Working with the Windows Registry
Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components and for applications running on the platform that have opted to use the Registry. The kernel, device drivers, services, SAM, user interface and third-party applications can all make use of the Registry.
There is one copy of the registry for each user in hidden files called NTUSER.dat located in the root of each user account profile folder on your Windows drive.
The Windows registry can be manually edited using Registry Editor. To open this panel, type regedit.exe into Start Menu search box, and then select Registry Editor from the search results that appear.
Registry is separated into five different sections:
• HKEY_CLASSES_ROOT You should not change these settings. They include essential Windows system settings along with other things such as file associations.
• HKEY_CURRENT_USER These are the custom settings for the currently logged-in user . These will include settings for Windows and installed software. These are the most commonly changed settings.
• HKEY_LOCAL_MACHINE This section is for general Windows and software settings which means the settings in this branch apply to the computer's configuration and affect every user who logs on to it. You may need to make changes in this section.
• HKEY_USERS This section is for general controls for user accounts; you will not need to change these settings.
• HKEY_CURRENT_CONFIG These are additional settings related to your current configuration; you will not need to change these settings.
These sections are called hives, which are analogous to root directories on your hard drive. Each hive, by definition, has its own storage location (a file) and log file. Inside a hive you find both keys (and subkeys, analogous to directories and subdirectories on your hard disk) and values. The term value (or data value, as it is sometimes called) refers to the information, or data, assigned to a key, making the key analogous to a file on your hard drive as well. A key or subkey may have zero, one, or more value entries, a default value, and from zero to many subkeys. Each value entry has a name, data type, and a value.
Each registry value is stored as one of five main data types:
There are other data types not available through the standard registry editors.
Occasionally, you may have to change or remove a setting in the Windows registry. You should always be very careful when you do this, because changing the wrong setting in the registry can cause Windows OS to become unresponsive or unable to boot. You should always create a backup before making any changes to the registry . You can create a backup copy of the registry by selecting Export on the File menu .You can restore this backup the same way by selecting Import on the File menu . (Note that you may have to do this in Safe Mode if the changes you have made make Windows OS unstable .) If you export the registry as a Registration File with an REG file extension you can restore this backup by double clicking on it. Exporting to hive files is my choice most of the time. There is a undesirable disadvantage when you backup registry as Registration File reason is that the Registration File backup does not delete values or keys that has been created after you export registry as a Registration File backup it will only restores what has been backup but if you export registry as a hive file its much more accurate than either type of REG file. They are the same format as the Windows OS working hive files, so they represent settings exactly the same way. Also, when you import a hive file, Registry Editor deletes the branch it's replacing before importing the settings. In other words, the editor removes any settings that exist in the working registry but not in the hive file you're importing. When restoring keys from a backup after an unsuccessful registry edit, this is exactly the behavior you want.
The Windows registry hive files load every time the computer boots. Windows does a pretty good job of protecting your registry hive files from corruption, but from time to time something may slip by Windows and it will attempt to load a bad registry hive. These errors may show up as BSoD's with a message “Registry File Failure”, text errors that say “Windows could not start” or boot error message indicating one of the registry hive missing or corrupted.
Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
Whatever the case, when you run into these sorts of scenarios, you need to restore a good registry hive copy. The best way to do this is to start Windows with “Last Known Good Configuration” boot option from Advanced Boot Options menu but this option only restores one of the ControlSetxxx subkeys. A control set contains system configuration information such as device drivers and services. Control sets are stored in the HKEY_LOCAL_MACHINE subtree, under the SYSTEM key. If that fails, you can restore an earlier version of the Registry through the Recovery Console in Windows 2000 and Windows XP or through Windows WinRE in Windows Vista/7/8/8.1 and 10.
Boot to the Windows installation CD-ROM, get to the Recovery Console, and type these commands to restore a Registry.
Note : This procedure assumes that Windows XP is installed to the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows OS installed partition drive letter if it is a different location.
Above commands renames the registry files at their existing location, and then copies the registry files from the Repair folder to the C:\Windows\System32\Config folder. When you have finished this procedure, a registry is created that you can use to start Windows XP. This registry was created and saved during the initial setup of Windows XP. Therefore any changes and settings that occurred after the Setup program was finished are lost.
Windows Vista/ 7/8/8.1/10 keep a regular backup of the registry handy in case you need to overwrite a corrupted registry. By default, the RegIdleBackup task runs every 10 days, so that’s as far back as you would lose if you replaced the current registry with the automatically backed-up files. You can find the backed-up registry files in \Windows\System32\config\RegBack folder.
To replace the Registry, boot to the Windows DVD to access WinRE and get to the Command Prompt shell.
Note : This procedure assumes that Windows Vista/7/8/8.1/10 is installed to the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows OS installed partition drive letter if it is a different location.
Above commands renames the registry files at their existing location, and then copies the registry files from the RegBack folder to the C:\Windows\System32\Config folder.
If you want to learn more about Windows registry read Microsoft Windows XP Registry Guide ebook.
There is one copy of the registry for each user in hidden files called NTUSER.dat located in the root of each user account profile folder on your Windows drive.
The Windows registry can be manually edited using Registry Editor. To open this panel, type regedit.exe into Start Menu search box, and then select Registry Editor from the search results that appear.
Registry is separated into five different sections:
• HKEY_CLASSES_ROOT You should not change these settings. They include essential Windows system settings along with other things such as file associations.
• HKEY_CURRENT_USER These are the custom settings for the currently logged-in user . These will include settings for Windows and installed software. These are the most commonly changed settings.
• HKEY_LOCAL_MACHINE This section is for general Windows and software settings which means the settings in this branch apply to the computer's configuration and affect every user who logs on to it. You may need to make changes in this section.
• HKEY_USERS This section is for general controls for user accounts; you will not need to change these settings.
• HKEY_CURRENT_CONFIG These are additional settings related to your current configuration; you will not need to change these settings.
These sections are called hives, which are analogous to root directories on your hard drive. Each hive, by definition, has its own storage location (a file) and log file. Inside a hive you find both keys (and subkeys, analogous to directories and subdirectories on your hard disk) and values. The term value (or data value, as it is sometimes called) refers to the information, or data, assigned to a key, making the key analogous to a file on your hard drive as well. A key or subkey may have zero, one, or more value entries, a default value, and from zero to many subkeys. Each value entry has a name, data type, and a value.
Each registry value is stored as one of five main data types:
- REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format. This datatype is made up of binary data: 0s and 1s. As a general rule, you won’t edit binary values; instead, you’ll edit string values because they’re made up of text and numbers.
- REG_DWORD - This datatype is represented as a number. Sometimes a 0 turns on the key or a 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8. You can switch between both views in the Registry editor when you change the value.
- REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
- REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
- REG_SZ - This type is a standard string, used to represent human readable text values.This datatype is easy to understand and edit because it’s made up of plain text and numbers. It’s one of the most common data types in the Registry.
There are other data types not available through the standard registry editors.
Occasionally, you may have to change or remove a setting in the Windows registry. You should always be very careful when you do this, because changing the wrong setting in the registry can cause Windows OS to become unresponsive or unable to boot. You should always create a backup before making any changes to the registry . You can create a backup copy of the registry by selecting Export on the File menu .You can restore this backup the same way by selecting Import on the File menu . (Note that you may have to do this in Safe Mode if the changes you have made make Windows OS unstable .) If you export the registry as a Registration File with an REG file extension you can restore this backup by double clicking on it. Exporting to hive files is my choice most of the time. There is a undesirable disadvantage when you backup registry as Registration File reason is that the Registration File backup does not delete values or keys that has been created after you export registry as a Registration File backup it will only restores what has been backup but if you export registry as a hive file its much more accurate than either type of REG file. They are the same format as the Windows OS working hive files, so they represent settings exactly the same way. Also, when you import a hive file, Registry Editor deletes the branch it's replacing before importing the settings. In other words, the editor removes any settings that exist in the working registry but not in the hive file you're importing. When restoring keys from a backup after an unsuccessful registry edit, this is exactly the behavior you want.
The Windows registry hive files load every time the computer boots. Windows does a pretty good job of protecting your registry hive files from corruption, but from time to time something may slip by Windows and it will attempt to load a bad registry hive. These errors may show up as BSoD's with a message “Registry File Failure”, text errors that say “Windows could not start” or boot error message indicating one of the registry hive missing or corrupted.
Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
Whatever the case, when you run into these sorts of scenarios, you need to restore a good registry hive copy. The best way to do this is to start Windows with “Last Known Good Configuration” boot option from Advanced Boot Options menu but this option only restores one of the ControlSetxxx subkeys. A control set contains system configuration information such as device drivers and services. Control sets are stored in the HKEY_LOCAL_MACHINE subtree, under the SYSTEM key. If that fails, you can restore an earlier version of the Registry through the Recovery Console in Windows 2000 and Windows XP or through Windows WinRE in Windows Vista/7/8/8.1 and 10.
Replacing the Registry in Windows XP
Boot to the Windows installation CD-ROM, get to the Recovery Console, and type these commands to restore a Registry.
Code:
Ren C:\Windows\System32\config\SAM SAM.BAK
Ren C:\Windows\System32\config\SYSTEM SYSTEM.BAK
Ren C:\Windows\System32\config\SECURITY SECURITY.BAK
Ren C:\Windows\System32\config\DEFAULT DEFAULT.BAK
Ren C:\Windows\System32\config\SOFTWARE SOFTWARE.BAK
Copy C:\Windows\repair\SYSTEM C:\Windows\System32\config
Copy C:\Windows\repair\SOFTWARE C:\Windows\System32\config
Copy C:\Windows\repair\SAM C:\Windows\System32\config
Copy C:\Windows\repair\SECURITY C:\Windows\System32\config
Copy C:\Windows\repair\DEFAULT C:\Windows\System32\config
Note : This procedure assumes that Windows XP is installed to the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows OS installed partition drive letter if it is a different location.
Above commands renames the registry files at their existing location, and then copies the registry files from the Repair folder to the C:\Windows\System32\Config folder. When you have finished this procedure, a registry is created that you can use to start Windows XP. This registry was created and saved during the initial setup of Windows XP. Therefore any changes and settings that occurred after the Setup program was finished are lost.
Replacing the Registry in Windows Vista/7/8/8.1/10
Windows Vista/ 7/8/8.1/10 keep a regular backup of the registry handy in case you need to overwrite a corrupted registry. By default, the RegIdleBackup task runs every 10 days, so that’s as far back as you would lose if you replaced the current registry with the automatically backed-up files. You can find the backed-up registry files in \Windows\System32\config\RegBack folder.
To replace the Registry, boot to the Windows DVD to access WinRE and get to the Command Prompt shell.
Code:
Ren C:\windows\system32\config\SAM SAM.BAK
Ren C:\windows\system32\config\SYSTEM SYSTEM.BAK
Ren C:\windows\system32\config\SECURITY SECURITY.BAK
Ren C:\windows\system32\config\DEFAULT DEFAULT.BAK
Ren C:\windows\system32\config\SOFTWARE SOFTWARE.BAK
Copy C:\Windows\System32\config\RegBack\SAM C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\SYSTEM C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\SECURITY C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\DEFAULT C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\SOFTWARE C:\windows\system32\config
Note : This procedure assumes that Windows Vista/7/8/8.1/10 is installed to the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows OS installed partition drive letter if it is a different location.
Above commands renames the registry files at their existing location, and then copies the registry files from the RegBack folder to the C:\Windows\System32\Config folder.
If you want to learn more about Windows registry read Microsoft Windows XP Registry Guide ebook.