Computer Resource

Registry Structure Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.

There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:

• HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface.
• HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings.
• HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
• HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch.
• HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
• HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.

Each registry value is stored as one of five main data types:

• REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
• REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as “0″ is disabled and “1″ is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.
• REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string “%SystemRoot%” will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
• REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
• REG_SZ - This type is a standard string, used to represent human readable text values.

Other data types not available through the standard registry editors include:

• REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format.
• REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format.
• REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type.
• REG_NONE - No defined value type.
• REG_QWORD - A 64-bit number.
• REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format.
• REG_RESOURCE_LIST - A device-driver resource list.

Using the Registry Editor - Regedit

Note: it is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It’s much better to be safe than sorry!

The Registry Editor (also called regedit) is not listed in the Start menu or in All Programs. The utility is a single file regedit.exe and is located in the Windows folder on XP systems. It is accessed by using the Run line. Enter “regedit” and the utility will open. In Vista the utility is opened by entering “regedit.exe” in the Start Search line The Run line can also be used in Vista (but is no longer necessarily on the Start menu). As to be expected, an administrator account is required.

Regedit is a two-pane interface with keys in the left pane (key pane) and value names with the corresponding data in the right pane (value pane). The setup is not unlike Windows Explorer with keys analogous to folders and values analogous to files. (The basics of Registry structure are discussed on another page.) Also listed in the right or value pane is the type of data contained in a value.

Regedit has some of the same menus that are so familiar throughout Windows. These can be seen near the top of Figure 1. Shown below are what two commonly used menus look like.

The File menu has the functions “Import” and “Export” that involve backup and restore. As you would expect, the “Edit” menu is where commands are located for making changes to the Registry. Keys and values can be deleted, added, or renamed. (Permission settings on keys can also be edited but that is an advanced subject beyond our scope.) Another two very useful functions are “Find…” and “Find Next”. The Registry has thousands of keys and these search functions are very necessary. Unfortunately, the search function cannot find binary values or REG_DWORD entries. It searches key names, value names, and string data.

The bottom of he window for Regedit shows the path of the currently highlighted key as can be seen in Figure 1. The Edit menu also contains a useful entry “Copy Key Name” that sends the path of the key to the clipboard, Since path names can be quite long, this can be very useful.

Another menu that can be quite useful is “Favorites”. If you find that there are is a certain key that you modify often, this key can be added to the “Favorites’ list for easy access. The example of a “Favorites” menu shown on the right contains three favorites. Note the names have been chosen by this user and can be anything that is a convenient reminder. They actually refer to specific Registry keys, which can have very long path names. Editing Registry Keys and Values

There are many useful adjustments to the Windows configuration or behavior that can be made by simple editing of the Registry. Unless you are a trained IT professional, you should probably limit Registry editing to one or two values at a time. I will limit this discussion to this type of straightforward scenario.

The first step in editing is always to back up the Registry. Also, back up the key you are working on. If you are a very careful worker, backing up just the key where editing is to be done may suffice but make a system restore point first anyway. To back up a key, open Regedit and highlight the key. Open the “file” menu and click “Export”. For most cases. you will choose to export as a registration or REG file. This is a text file with extension .reg that is a copy of the highlighted Registry key. Save it to someplace safe. To restore a key with a REG file, right-click it and choose “Merge”. On many machines the default left double-click on a REG file will also create a merge. I prefer to change the double-click action to “Edit” so that accidental mergers do not happen. Notice that I use the word “merge”. Reg files do not replace keys but add to them, something to keep in mind. Anything extra that you may have added is not deleted. Some experienced PC users prefer to do any actual editing in the exported REG file and then to merge the edited file. This prevents accidentally doing something to the wrong key. Keep in mind that Regedit has no “undo” function. What’s done is done.

If you are editing an entire key, you are very likely deleting it. (Careful! Back it up.) If you are making a number of changes, I suggest using a REG file and not editing in the Registry itself. I repeat, even power users should probably stick with editing one or two values. To delete a highlighted key, choose “Delete” from the “Edit” menu. Note that there is no recycle bin for deleted Registry keys or values. Deleted means gone to the great bit-bucket in the sky.

For the most part, direct Registry editing means changing a value. Highlight the value in question in the right-pane of Regedit. Then choose “Modify” from the “Edit” menu or right-click the value and choose “Modify” from the context menu. For strings, a box like the one shown on the right will open .As a specific example, consider the last value in the right-pane of Figure 1. The time that the system waits for a service to close at Shutdown is controlled by the entry for the value, WaitToKillServiceTimeout. The value is in milliseconds and the default is 20000 ( 20 seconds). To make things close up more quickly, you could change the value to 10000 (10 seconds). Or you might need to make it longer for certain systems. Enter the desired string in the line “Value data” and click OK.

A great many Registry values are strings but another type of data that is common is the “dword”. A slightly different box will appear if you are editing a REG_DWORD value. The figure on the left shows the appropriate box. Note that when entering a DWORD value, you need to specify the base for the number. Be careful to be sure that you have chosen correctly between hexadecimal and decimal. You can enter either but the number that you enter must correspond to the correct value for the chosen base. In the example here the decimal number “96″ would have to be “60″ if hexadecimal were picked for the base.

Leave a Reply

You must be logged in to post a comment.