Windows Registry - Wikipedia, the free encyclopedia
Windows registrydirectory
which stores settings and options for the operating systemMicrosoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardwaresoftware, most non-operating system software, users, preferences of the PC, etc. Whenever a user makes changes to Control Panelfile associationsinstalled software, the changes are reflected and stored in the registry. The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware. This use of registry mechanism is conceptually similar to the way that Sysfsprocfs expose runtime information through the file system (traditionally viewed as a place for permanent storage), though the information made available by each of them differs tremendously.Windows registry was introduced to tidy up the profusion of per-program INI files that had previously been used to store configuration settings for Windows programs. These files tended to be scattered all over the system, which made them difficult to track.The registry contains two basic kinds of elements: keys and values.Keys are similar to folders - in addition to values, each key can contain subkeys, which may contain further subkeys, and so on. Keys are referenced with a syntax similar to Windows path names, using backslashes to indicate levels of hierarchy. E.g. HKEYLOCALMACHINE\Software\Microsoft\Windows refers to the subkey Windows of the subkey Microsoft of the subkey Software of the HKEYLOCALMACHINE key.Values are name/data pairs stored within keys. Values are referenced separately from keys. Value names can contain backslashes which would lead to ambiguities were they referred to like paths. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key.The terminology is somewhat misleading, as the values are similar to an associative array, where standard terminology would refer to the name part of the value as a key. The terms are a holdout from the 16-bit registry in Windows 3, in which keys could not contain arbitrary name/data pairs, but rather contained only one unnamed value (which had to be a string). In this sense, the entire registry was like an associative array where the keys (in both the registry sense and dictionary sense) formed a hierarchy, and the values were all strings. When the 32-bit registry was created, so was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distortedThere are a number of different types of values:The Registry is split into a number of logical sections, or hives. Hives are generally named by their WindowsAPI definitions, which all begin HKEY. They are abbreviated to a three- or four-letter short name starting with HK (e.g. HKCU and HKLM).The HKEYLOCALMACHINE and HKEYCURRENTUSER nodes have a similar structure to each other; applications typically look up their settings by first checking for them in HKEYCURRENTUSER\Software\Vendors name\Applications name\Version\Setting name, and if the setting is not found looking instead in the same location under the HKEYLOCALMACHINE key. When writing settings back, the reverse approach is used HKEYLOCALMACHINE is written first, but if that cannot be written to (which is usually the case if the logged-in user is not an administrator), the setting is stored in HKEYCURRENTUSER instead.Abbreviated HKCR, HKEYCLASSESROOT stores information about registered applications, such as Associations from File Extensions and OLE Object Class IDs tying them to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes is used.Abbreviated HKCU, HKEYCURRENTUSER stores settings that are specific to the currently logged-in user. The HKCU key is a link to the subkey of HKEYUSERS that corresponds to the user; the same information is reflected in both locations. On Windows-NT based systems, each users settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own documents and settings subfolder.Abbreviated HKLM, HKEYLOCALMACHINE stores settings that are general to all users on the computer. On NT-based versions of Windows, HKLM contains four subkeys, SAM, SECURITY, SOFTWARE and SYSTEM, that are found within their respective files located in theSystemRoot\System32\Config folder. A fifth subkey, HARDWARE, is volatile and is created dynamically, and as such is not stored in a file. Information about system hardware drivers and services are located under the SYSTEM subkey, whilst the SOFTWARE subkey contains software and windows settings.Abbreviated HKU, HKEYUSERS contains subkeys corresponding to the HKEYCURRENTUSER keys for each user registered on the machine.Abbreviated HKCC, HKEYCURRENTCONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time.This key provides runtime information into performance data provided by either the NT kernel itself or other programs that provide performance data. This key is not displayed in the Registry Editor, but it is visible through the registry functions in the Windows API.The registry can be edited manually in Microsoft Windows by running regedit.exe or regedt32.exe in the Windows directory. However, careless registry editing can cause irreversible damage. Thus, performing back-ups of the registry is highly recommended. Many optimization and hacking tools are available to modify this portion of the Windows operating system; it is preferable not to use them unless one has a knowledge of registry workings or wishes to learn more about the registry.A simple implementation of the current registry tool appeared in Windows 3.x, called the Registration Info Editor or Registration Editor. This was basically just a database of applications used to edit embedded OLEWindows NT introduced permissions for Registry editing. Windows NT 4 and Windows 2000 were distributed with both the Windows 9x REGEDIT.EXE program and Windows NT 3.xs REGEDT32.EXE program. There are several differences between the two editors on these platforms:Windows XP was the first system to integrate these two programs into one, adopting the old REGEDIT.EXE interface and adding the REGEDT32.EXE functionality. The differences listed above are not applicable on Windows XP and newer systems; REGEDIT.EXE is the improved editor, and REGEDT32.EXE is simply a stub that invokes REGEDIT.EXE.The registry can be manipulated from the command line with the reg.exe utility. It is included in Windows XPWindows Vista and can be downloaded separately for previous versions. Alternative locations include the Resource Kit CDs or the original Installation CD of Windows.Also, a .reg file (a text-based human-readable file format for storing portions of the registry) can be imported from the command line with the following command:The /s means the file will be silent merged to the Registry. If the /s parameter is omitted the user will be asked to confirm the operation. In Windows 98 and Windows 95 the /s switch also caused regedit.exe to ignore the setting in the registry that allows administrators to disable it. When using the /s switch Regedit does not return an appropriate return code if the operation fails, unlike reg.exe which does. This makes it hard to script, however a possible workaround is to add the following lines into your batch fileThe default association for .reg files in many versions of Microsoft WindowsWindows 98 does require the user to confirm the merging to avoid user mistake.Registry permissions can be manipulated through the command line using the tool. The permissions on the HKEYLOCALMACHINE\SOFTWARE key can be displayed using:To set the owner of the key HKEYLOCALMACHINE\software and all of its subkeys to Administrator:To grant full access rights to the HKEYLOCALMACHINE\software key to Administrator:The registry can be edited through the APIs of the Advanced Windows 32 Base API Library (advapi32.dll).Some programming languages, like Visual Basic, offer built-in runtime library functions that enable programs to store settings in the registry. Another way is to use the Windows Support Tool Reg.exe by executing it from code.Many scripting languages such as PerlVBScript also enable registry editing from scripts.The Registry is stored in several files; depending upon the version of Windows, there will be different files and different locations for these files, but they are all on the local machine, except for the Ntuser.dat files. There is one such file per user that contains the information in HKEYCURRENTUSER; it may be placed on another computer to allow for roaming profiles. The policy file, which is usually stored on a server in the local network, may also be located remotely.The following Registry files are stored in SystemRoot\System32\Config\The following files are stored in each users profile folder:The registry files are named USER.DATSYSTEM.DATWINDIR directory. In Windows Me, Classes.dat was added. Also, each user profile (if profiles are enabled) has its own USER.DATThe registry file is called Reg.datC:\WINDOWSSince Windows 95, administrators can use a special file to be merged into the registry, a policy file. The policy file allows administrators to prevent non-administrator users from changing registry settings like, for instance, the security level of IE and the desktop background wallpaper. The policy file is primarily used in a business with a large number of computers where the business needs to be protected from the users and the users need to be protected from themselves.The default extension for the policy file is .pol. The policy file filters the settings it enforces by user and by group (a group is a defined set of users). To do that the policy file merges into the registry, preventing users from circumventing it by simply changing back the settings. The policy file is usually distributed through a LAN, but can be placed on the local computer.The policy file is created by a free tool by Microsoft that goes by the filename poledit.exe for Windows 95/Windows 98 and with a computer management module for NT-based systems. The module will not work in Windows XP Home Edition, but it does work in the Professional edition with filename Gpedit.msc. The editor requires administrative permissions to be run on systems that uses permissions. The editor can also directly change the current registry settings of the local computer and if the remote registry service is installed and started on another computer it can also change the registry on that computer. The policy editor loads the settings it can change from .adm files, of which one is included, that contains the settings the Windows shell provides. The .adm file is plain text and supports easy localisation by allowing all the strings to be stored in one place. The policy editor has been renamed to Group Policies in newer versions of Windows.Changing from having one or more INI files per program to one centralised registry has its good points:However, the centralized Registry introduces some problems as well:On Windows 9x computers, an older installation can have a very large registry that slows down the computers startup and can make the computer unstable. This has led to frequent criticisms that the registry leads to instability. However, as the on-disc structure of the registry is entirely different on the NT line of Operating Systems (including Windows XP and Vista) than Windows 9x series OS, slowdown due to registry bloat now occurs much less frequently.Other systems use separate configuration files for separate application subsystems, but group them together for ease of management. For instance, under UnixLinux, system-wide configuration files (information which would appear in HKEYLOCALMACHINE on Windows) are traditionally stored in files in /etc/ and its subdirectories, or sometimes in /usr/local/etc. Per-user information (information that would be in HKEYCURRENTUSER) is stored in hidden directories and files (that start with a period) within the users home directory.Apple Inc.Mac OS X operating system typically store settings in property list files which are usually stored in each users Library folder. An advantage of this is that corruption to one of these files will normally only affect a single application, whereas corruption of one of the Registry hives can have system-wide effects. However, Mac OS X also has a system database called NetInfo that stores system-wide settings such as user account details and network configuration.RISC OS also allows applications to be copied into directories easily, as opposed to the separate installation program that typifies Windows applications. If one wishes to remove the application, it is possible to simply delete the folder belonging to the application. This is possible because RISC OS does not support multi-user environments with different settings for each user.IBM AIX (a Unix derivant) uses a registry component called Object Data Manager (ODM). The ODM is used to store information about system and device configuration. An extensive set of tools and utilities provides users with means of extending, checking, correcting the ODM database. The ODM stores its information in several files, default location is /etc/objrepos.GNOME desktop environment uses a registry-like interface called GConf for storing configuration settings for the desktop and applications. However, in GConf, all application settings are stored in separate files, thereby eliminating a single point of failureElektra Initiative provides an alternative back-end for text configuration files for the Linux operating system, similar to the registry.
Categories
Visit Registry related site to get more info.
