The Registry: Basics
We received excellent feedback from our last article Shortcuts and Time Savers and look forward to your continuedinput.
While periodically issuing Tips & Tricks collections,we will mainly provide single-subject articles which have been found to be more useful by our readership.
In this issue we will tackle what may be the most mysterious partof Windows NT the registry.
Handling the Registry (With Care!)
The registry is a unified database containing most of the informationabout your hardware, the installed software and the settings for their use, set up in a tree-shaped hierarchy.You can view and edit the contents using regedit.exe or regedt32.exe , but many changes can also bemade using the existing administrative tools such as Control Panel. It is better to use the administrative tools,whenever possible, as they will store the changes correctly. You can easily make a mistake while using the registryeditors, and they will not warn you.
|
Caution: Editing the registry can be extremely dangerous and candisrupt your system to the point where your only option is to re-install Windows NT. |
Even if you know exactly what you are doing and are completely certainwhat the results will be, it is good policy always to back up your registry before making any changes. If you observeall precautions and dont "experiment" the registry may become one of your favorite tuning tools.
The Windows NT Resource Kits contain the programs regback.exe and regrest.exe . Use these to back up and restore the registry.
Regedit.exe has a more sophisticated search capability than regedt32.exe , but cannot be used to enter all of the value types that the registry supports. It is oftenmore efficient to use regedit.exe to find values in the registry, then switch to regedt32.exe tomake changes. There is also a read-only switch in regedt32.exe which I strongly recommend you use. In regedt32.exe ,click Options on the Menu Bar, then click Read Only Mode if it is not checked. As long as this is set, no changesyou make will be saved. If you try to make a change, you will be notified that Registry Editor is operating inRead Only mode.
A Brief Description
Each sub-tree, or set of keys, sub-keys and values, is called a "hive".Within each hive there are keys, which may have sub-keys, and sub-sub-keys, and so on. At the lowest level thereis a value entry comprising a name, a type, and the value. For example, one value entry has the name "SecondLevelDataCache",the type "REG_DWORD", and the value "0" (by default).
Each hive is rooted at the top of the registry hierarchy, and mostare backed by a main file, a save file and a log file in the folder %systemroot%\system32\config; HKEY_LOCAL_MACHINE\HARDWAREhas no files, and HKEY_CURRENT_USER stores its files in %systemroot%\Profiles\<username>, where <username>is the name of the current user. The main file has no extension, the others have the extensions .SAV and .LOG.The hives and their files are:
HKEY_LOCAL_MACHINE - This has information about the local machine.It contains five hives:
HKEY_LOCAL_MACHINE\HARDWARE - Contains information about your hardware,including cards in expansion slots, connections through ports, and the related interrupts. This data is determinedand stored on boot-up, so it is not saved in any files. You should never need to edit any data here, and probablycouldnt understand much of it because it is in binary format. If you do happen to change something, dont worryabout it; just reboot and the correct data will be determined.
HKEY_LOCAL_MACHINE\SAM - Security Accounts Manager, containing useraccount names and passwords and security settings. You should never need to change anything here, as it is maintainedon Workstations via User Manager, or on Servers by User Manager For Domains. Files : Sam, Sam.sav and Sam.log
HKEY_LOCAL_MACHINE\SECURITY - Contains the security information forthe local machine. This is also maintained via User Manager. Files: Security, Security.sav and Security.log
HKEY_LOCAL_MACHINE\SOFTWARE - When you install an application or package,its configuration is stored here under the manufacturers name. For example, when you install Executive SoftwareNetwork Undelete, a sub-key \Executive Software is created, with an \Undelete sub-key within it. If you then installthe Diskeeper defragmenter, a \Diskeeper sub-key will be created within \Executive Software. There is also a sub-keycalled \Classes which lists all file extensions. Files: software, software.sav and software.log
HKEY_LOCAL_MACHINE\SYSTEM - This is probably the most useful as wellas the most dangerous hive, because it contains the startup data that cannot be calculated during startup. Thisdata is stored in ControlSet sub-trees. One of these, CurrentControlSet, is actually a link to one of the others(ControlSet001, ControlSet002, etc.) which contains the data set currently in use. This data is normally modifiedvia utilities in Control Panel. Files: system, system.sav and system.log . There is also system.alt ,a backup of the system hive that makes it possible to undo changes that had unexpected side-effects.
HKEY_CLASSES_ROOT - Points to a child of HKEY_LOCAL_MACHINE, at \SOFTWARE\Classes.It contains the Object Linking and Embedding (OLE) and file-class association data.
HKEY_CURRENT_CONFIG - Points to a subset of CurrentControlSet (asdescribed above), containing the current configuration. It is thus stored in \System (the same files as for HKEY_LOCAL_MACHINE\System).
HKEY_USERS - This contains the user profiles of all users currentlyloaded on the system. File names: default, default.sav and default.log
HKEY_CURRENT_USER - Points to a child of HKEY_USERS, being the userwho is currently logged on. File names: ntuser.dat and ntuser.dat.log
Things to Come
The registry is too large a subject to adequately cover in just acouple of sittings, so well be covering it, in depth, one piece at a time. The next article will cover the ControlSets, explaining what each one is and how they interact, and how to safely work with them. Please remember thewarnings in this article: You can wipe out your system by careless altering of the registry, but, if you observeall precautions and dont "experiment", the registry may become one of your favorite tuning tools.
If you have any comments about this article orany requests for new technical articles e-mail
Executive Software Europe
