor window that appears. (Your Registry Editor
window might look different if someone else has used the program
previously. Close all the open branches in the left pane to get the view
shown in Figure 18.1.)
Navigating the Registry
The
Registry Editor is reminiscent of Windows Explorer, and it works in
basically the same way. The left side of the Registry Editor window is
similar to Explorer’s Folders pane, except that rather than folders, you
see keys.
Caution
The Registry Editor is
arguably the most dangerous tool in the Windows Home Server arsenal. The
Registry is so crucial to the smooth functioning of Windows Home Server
that a single imprudent change to a Registry entry can bring your
system to its knees. Therefore, just because you have the Registry
Editor open, don’t start tweaking settings willy-nilly.
Navigating the Keys Pane
The Keys pane, like
Explorer’s Folders pane, is organized in a treelike hierarchy. The five
keys that are visible when you open the Registry Editor are special keys
called handles (which is why their names all begin with HKEY). These keys are collectively referred to as the Registry’s root keys.
All these keys contain
subkeys, which you can display by clicking the arrow to the left of each
key or by highlighting a key and pressing the plus-sign key on your
keyboard’s numeric keypad. To close a key, click the arrow, or highlight
the key and press the minus-sign key on the numeric keypad. Again, this
is just like navigating folders in Explorer.
You often have to drill down several levels to get to the key you want. For example, Figure 2 shows the Registry Editor after I’ve opened the HKEY_CURRENT_USER key, and then the Control Panel subkey, and then clicked the Keyboard
subkey. Notice how the status bar tells you the exact path to the
current key, and that this path is structured just like a folder path.
Tip
To see all the keys properly,
you likely will have to increase the size of the Keys pane. To do this,
use your mouse to click and drag the split bar to the right.
Alternatively, select View, Split, use the Right Arrow key to adjust the
split bar position, and then press Enter.
Understanding the Registry Settings
If the left side of the
Registry Editor window is analogous to Explorer’s Folders pane, the
right side is analogous to Explorer’s Contents pane. In this case, the
right side of the Registry Editor window displays the settings contained
in each key (so I’ll call it the Settings pane). The Settings pane is divided into three columns:
Name | This column tells you the name of each setting in the currently selected key (analogous to a filename in Explorer). |
Type | This column tells you the data type of the setting. There are six possible data types:
REG_SZ— This is a string value. REG_MULTI_SZ— This is a series of strings. REG_EXPAND_SZ—
This is a string value that contains an environment variable name that
gets “expanded” into the value of that variable. For example, the %SystemRoot%
environment variable holds the folder in which Windows Home Server was
installed. So, if you see a Registry setting that includes the value %SystemRoot%\System32\ (see Figure 18.3 for an example), and Windows Home Server is installed in C:\Windows, the setting’s expanded value is C:\Windows\System32\. REG_DWORD—
This is a double word value: a 32-bit hexadecimal value arranged as
eight digits. For example, 11 hex is 17 decimal, so this number would be
represented in DWORD form as 0x00000011 (17). (Why “double word”? A 32-bit value represents four bytes of data, and because a word in programming circles is defined as two bytes, a four-byte value is a double word.) REG_QWORD—
This is a quadruple word value: a 64-bit hexadecimal value arranged as
16 digits. Note that leading zeros are suppressed for the high 8 digits.
Therefore, 11 hex appears as 0x00000011 (17), and 100000000 hex appears
as 0x1000000000 (4294967296). REG_BINARY— This value is a series of hexadecimal digits.
|
Data | This column displays the value of each setting. |
Getting to Know the Registry’s Root Keys
The root keys are your
Registry starting points, so you need to become familiar with what kinds
of data each key holds. The next few sections summarize the contents of
each key.
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT—usually abbreviated as HKCR—contains
data related to file extensions and their associated programs, the
objects that exist in the Windows Home Server system, as well as
applications and their Automation information. There are also keys
related to shortcuts and other interface features.
The top part of this key contains subkeys for various file extensions. You see .bmp for BMP (Paint) files, .doc for DOC (Word or WordPad) files, and so on. In each of these subkeys, the Default setting tells you the name of the registered file type associated with the extension. For example, the .txt extension is associated with the txtfile file type.
These registered file types appear as subkeys later in the HKEY_CLASSES_ROOT branch, and the Registry keeps track of various settings for each registered file type. In particular, the shell subkey tells you the actions associated with this file type. For example, in the shell\open\command subkey, the Default setting shows the path for the executable file that opens. Figure 3 shows this subkey for the txtfile file type.
HKEY_CLASSES_ROOT is actually a copy (or an alias, as these copied keys are called) of the following HKEY_LOCAL_MACHINE key:
HKEY_LOCAL_MACHINE\Software\Classes
The Registry creates an alias for HKEY_CLASSES_ROOT to make these keys easier for applications to access and to improve compatibility with legacy programs.
HKEY_CURRENT_USER
HKEY_CURRENT_USER—usually abbreviated as HKCU—contains
data that applies to the user who’s currently logged on (which with
Windows Home Server is almost always the Administrator account). It
contains user-specific settings for Control Panel options, network
connections, applications, and more.
Here’s a summary of the most important HKEY_CURRENT_USER subkeys:
AppEvents | Contains sound files that play when particular system events occur (such as maximizing of a window). |
Control Panel | Contains settings related to certain Control Panel icons. |
Keyboard Layout | Contains the keyboard layout as selected via Control Panel’s Keyboard icon. |
Network | Contains settings related to mapped network drives. |
Software | Contains user-specific settings related to installed applications and Windows. |
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE (HKLM)
contains non–user-specific configuration data for your system’s
hardware and applications. This is by far the most important key, and
it’s where you’ll perform most of your Registry edits. You’ll use the
following subkeys most often:
Software | Contains computer-specific settings related to installed applications. The Classes subkey is aliased by HKEY_CLASSES_ROOT. The Microsoft subkey contains settings related to Windows (as well as any other Microsoft products you have installed on your computer). |
System | Contains subkeys and settings related to Windows startup. |
HKEY_USERS
HKEY_USERS (HKU) contains settings that are similar to those in HKEY_CURRENT_USER. HKEY_USERS is used to store the settings for users with group policies defined, as well as the default settings (in the .DEFAULT subkey) that are mapped to a new user’s profile.
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG (HKCC) contains settings for the current hardware profile. If your machine uses only one hardware profile, HKEY_CURRENT_CONFIG is an alias for HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001. If your machine uses multiple hardware profiles, HKEY_CURRENT_CONFIG is an alias for HKEY_LOCAL_MACHINE\SYSTEM\ControlSetnnn, where nnn is the numeric identifier of the current hardware profile. This identifier is given by the Current setting in the following key:
HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB
Understanding Hives and Registry Files
The Registry database actually consists of a number of files that contain a subset of the Registry called a hive.
A hive consists of one or more Registry keys, subkeys, and settings.
Each hive is supported by several files that use the extensions listed
in Table 1.
Table 1. Extensions Used by Hive-Supporting Files
Extension | File Contains |
---|
None | A complete copy of the hive data |
log1 | A log of the changes made to the hive data |
.log, .log2 | Files that are created during the Windows Home Server setup but remain unchanged as you work with the system |
Table 2 shows the supporting files for each hive. (Note that all these files might not appear on your system.)
Table 2. Supporting Files Used by Each Hive
Hive | Files |
---|
HKLM\BCD00000000 | %SystemRoot%\System32\config\BCD-Template |
HKLM\COMPONENTS | %SystemRoot%\System32\config\COMPONENTS %SystemRoot%\System32\config\COMPONENTS.LOG %SystemRoot%\System32\config\COMPONENTS.LOG1 %SystemRoot%\System32\config\COMPONENTS.LOG2
|
HKLM\SAM | %SystemRoot%\System32\config\SAM %SystemRoot%\System32\config\SAM.LOG %SystemRoot%\System32\config\SAM.LOG1 %SystemRoot%\System32\config\SAM.LOG2
|
HKLM\SECURITY | %SystemRoot%\System32\config\SECURITY %SystemRoot%\System32\config\SECURITY.LOG %SystemRoot%\System32\config\SECURITY.LOG1 %SystemRoot%\System32\config\SECURITY.LOG2
|
HKLM\SOFTWARE | %SystemRoot%\System32\config\SOFTWARE %SystemRoot%\System32\config\SOFTWARE.LOG %SystemRoot%\System32\config\SOFTWARE.LOG1 %SystemRoot%\System32\config\SOFTWARE.LOG2
|
HKLM\SYSTEM | %SystemRoot%\System32\config\SYSTEM %SystemRoot%\System32\config\SYSTEM.LOG %SystemRoot%\System32\config\SYSTEM.LOG1 %SystemRoot%\System32\config\SYSTEM.LOG2
|
HKU\.DEFAULT | %SystemRoot%\System32\config\DEFAULT %SystemRoot%\System32\config\DEFAULT.LOG %SystemRoot%\System32\config\DEFAULT.LOG1 %SystemRoot%\System32\config\DEFAULT.LOG2
|
Note
To see all these files, you
must display hidden files on your system. In Windows Explorer, select
Organize, Folder and Search Options, select the View tab, and then
activate the Show Hidden Files, Folder, and Drives option. While you’re
here, you can also deactivate the Hide Extensions for Known File Types
check box. Click OK.
Also, the Administrator account has its own hive, which maps to HKEY_CURRENT_USER during logon. The supporting files for each user hive are stored in C:\Users\Administrator. The NTUSER.DAT file contains the hive data, and the NTUSER.DAT.LOG1 file tracks the hive changes.
Note
To see the Administrator’s
hive files, you must display the protected operating system (OS) files
on your system. In Windows Explorer, select Organize, Folder and Search
Options, select the View tab, deactivate the Hide Protected Operating
System Files check box, click Yes when Windows Home Server asks you to
confirm, and then click OK.