CHAPTER 5

USING THE REGISTRY

Lesson 1: Understanding the Registry

Microsoft Windows 2000 stores hardware and software settings centrally in a hierarchical

database called the registry. The registry replaces many of the .INI, .SYS, and .COM

configuration files used in earlier versions of Microsoft windows. The registry controls the

Windows 2000 operating system by providing the appropriate initialization information to

start applications and load components such as device drivers and network protocols.

Purpose of the Registry

The registry contains a variety of different types of data, including the following:

The hardware installed on the computer, including the central processing unit CPU, but

type, pointing device or mouse, and keyboard.

Installed device drivers.

Installed applications

Installed network protocols

Network adapter card settings. Examples include the IRQ number, memory base address,

I/O port base address, I/O channel and transceiver type.

The registry structure provides a secure set of records. The data in the registry is read,

updated, or modified by many of the Windows 2000 components.

====================================================================

Component Description

====================================================================

Windows NT kernel During startup, Windows 2000 kernel (Ntoskrnl.exe)

reads inf. From the registry including device drivers

to load and the order to load them.

Device Drivers Device drivers receive configuration parameters from

the registry. They also write information to the

registry.

User Profiles Windows 2000 creates and maintains user work

Environment settings in a user profile. When a user

Logs on, the system caches the profile in the

Registry. Windows 2000 first writes configuration

Changes to the registry and then to the user profile.

======================================================================

winpro5.html PAGE 2 2001/12/06

Setup Programs During setup of a hardware device or application,

A setup program can add new configuration data to

the registry. It can also query the registry to

determine whether required components have been

installed.

Hardware profiles Computers with two or more hardware configurations

use hardware profiles. When Windows 2000 starts,

the user selects a hardware profile and Windows 2000

configures the system accordingly.

Ntdetect.com During system startup, on Intel-based computer,

Ntdetect.com performs hardware detection. This

Dynamic hardware configuration data is stored in

The registry.

Reduced-instruction-set-computing (RISC) based

computers extract the data from the computer

firmware.

======================================================================

winpro5.html PAGE 3 2001/12/06

The Hierarchical Structure of the Registry ** MCSE EXAM**

It is important to know the parts that make up the Registry

======================================================================

Component Description

======================================================================

Subtree A subtree is analogous to the root folder of a disk.

Windows 2000 registry has two subtrees:

HKEY_LOCAL-MACHINE & HKEY_USERS.

However there are 5 predefined subtrees and they are:

HKEY-LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_USERS

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

Keys Keys are analogous (similar) to folders and

subfolders. They correspond to the hardware

and software objects and groups of objects. Subkeys

are keys within high-level keys. Regedit(does not

have READ ONLY)

Entries Keys contain one or more entries. An entry has three

Parts: name, datatype and value.

Hives A hive is a discrete body of keys, subkeys and entries.

Each hive has a corresponding .LOG file

Data types There are several:

REG_DWORD. One value 1-8 hexadecimal.

REG_SZ. One value.

REG_EXPAND_SZ. Similar to REG_SZ,

Except the text can contain a replaceable

Variable.

REG_BINARY. Only one value.

REG_MULTI_SZ. Multiple values.

REG_FULL_RESTORE_DESCRIPTOR.

Stores a resource list for hardware

Components or drivers. You can’t add or

Modify an entry with this data type.

======================================================================

winpro5.html PAGE 4 2001/12/06

Registry Subtrees

Understanding the purpose of each subtree can help you to locate specific keys and values in

the registry.

HKEY_LOCAL_MACHINE. Contains all configuration data for the local computer, including

hardware and operating system data such as bus type, system memory, device drivers, and

startup control data. The data in this subtree remains constant regardless of the user.

HKEY_USERS. Contains the system default settings (system default profile) data used to

control individual user identities and environments, such as desktop settings, windows

environment or interface settings and custom software settings.

HKEY_CURRENT _USER. Contains data about the current user. Retrieves a copy of

each user account used to log on to the computer and stores it in the systemroot\Documents

and Settings\username key.

HKEY_CLASSES_ROOT. Contains software configuration data:object linking and

embedding (OLE) and file class association data. This subreee points to the Classes subkey

under HKEY_LOCAL_MACHINE\SOFTWARE.

HKEY_CURRENT_CONFIG. Contains data on the active hardware profile extracted

from the SOFTWARE and SYSTEM hives. This information is used to configure settings

such as the device drivers to load and display resolution to use.

CLASSROOM:

Server Service in Registry is called svr.sys.

Workstation is also called a Redirector.

Advantages of REGEDT32 VS REGEDIT

At the Run command type regedt32 (enter), change name on system to save to users. Regedt32

is read only, and regedit does not have read only.

====================================================================

Regedt32 Regedit

====================================================================

Easier to see for viewing Better for searches, more thorough, than

Than regedit Regedit32.

Leaves as hexadecimal values Gives exact location and Path for the search.

Does not show path for regedit32

======================================================================

winpro5.html PAGE 5 2001/12/06

The HKEY_LOCAL_MACHINE Subtree

This key is useful for the following reasons:

The structure of all subtrees are similar.
HKEY_LOCAL_MACHINE contains information specific to the local computer and is always

the same, regardless of the user who is logged on.

HKEY_LOCAL_MACHINE root key has file subkey, which are explained below:

=====================================================================

Subkey Description

=====================================================================

HARDWARE The type and state of the physical devices attached to the

computer.

SAM The Directory Database for the computer. The SAM hive

Maps to the SAM and Sam.log in the systemroot\System32\

Config folder. You need to know which API to use.

SECURITY The security information for the local computer. The

Security hive maps to the Security and Security.log files in

The systemroot\System32\Config folder.

SOFTWARE Information about the local computer software. This hive

maps to the Software, Software.log, and Software.sav files

in the systemroot\system32\config folder.

SYSTEM Information about system devices and services. When you

Install or configure device drivers or services, they add or

Modify information under this hive. The registry keeps a

Backup of the data file in the SYSTEM hive in the

System.alt file.

======================================================================

winpro5.html PAGE 6 2001/12/06

Lesson Summary:

The registry is a hierarchical database and replaces many of the .INI, .SYS, .COM

configuration files used in earlier versions. Of Microsoft Windows.

There are two subtrees: HKEY_LOCAL_MACHINE AND HKEY_USERS.

There are five predefined subtrees and they are:

HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG.

The other components of the registry include keys, entries, hives and data types.

Lesson 2: Using Registry Editor

Most Windows 2000 users never need to access the registry. However, management of the

registry is an important part of the system administrators job and included viewing, editing,

backing up and restoring the registry.

Regedt32.exe

Setup installs Registry Editor (Regedt32.exe) in the systemroot\System32 folder during

installation. You can access from the Run command it is not in the Programs Menu.

NOTE: Setup also installs a second Registry Editor (Regedit.exe) Regedit.exe doesn’t

have a security menu or a read-only mode and doesn’t support REG_EXPAND_SZ or

REG_MULTI_SZ, so it is not the recommended Registry Editor for Windows 2000.

Although Registry Editor allow you to perform manual edits on the registry, it is intended for

troubleshooting and problem resolution. You should make most configuration changes

through either Control Panel or Administrative Tools. CAUTION: using the Registry

improperly can cause system-wide problems.

======================================================================

winpro5.html PAGE 7 2001/12/06

Lesson Summary:

The Registry Editor (Regedt32.exe) to view and change the registry configuration.
However, Registry editor is primarily intended for troubleshooting.
For most changes you should use Control Panel or Administrative Tools, not the

Registry Editor.

There are some useful command, the FIND Key and SAVE Key, and the Select
Computer command allows you to open the registry on a remote computer.