Introduction
Ever since Windows 95, the Windows operating system has been using a centralized hierarchical database to store system settings, hardware configurations, and user preferences. This database is called the Windows Registry or more commonly known as the Registry. When new hardware is installed in the computer, a user changes a settings such as their desktop background, or a new software is installed, this information is stored in the registry. The operating system then continually references this information during its operation. Though understanding the Registry will provide good knowledge into the inner workings of your computer, it is important to take extreme care when working with the Registry as modifying it incorrectly can cause problems with the use of your operating system.
The Registry
Overview
The registry is a key component of the Windows operating system. It is so important, that without it, Windows would not even run. When a new piece of hardware or software is installed in Windows, it stores its configuration into the Registry. This allows Windows to retrieve that information at later dates such as when it is starting up. As Windows starts it will read the configuration in the registry and know what drivers need to be loaded, what settings to be applied, and what resources need to be allocated in order for this equipment to work. Because this information is stored in the Registry on your hard drive, Windows has this information available each time it boots up.
The registry, though, is not only for operating system settings. User preferences and application settings are stored in the Registry as well. When you change your desktop background or screen saver, these details are stored in the Registry. Now when you shutdown Windows and start it up again at a later date, your preferences are available and loaded automatically. Application settings such as what directory you would like to download files to or what your default font is in a word processor are stored here as well. As you can see the Registry contains information that is not only vital to the use of the operating system, but also essential in allowing you to customize Windows to your particular tastes.
Structure of the Registry
The Registry is a hierarchical structure similar to what you see when looking at a directory/file tree on your computer. You have a main key, or Hive, with Keys, Subkeys and then Values. Each of these are discussed below:
Hives - Hives are the top most portions of the hierarchical data tree with each Hive containing a certain category of information. For example one Hive may contain the configuration that applies to the particular user logged on, while another Hive will contain information about the hardware installed in the computer. Depending on the version Windows that you are running there will be 5 or 6 different hives. Below we have outlined the 6 possible hives:
- HKEY_CURRENT_USER (HKCU) -
- This Hive contains the preferences and configuration for the particular user who is currently logged in. If a different user is logged onto the same machine, then the information in this Hive would change corresponding to that particular user's configuration.
- HKEY_LOCAL_MACHINE (HKLM) -
- This Hive contains the configuration for the actual computer. The information in this Hive remains the same regardless of the user currently logged on.
- HKEY_CLASSES_ROOT (HKCR) -
- This Hive contains the information for that pertains to the core user interface such as file associations and shortcuts.
- HKEY_USERS (HKU) -
- This Hive contains the user information for all the users that have ever logged onto this computer.
- HKEY_CURRENT_CONFIG (HKCC) -
- This Hive contains the information about current hardware configuration. This Hive is linked to the HKLM Hive.
- HKEY_DYN_DATA (HKDD) -
- This Hive is found only on Windows 95/98/ME. It contains information about hardware Plug and Play. This Hive is linked to the HKLM Hive.
Values - Values contain the actual data that is being stored in a Key or a Subkey. There are quite a few different types of values that can be stored in the Registry, but the most common that you will see are binary, strings, and DWORD values.
When visualizing the Registry you should look at the Hives, Keys, and Subkeys as the path that you will need to navigate in order to reach the final stored information which is the Value.
An example Registry key can be seen below. This Registry key controls what your initial start page will be when using Internet Explorer.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
When we break this Key down to its components we can see the following:
HKEY_CURRENT_USER is the Hive that this key is associated with.
Software is a Key
Microsoft - This is a Subkey
Internet Explorer - This is a Subkey
Main - This is a Subkey
Start Page - This is the Value that the actual data is stored in. For this particular Value, the data will be the start page that you want Internet Explorer to use.
Where the Registry is stored
The Registry itself is stored on your computer in certain files. Below we detail what files and their locations are used to store the Registry based upon the particular version of Windows.
For Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, the Registry files are stored in the following directories:
Systemroot\System32\Config
Systemroot\Profiles\Username
The names for the registry files are:
Sam, Sam.log, Sam.sav
Security, Security.log, Security.sav
Software, Software.log, Software.sav
System, System.alt, System.log, System.sav
System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log
Default, Default.log, Default.sav
For Windows 98, the registry files are named User.dat and System.dat and are stored in the C:\Windows directory.
For Windows Millennium Edition, the registry files are named Classes.dat, User.dat, and System.dat and are stored in the C:\Windows directory.
How to edit the Registry
In order to modify values in the Registry you need to use a program called a Registry Editor. Windows comes with a program called regedit.exe or otherwise known as Registry Editor. To launch this program you should click on the Start button, then click on the Run option, and in the field type regedit.exe and press the OK button. This will launch the Registry Editor.
When you open Registry Editor you will see two panes. The left pane is your navigation pane. By default it will list all the Hives with a + or - next to each one. You can click the + to expand the tree underneath that Hive revealing Keys and Subkeys. You would keep navigating the Subkeys until you reach the desired location and then click on it once to highlight it. Then you will see in the right pane a listing of the values associated with that key.
In the screenshow below you will see an image of the Registry Editor where I have navigated to the key:
HKEY_CURRENT_USER\Control Panel\Colors
Figure 1. Registry Editor
In Figure 1 above, the Hive that we are in is HKEY_CURRENT_USER. They Key is Control Panel and the Subkey is Colors. The right hand portion shows all the Values contained in the subkey Colors.
To modify a Value, you would double-click on the value name and a screen similar to Figure 2 below would appear.
Figure 2: Modifying a Value
You then would type in the appropriate information into the Value data field and press the OK button.
- Reboot your computer and when you see "Starting Windows 95" press the F8 key. Then choose Safe Mode Command Prompt Only from the startup menu and press enter.
- At the command prompt type the following lines, pressing ENTER on your keyboard after each line:
- cd \windows
attrib -r -h -s system.dat
attrib -r -h -s user.dat
copy system.dat *.bak
copy user.dat *.bak
WARNING: These steps make the assumption that you do not have any files named system.bak or user.bak. If you do have files with these names, change the extension in the steps above to something else.
- Restart your computer.
- Reboot your computer and when you see "Starting Windows 95" press the F8 key. Then choose Safe Mode Command Prompt Only from the startup menu and press enter.
- At the command prompt type the following lines, pressing ENTER on your keyboard after each line:
cd windows
attrib -r -h -s system.dat
attrib -r -h -s system.da0
attrib -r -h -s user.dat
attrib -r -h -s user.da0
ren system.dat system.daa
ren system.da0 system.da1
ren user.dat user.daa
ren user.da0 user.da1
copy system.bak system.dat
copy user.bak user.dat
WARNING : This will restore the previous backup that you had made. If you had chosen an extension other than .bak when you had backed up the Registry previously, then substitute that extension above.
- Restart your computer.
- Click the Start button, then click Run.
- Type scanregw in the field and press the OK button.
- When the program has finished scanning the Registry for errors it will ask if you would like to back up the Registry.
- Click the Yes prompt and the program will create the backup.
- When it is completed, press the OK button.
- For Win98, reboot your computer and press and hold the CTRL button. Then choose Safe Mode Command Prompt Only from the startup menu and press enter. For Windows ME, start your computer with a startup disk and select Start Computer without CD-ROM Support.
- You will now be at a command prompt. Type c:\windows\command\scanreg /restore and press enter on your keyboard. A screen will will appear with a list of the previous Registry backups sorted by date. Using the arrow keys, select the Registry backup you would like to restore and press enter. A known previously working Registry backup will have the word Started next to the date.
- Scanreg will now restore the Registry and check it for errors. When it is done you will receive confirmation and you should now press enter to reboot your computer. If you had booted your computer with a floppy, please remove the floppy first before rebooting.
- Click on Start, then All Programs, then Accessories, then System Tools, and then click on Backup. If you do not see the Backup utility you will need to install it using your XP or 2003 CD.
- When the program launches, if you are not in the wizard, select the Backup Wizard Option.
- When the Wizard opens press the Next button.
- Select "Only back up the System State Data". Keep pressing next until you see Finish.
- Press the Finish button to start the Registry backup.
- When it is completed you will see a report of the backup. You can then press the Close button and then exit the program.
Option 1:
- Click on Start, then All Programs, then Accessories, then System Tools, and then click on Backup. If you do not see the Backup utility you will need to install it using your XP or 2003 CD.
- When the program launches, if you are not in the wizard, select the Backup Wizard Option.
- When the Wizard opens press the Next button.
- This screen will list all the known backups that were done previously. Select the System State backup that you would like restored.
- Press the next button and then the Finish button.
- When it is completed you will see a report of the backup. You can then press the Close button and then exit the program.
Option 2 (Only for XP and 2003):
- Insert your Windows CD into your computer and reboot.
- When it prompts you to "Press Any Key to Boot from CD", press any key.
- When the screen appears that gives you the options to Setup, Repair or Quit, press R on your keyboard to enter repair mode.
- At the next screen select the installation of windows you would like to work on. For most people there will be only one option.
- When prompted enter your administrator password and press enter on your keyboard.
- When you get the prompt, type cd repair to enter the directory where a Registry backups is stored.
- Type the following lines, pressing enter on your keyboard after each line:
copy default c:\windows\system32\config
copy sam c:\windows\system32\config
copy security c:\windows\system32\config
copy software c:\windows\system32\config
copy system c:\windows\system32\config
NOTE: If it prompts you to overwrite the existing files, select Y for yes.
- When you are finished, type exit and press enter.
- Remove your Windows CD and reboot.
Conclusion
Understanding and knowing how to backup the Registry is an important part of keeping your computer secure and running efficiently. It must be stressed that modifying any portion of the Registry should be done with the utmost care as incorrect usage of the Registry could make your computer inoperable.
For Further Reading,
0 comments:
Post a Comment