What is Windows Registry? ( Basic level )
Dear friends,
Today we will learn about the Windows registry.
I would define Registry as a Database ( A database that stores all the low level settings information about the Operating system / Drivers / Hardware / Services and Security in a Computer. ) Lets keep it this simple!
Each of the trees under Computer is a key. ( see below image )
The HKEY_LOCAL_MACHINE key has the following subkeys: HARDWARE, SAM, SECURITY, SOFTWARE, and SYSTEM.
Each of these keys in turn has subkeys. For example, the HARDWARE key has the subkeys DESCRIPTION, DEVICEMAP, and RESOURCEMAP; the DEVICEMAP key has several subkeys and follows on.
Now, lets learn in details about the Hives / keys and Sub keys
It is very important that we know, What is the significance and importance of these, that we will learn now.
For now just keep it very clear... Registry is a Database ( and ) assume these folders are different tables in a Database. With this clarity in mind, lets begin to know more.
HKEY_CLASSES_ROOT :
HKEY_CLASSES_ROOT, often shortened as HKCR, contains file extension association information, as well as a programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data.
To further simplify it : the HKEY_CLASSES_ROOT registry hive contains the necessary information for Windows to know what to do when a user ask it to perform an action, like to view the contents of a drive, or open a certain type of file, etc.
HKEY_CURRENT_USER :
HKEY_CURRENT_USER, often abbreviated as HKCU, is a major part of the Windows Registry. It contains configuration information for Windows and software that is very specific to the currently logged in user.
For example, various registry values in various registry keys control user-level settings like the installed printers, desktop wallpaper, display settings, environment variables, keyboard layout, mapped network drives, and more.
Many of the settings you configure within various applets in the Control Panel are stored in this registry hive.
HKEY_LOCAL_MACHINE :
HKEY_LOCAL_MACHINE : often shortened as HKLM.
Registry entries subordinate to this key define the physical state of the computer, including data about the bus type, system memory, and installed hardware and software.
It contains subkeys that hold current configuration data, including Plug and Play information , it also contains a complete list of all hardware that has ever been on the system, network logon preferences, network security information, software-related information (such as server names and the location of the server), and other system information.
HKEY_USERS :
HKEY_USER, often shortened as HKU.
Registry entries relevance to this key define the user configuration of the computer.
This key will have all the information for all the new/previous users on the local computer and the user configuration for the current user.
HKEY_CURRENT_CONFIG :
HKEY_CURRENT_CONFIG, often abbreviated as HKCC, Contains information about the current hardware profile of the local computer system.
The information under HKEY_CURRENT_CONFIG describes only the differences between the current hardware configuration and the standard configuration.
Information about the standard hardware configuration is stored under the Software and System keys of HKEY_LOCAL_MACHINE.
HKEY_CURRENT_CONFIG is an alias for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current.
Editing the Registry :
There are many methods that we can edit the registry.
But most of the time, we just use the regedit.exe utility to make changes, which can be launched from the start menu search or run box.
(Hit Win+R, type : regedit.exe, then hit Enter and its there!)
Once we open up the editor, we get a tree view of keys on the left-hand side, and the values on the right.
The most important thing you want to do when editing the registry is to export the entire key before you make changes. See below image:
The exported key is saved in .reg format.
What Are These .reg Files?
These files are nothing more than simple text files that contain instructions for the regedit utility to add, change, or remove keys in the registry without any accidental typos that cause your system to crash.
The recommendation is that before you apply any of these files, you first open them up in a text editor to see what they really contain, but in general, applying a .reg file is a lot safer and easier than manually making registry edits, provided you trust the source.
How Is the Registry Stored, and How Do I Back it Up?
Even though the registry is supposed to be one consolidated place to store everything on your system, it's not stored in a single file—all of the system hives other than HKEY_CURRENT_USER are stored under %SystemRoot%\System32\Config, and the rest are stored in the %SystemRoot%\Profiles\Username folder.
The recommended process for backing up your registry is simply creating a System Restore point, but most of the popular backup software packages should be able to backup and restore the registry.
Today we will learn about the Windows registry.
I would define Registry as a Database ( A database that stores all the low level settings information about the Operating system / Drivers / Hardware / Services and Security in a Computer. ) Lets keep it this simple!
Each of the trees under Computer is a key. ( see below image )
The HKEY_LOCAL_MACHINE key has the following subkeys: HARDWARE, SAM, SECURITY, SOFTWARE, and SYSTEM.
Each of these keys in turn has subkeys. For example, the HARDWARE key has the subkeys DESCRIPTION, DEVICEMAP, and RESOURCEMAP; the DEVICEMAP key has several subkeys and follows on.
Now, lets learn in details about the Hives / keys and Sub keys
It is very important that we know, What is the significance and importance of these, that we will learn now.
For now just keep it very clear... Registry is a Database ( and ) assume these folders are different tables in a Database. With this clarity in mind, lets begin to know more.
HKEY_CLASSES_ROOT :
HKEY_CLASSES_ROOT, often shortened as HKCR, contains file extension association information, as well as a programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data.
To further simplify it : the HKEY_CLASSES_ROOT registry hive contains the necessary information for Windows to know what to do when a user ask it to perform an action, like to view the contents of a drive, or open a certain type of file, etc.
HKEY_CURRENT_USER :
HKEY_CURRENT_USER, often abbreviated as HKCU, is a major part of the Windows Registry. It contains configuration information for Windows and software that is very specific to the currently logged in user.
For example, various registry values in various registry keys control user-level settings like the installed printers, desktop wallpaper, display settings, environment variables, keyboard layout, mapped network drives, and more.
Many of the settings you configure within various applets in the Control Panel are stored in this registry hive.
HKEY_LOCAL_MACHINE :
HKEY_LOCAL_MACHINE : often shortened as HKLM.
Registry entries subordinate to this key define the physical state of the computer, including data about the bus type, system memory, and installed hardware and software.
It contains subkeys that hold current configuration data, including Plug and Play information , it also contains a complete list of all hardware that has ever been on the system, network logon preferences, network security information, software-related information (such as server names and the location of the server), and other system information.
HKEY_USERS :
HKEY_USER, often shortened as HKU.
Registry entries relevance to this key define the user configuration of the computer.
This key will have all the information for all the new/previous users on the local computer and the user configuration for the current user.
HKEY_CURRENT_CONFIG :
HKEY_CURRENT_CONFIG, often abbreviated as HKCC, Contains information about the current hardware profile of the local computer system.
The information under HKEY_CURRENT_CONFIG describes only the differences between the current hardware configuration and the standard configuration.
Information about the standard hardware configuration is stored under the Software and System keys of HKEY_LOCAL_MACHINE.
HKEY_CURRENT_CONFIG is an alias for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current.
Editing the Registry :
There are many methods that we can edit the registry.
But most of the time, we just use the regedit.exe utility to make changes, which can be launched from the start menu search or run box.
(Hit Win+R, type : regedit.exe, then hit Enter and its there!)
Once we open up the editor, we get a tree view of keys on the left-hand side, and the values on the right.
The most important thing you want to do when editing the registry is to export the entire key before you make changes. See below image:
The exported key is saved in .reg format.
What Are These .reg Files?
These files are nothing more than simple text files that contain instructions for the regedit utility to add, change, or remove keys in the registry without any accidental typos that cause your system to crash.
The recommendation is that before you apply any of these files, you first open them up in a text editor to see what they really contain, but in general, applying a .reg file is a lot safer and easier than manually making registry edits, provided you trust the source.
How Is the Registry Stored, and How Do I Back it Up?
Even though the registry is supposed to be one consolidated place to store everything on your system, it's not stored in a single file—all of the system hives other than HKEY_CURRENT_USER are stored under %SystemRoot%\System32\Config, and the rest are stored in the %SystemRoot%\Profiles\Username folder.
The recommended process for backing up your registry is simply creating a System Restore point, but most of the popular backup software packages should be able to backup and restore the registry.
Thank you for reading!
-Omair Sharif.
-Omair Sharif.
If you have any questions, please put in the comments box below and submit, I will response at the earliest. Thank you again.
Comments
Post a Comment