Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
Windows 7

Using Advanced System Management Tools : Editing the Registry (part 1)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/18/2011 6:08:29 PM
Windows 7 is designed in such a way that direct registry edits by end users are generally unnecessary. When you change some detail about your system's configuration using Control Panel, Control Panel writes the necessary updates to the registry for you, and you needn't be concerned with how it happens. When you install a new piece of hardware or a new program, a myriad of registry modifications take place; again, you don't need to know the details. On the other hand, because the designers of Windows couldn't provide a user interface for every conceivable customization you might want to make, sometimes working directly with the registry is the only way to get a job done. And sometimes, even when it's not the only way, it might be the fastest way. Windows includes a registry editor that you should know how to use—safely. This section tells you how.

1. Understanding the Structure of the Registry

Before you begin browsing or editing the registry, it's good to know a bit about how this database is built. Figure 1 shows a portion of a system's registry, as seen through Registry Editor, the registry editor supplied with Windows 7. As shown in the figure, the registry consists of the following five root keys: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_ LOCAL_MACHINE, HKEY_USERS, and HKEY_CURRENT_CONFIG. For simplicity's sake and typographical convenience, this book, like many others, abbreviates the root key names as HKCR, HKCU, HKLM, HKU, and HKCC, respectively.

Root keys, sometimes called predefined keys, contain subkeys. Registry Editor displays this structure as an outline. In Figure 1, for example, HKCU has been opened to show the top-level subkeys: AppEvents, Console, Control Panel, Environment, EUDC, Identities, Keyboard Layout, Network, Printers, Software, System, and Volatile Environment. A root key and its subkeys can be described as a path, like this: HKCU\Console. Root keys and their subkeys appear in the left pane in Registry Editor.

Figure 1. The registry consists of five root keys, each of which contains many subkeys.


The registry is the work of many hands, and capitalization and word spacing are not always consistent. With readability as our goal, we have made our own capitalization decisions for this book, and our treatment of names frequently differs from what you see in Registry Editor. No matter. Capitalization is irrelevant. Spelling and spacing must be correct, however.

Subkeys, which we call keys for short, can contain subkeys of their own. Whether they do or not, they always contain at least one value. In Registry Editor, that obligatory value is known as the default value. Many keys have additional values. The names, data types, and data associated with values appear in the right pane. As Figure 22-19 shows, the HKCU\Console key has many values—ColorTable00, ColorTable01, and so on.

The default value for many keys—including HKCU\Console—is not defined. You can therefore think of an empty default value as a placeholder—a slot that could hold data but currently does not.

All values other than the default always include the following three components: name, data type, and data. As Figure 1 shows, the ColorTable00 value of HKCU\Console is of data type REG_DWORD. The data associated with this value (on the system used for this figure) is 0x00000000. (The prefix 0x denotes a hexadecimal value. Registry Editor displays the decimal equivalent of hexadecimal values in parentheses after the value.)

A key with all its subkeys and values is commonly called a hive. The registry is stored on disk as several separate hive files. The appropriate hive files are read into memory when the operating system starts (or when a new user logs on) and assembled into the registry. You can see where the hives of your system physically live by examining the values associated with HKLM\System\CurrentControlSet\Control\HiveList. Figure 2 shows the HiveList key for one of the systems used for this book.

Figure 2. You can find the names and locations of the files that make up your registry in HKLM\System\CurrentControlSet\Control\HiveList.

Notice that one hive, \Registry\Machine\Hardware, has no associated disk file. This hive, which records your hardware configuration, is completely volatile; that is, Windows 7 creates it anew each time you turn your system on. Notice also the path specifications for the remaining hive files. Windows assigns drive letters after assembling the registry, so these paths do not specify drive letters.

Two predefined keys—HKCR and HKCU—are not shown in the HiveList key at all. Like the file system in Windows—which uses junctions, symlinks, and other trickery to display a virtual namespace—the registry uses a bit of misdirection (implemented with the REG_LINK data type) to create these keys. Both are representations of keys actually stored within HKLM and HKU:

  • HKCR is merged from keys within HKLM\Software\Classes and HKU\sid_Classes (where sid is the security identifier of the currently logged-on user).

  • HKCU is a view into HKU\sid.

You can view or edit the registry's actual locations or its virtual keys; the results are identical. The HKCR and HKCU keys are generally more convenient to use.

2. Registry Data Types

The registry uses the following data types:

  • REG_SZ The SZ indicates a zero-terminated string. This is a variable-length string that can contain Unicode as well as ANSI characters. When you enter or edit a REG_SZ value, Registry Editor terminates the value with a 00 byte for you.

  • REG_BINARY The REG_BINARY type contains binary data—0s and 1s.

  • REG_DWORD This data type is a "double word"—that is, a 32-bit numeric value. Although it can hold any integer from 0 to 232, the registry often uses it for simple Boolean values (0 or 1) because the registry lacks a Boolean data type.

  • REG_QWORD This data type is a "quadruple word"—a 64-bit numeric value.

  • REG_MULTI_SZ This data type contains a group of zero-terminated strings assigned to a single value.

  • REG_EXPAND_SZ This data type is a zero-terminated string containing an unexpanded reference to an environment variable, such as %SystemRoot%. If you need to create a key containing a variable name, use this data type, not REG_SZ.

Internally, the registry also uses REG_LINK, REG_FULL_RESOURCE_DESCRIPTOR, REG_ RESOURCE_LIST, REG_RESOURCE_REQUIREMENTS_LIST, and REG_NONE data types. Although you might occasionally see references in technical documentation to these data types, they're not visible or accessible in Registry Editor.

3. Registry Virtualization

One of the key elements of security in Windows 7 is that it prevents applications running under a standard user's token from writing to system folders in the file system and to machine-wide keys in the registry, while at the same time enabling users with a standard account to run applications without running into "access denied" roadblocks. Many applications that require administrator-level access are still in use in Windows 7, but standard users can run them without hassle. That's because in Windows 7, UAC uses registry virtualization to redirect attempts to write to subkeys of HKLM\Software. (Settings in HKLM apply to all users of the computer, and therefore only administrators have write permission.) When an application attempts to write to this hive, Windows writes instead to a per-user location, HKCR\VirtualStore\Machine\Software. Like file virtualization, this is done transparently; the application (and all but the most curious users) never know this is going on behind the scenes.


When an application requests information from HKLM\Software, Windows looks first in the virtualized key if it exists. Therefore, if a value exists in both the VirtualStore hive and in HKLM, the application sees only the one in VirtualStore.

Note that, because the virtualized data is stored in a per-user section of the registry, settings made by one user do not affect other users. Running the same application in Windows XP, which doesn't use virtualization and therefore looks only at the actual HKLM hive, presents all users with the same settings. This can lead to confusion by users who are accustomed to sharing an application in Windows XP and find that it works differently in Windows 7.

Inside Out: Copy virtualized registry entries to other user accounts

The hive that stores virtualized registry data, HKCR\VirtualStore\Machine\Software, can also be found in HKU\sid_Classes\VirtualStore\Machine\Software, where sid is the security identifier of the user who is currently logged on. If you want to make sure that a certain application works identically for a different user, you can copy that application's subkey to the corresponding HKU subkey for the other user.

4. Avoiding Registry Mishaps

The primary tool in Windows 7 for working directly with the registry is Registry Editor. You won't find it anywhere on the Start menu, however, and it doesn't show up in the Start menu search box when you type its name; you must use the name of its executable file, Regedit.exe. To start Registry Editor, at a command prompt, type regedit.

The two most important things to know about Registry Editor are that it copies your changes immediately into the registry and that it has no Undo command. Registry Editor doesn't wait for you to issue a File, Save command (it has no such command) before making changes in the registry files. And after you have altered some bit of registry data, the original data is gone forever—unless you remember it and restore it yourself or unless you have some form of backup that you can restore. Registry Editor is therefore a tool to be used sparingly and soberly; it should not be left open when not in use.

So that you can recover from ill-advised edits to the registry, before you make any changes you should back up the registry using one or both of these methods:

  • Use the Export command in Registry Editor to back up the branch of the registry where you plan to work.

  • Use System Restore to set a restore point.

Other -----------------
- Using Advanced System Management Tools : Managing Services
- Using the Windows 7 Task Scheduler (part 2) - Creating a Task
- Using the Windows 7 Task Scheduler (part 1)
- Using Microsoft Management Console (part 2) - Creating Your Own MMC Consoles
- Using Microsoft Management Console (part 1)
- Using Advanced System Management Tools : Finding and Decoding Information in System Information
- Using Advanced System Management Tools : Viewing System Information
- Security Essentials - Preventing Unsafe Actions with User Account Control
- Security Essentials - Stopping Spyware with Windows Defender
- Security Essentials - Blocking Viruses and Worms with an Antivirus Program
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Windows Vista
Windows 7
Windows Azure
Windows Server