Windows Registry Basics: De-mystifying the Windows Registry
The Windows Registry is a directory that holds settings and options for Microsoft Windows operating system. It has data and settings for all of the PC’s hardware, operating system software, most non-operating system software, users, and preferences, among other things. This article covers Windows Registry Basics.
Table of Contents
Changes to Control Panel settings, file associations, system policies, and most installed apps get reflected and saved in the registry whenever the user makes them. The registry also acts as a window into the kernel’s operation, exposing runtime data like performance counters and presently active hardware.
Microsoft created the Windows registry to clean up the plethora of per-application INI files to hold Windows application configuration settings. These files tended to be dispersed across the system, making them difficult to locate.
Windows Registry Basics
The following 5 Root Keys make up the Registry:
You can find subkeys in root keys. Subkeys can have their subkeys and at least one value, known as the Default Value. A Hive is a key that contains all of its subkeys and values.
The Registry gets stored on the disks as multiple distinct Hive files in the
system32/config subdirectory. These Hive files get read into memory when Windows starts up or when the user logs on. To learn where the Hives are also physically located, go to:
- REG_SZ: The SZ denotes a string that ends in a zero. It is a variable-length string that can include both Unicode and ANSI characters.
- REG_BINARY: It contains binary data. 0’s and 1’s
- REG_DWORD: This data type is known as a Double Word. It is a 32-bit numeric value that can store any integer between 0 and 232.
- REG_QWORD: This data type is known as a Quadruple Word. It is a numeric value of 64 bits.
- REG_MULTI_SZ: A group of zero-terminated strings allocated to a single value in this data type.
- REG_EXPAND_SZ: A zero-terminated string holding an unexpanded reference to an environment variable, such as %SystemRoot%, is an example of this data type.
Windows Registry Virtualization
Along with File Virtualization, the Registry has been Virtualized with Windows Vista, so it is not bloated like Windows XP. In Windows 7, the same continued.
Virtualization implies that apps aren’t allowed to write to the Windows file system’s System Folders, as well as the registry’s “machine wide keys.” Standard user accounts, on the other hand, are not prevented from installing or executing apps.
The UAC in Windows Vista and later uses the Registry Virtualization Feature to divert attempts to write to subkeys of registry keys.
When an application tries to write to this hive, Vista writes it to a per-user location instead.
It gets done in a non-obtrusive manner. Nobody is aware of what is going on!
That’s Registry Virtualization in a nutshell, and it’s a vital security feature.
In addition, another new technology underlying Windows Vista and later is the Kernel Transaction Manager, which allows the Transactional Registry to function. This option will enable you to do a Registry rollback. However, Registry Editor does not support it. Instead, the feature targets developers who need to use transactional processing to build reliable apps.
Windows Registry Editor
You must be extra cautious because there is no confirmation message or a click OK to save prompt while working with the Registry. Changes you make in the registry get immediately implemented.
Read more about Tips & Features for Windows Registry Editor. Windows 10 v1703 users may utilize the Address Bar to navigate straight to any registry key.
An explicit mention of the HKEY_LOCAL_MACHINE\System\CurrentControlSet registry key is required Because Windows’ startup is so dependent on the hive and its keys a backup of it is kept and may be restored at any time by starting in Safe Mode and choosing Last Known Good Configuration.
How to use Registry Editor to navigate to any Registry key with a single click
You might get tired of manually navigating to various registry keys if you find yourself fiddling with Registry Editor and…