The Windows Registry

What does Windows registry mean? In order to have a clear vision of it you should know that the Windows Registry is a record that stores the settings and the wide selection (options) for the operating system. The system is Microsoft Windows with the versions: 32-bit and  64-bit but also Windows Mobile. This system contains settings and info for all types of hardware, softwares, computer preferences and users. Once a modification has been made to a setting within the Control Panel, File Associations, System Policies or if a new software was installed, the Registry would store them all and would eventually reflect them.

The Registry is made of physical files that are stored differently, according to the Windows’ version. You will find them under the name of USER.DAT and SYSTEM.DAT if the system used is Windows 98 and 95 and it is incorporated in two files that are hidden in the Windows directory. In case you are using Windows Me you would like to know that there is another CLASSES.DAT file while those using Windows NT/2000 will have the files stored in the directory known as %SystemRoot%\System32\Config. In order to edit these files you need to use the "Registry Editor" tool that will allow you to make changes.

Depending on the Windows version, you can find the registry in several files and locations although they are to be found in the local machine except for the Ntuser.dat file. The Ntuser.dat file can be found on a different PC in order to permit the roaming files and the policy file server found in the local network.

The structure is a hierarchal one similar to the one you have on the hard disk with Regedit. It is not more complicated than that, although it seems to be. Hive is the name of the branch and it contains keys that contain other keys also known as sub-keys or Values.

Registry stores six main branches. Each branch has a specific portion of the information stored in the Registry. Here are the six branches:

1.       HKEY_CLASSES_ROOT – Here you will find all the file association types, OLE information, and shortcut data.

2.       HKEY_CURRENT_USER - This branch makes the connection with section of HKEY_USERS appropriate for the user currently logged onto the PC.

3.       HKEY_LOCAL_MACHINE - Computer specific information concerning the type of hardware, software, and other preferences on a given PC will be found in this branch. All users who log onto this computer will be able to access this piece of information.

4.       HKEY_USERS – you will find in this branch individual preference so that anyone who is using the computer, every user to be represented by a SID sub-key located under the main branch.

5.       HKEY_CURRENT_CONFIG - This branch makes the connection with the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.

6.       HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows. Being a dynamic section, it will change the moment when the devices are added and removed from the system.

Several logical sections together make up the Registry. They all begin with "HKEY" which is the acronym for “Handle to Key" but you can also find them abbreviated to a three- or four-letter short name starting with "HK" (e.g. HKCU and HKLM). Each key has a subkey division that has also another subkey division, and so on and so forth. There are several types of values that these keys contain. These are:

·          String Value

·          Binary Value (0 or 1)

·          DWORD Value, a 32 bit unsigned integer (numbers between 0 and 4,294,967,295 [2³² – 1])

·          Multi-String Value

·          Expandable String Value

 The use of Windows Registry

 Windows Explorer is the beginning and the end. If there were not for Windows Explorer, there would be nothing: no desktop, no Windows. The information that is found in the Registry is used bythe Windows right after it loaded and you have logged on.