In this article, we’ll tell you all about the Windows Registry Editor and what it’s used for.
The Windows Registry Editor is a key part of Microsoft Windows, and yet, it’s something that very few users (or even some administrators) know anything about. The registry is essentially a database where Windows stores all the settings used by applications, hardware and even the operating system itself. Whatever configurations you might have set up in the past or might create in the future will be stored in the registry.
The Windows Registry first appeared on 31 December 1994 as part of Windows 3.11 and is still used today by the latest editions of Windows, both client and server versions. Before this, the early versions of Windows and MS-DOS used to store configuration data in text files called configuration files (.ini).
Some of these files were stored in shared locations and they could be used to change the way the computer behaved for all users, preventing special settings for specific users. This meant that, to make any changes, you had to find the right text file and manually edit it. Furthermore, with all the files in the same place and no security controls, there was a significant risk of things going wrong.
However, when the Windows Registry arrived all this changed. This new way of managing system settings had a number of advantages. It was essentially a single database where all settings were stored, and it had a single interface for making changes called the Registry Editor.
The registry also allowed you to create different configurations for each user. Each time a user logs on, all the settings for their applications and systems are loaded from the registry.
The structure of the database is essentially an inverted tree, which makes it easier to find the configuration key you’re looking for. However, the learning curve is not exactly a smooth one, and it might take a bit of getting used to at the beginning.
The registry also has various different features that allow you to make partial or complete backups and even export your configuration data to another device.
When we say that the Windows Registry works like a database, it’s not just because it stores data. It’s also about the way it handles operations. For example, it ensures the integrity of any inputs and uses resource blocking to prevent the same key being written in two different locations. It also has ACID properties.
NOTE: ACID properties are what a database needs to be considered transactional – Atomicity, Consistency, Isolation and Durability.
More recent versions of the Windows Registry allow transactional operations with ACID properties through the use of the Commit/Abort function to either confirm or revoke changes.
The Structure of the Registry
Despite the huge amount of data it stores, the Windows Registry can be broken down into three basic elements:
- Keys.
- Subkeys.
- Values.
Keys are folders that store different elements, such as other keys, configuration values, etc. It’s this structure of keys within keys that makes the database easier to browse. We’ll go into this a little more shortly.
Subkeys are essentially keys located within other keys. Pretty straightforward really.
Values are located within the keys and subkeys. They each have a unique name and store data in the form of a string, decimal value, binary value, etc.
The Registry paths are always absolute, starting at the registry root, and use the same “\” separator as Windows Explorer, which is hardly surprising.
One interesting thing about the Windows Registry is that it doesn’t distinguish between uppercase and lowercase. However, even though it’s not going to be a big deal if you accidentally type a capital letter, it’s still worth taking care when making changes so that you don’t run into problems when using a system that does care about this distinction, such as GNU/Linux.
The Windows keys are all the same regardless of whether you’re working on a client device or server. So, once you’ve learnt to use the registry on one system, you know how to use it on all of them!
NOTE: When it comes to making changes, all registry keys can be restricted using user privileges, security tokens, security directives or ACL.
At the top level, you’ll always see the following keys:
- HKEY_CLASSES_ROOT (HKCR)
- HKEY_CURRENT_USER (HKCU)
- HKEY_LOCAL_MACHINE (HKLM)
- HKEY_USERS (HKU)
- HKEY_CURRENT_CONFIG (HKCC)
NOTE: We’ve added the acronyms in brackets because that’s what is often written in Microsoft’s official documentation.
So, let’s take a look at each of these keys and see what they are:
- HKEY_CLASSES_ROOT: abbreviated to “HKCR”, this registry key contains all the information about the applications registered on the operating system, such as file association mapping, for example. In reality, HKEY_CLASSES_ROOT is the combination of HKLM\Software\Classes and HKCU\Software\Classes.
- HKEY_CURRENT_USER: abbreviated to “HKCU”, this key stores user-specific settings for the user currently logged onto the PC.
- HKEY_LOCAL_MACHINE: abbreviated to “HKLM” this key stores all the computer specific information. Here, you’ll find information about system settings, software and hardware. Some of this data is volatile, meaning that it is generated and deleted with each startup.
- HKEY_USERS: abbreviated to “HKU”, this key contains all the individual preferences for each user of the computer. It is loaded by “HKEY_CURRENT_USER”.
- HKEY_CURRENT_CONFIG: abbreviated to “HKCC”, this key doesn’t technically store any data. Instead it acts as a pointer to a registry key containing information about the hardware being used at that moment.
Then, we have the following types of registry values, which can vary in length and format:
- REG_BINARY: Binary data in any format.
- REG_DWORD: 32-bit number.
- REG_DWORD_LITTLE_ENDIAN: 32-bit number in little-endian format.
- REG_DWORD_BIG_ENDIAN: 32-bit number in big-endian format.
- REG_EXPAND_SZ: Null-terminated string that contains unexpanded references to environment variables.
- REG_LINK: Unicode null-terminated string that contains the target path for a symbolic link.
- REG_MULTI_SZ: Sequence of null-terminated strings.
- REG_NONE: Used if there is no defined value type.
- REG_QWORD: 64-bit number.
- REG_QWORD_LITTLE_ENDIAN: 64-bit number in little-endian format.
- REG_SZ: Null-terminated string.
So, now you know the basic elements and principles of the Windows Registry. That’s all for now. But stay tuned because we’ll be back with lots more to say about the registry and how you can use it.
Summary
In this article, you’ve learnt about what the Windows Registry Editor is and why it’s so important. Lots of people, including systems administrators, are largely oblivious to its importance, but at least you’re not one of them anymore!
We’ve looked at its basic make up and how it works, and you’ll find some other related tutorials on our blog.
If you have any questions or issues, please don’t hesitate to contact us. We’re always happy to help.
Thanks for reading!
