The Windows Registry
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
By Joan Bard
Few things can strike fear into the hearts of even seasoned veterans like the mere mention of the Registry. But with a good understanding of what the registry is and a firm grasp of several helpful registry tools, you'll be well on your way to alleviating those unfounded fears.
First, let's take a look at just what the registry is and what function it provides. In much of Microsoft's documentation, the Microsoft® Windows® Registry is considered a central repository for configuration data. Just what does this mean? Well, I can't think of any better way to put it than by stating that it's simply a database for configuration files. The structure is hierarchical, meaning that configuration data is stored in order—much like a simple outline would be structured. Furthermore, each piece of data is stored in the outline as an order pair—that is, it has an associated name and a value assigned to it. It's very much the way all of your online transactions are conducted. You're assigned an account number (the name), and when you order, you've created a balance (the value).
The Registry serves dozens of innovative purposes, allowing features that were difficult, at best, to implement in previous versions of Windows. It keeps track of the software you install on the computer and how each program relates to the others.
With few exceptions, all 32-bit Windows programs store their configuration data, as well as your preferences, in the Registry, while most 16-bit Windows programs and MS-DOS® programs don't—they favor the outdated INI files (text files that 16-bit Windows use to store configuration data) instead. The Registry contains the computer's hardware configuration, which includes Plug and Play devices with their automatic configurations and legacy devices. It allows the operating system to keep multiple hardware configurations and multiple users with individual preferences. It allows programs to extend the desktop with such items as shortcut menus and property sheets. It supports remote administration via the network. Of course, there's more. But this serves as a good introduction to what the registry does.
Registry Files on Disk: .dat
Windows stores the entire contents of the Registry in two files: System.dat and User.dat. These are binary files that you can't view using a text editor, as you can with INI files. Windows also turns on the read-only, system, and hidden attributes of System.dat and User.dat so you won't accidentally replace, change, or delete them. System.dat contains computer-specific configuration data, and User.dat contains user-specific data.
Take a look—both files are in C:\Windows. You must show hidden and system files in order to see them. To do this from Windows Explorer, choose View, then Folder Options and then choose Show All Files on the View tab. The location of User.dat is different on a computer that has user profiles enabled. When you enable user profiles, Windows creates a new system folder called C:\Windows\Profiles, under which you'll find a folder for each user who logs on to the machine. Each user's profile folder contains an individual copy of User.dat (and many other files and folders). You'll still find a User.dat file in C:\Windows, which Windows uses as the default for new users. Just remember that you'll see C:\Windows\Profiles\Name for each user who logs on to that computer.
Profiles enable multiple users to log on to a single computer with their own familiar settings in place (Start menu, desktop, and so on). You enable profiles using the Enable Multiusers Settings Wizard, which you access by opening Users in Control Panel. Alternatively, you can open the Passwords icon in the Control Panel and use the Passwords Properties dialog box.
Another file, Config.pol, affects the settings that you see in the Registry, but it's not actually part of the Registry. Unlike System.dat and User.dat, Config.pol is an optional part of the Windows configuration. Open a policy template in the System Policy editor, choose the settings that you want to enforce, save the results to Config.pol, and place this file on the network. When a user logs on to a Windows computer, the operating system applies any settings it finds in Config.pol to the user's Registry. There's little a user can do to circumvent the settings you put in this file, as long as he or she logs on to the network, so it's a good way to enforce restrictions throughout the network.
The following list summarizes the files that comprise the Registry:
User.dat—The following methods describe how Windows determines the folder from which it loads User.dat:
C:\Windows—Windows always loads User.dat into the Registry from this folder and uses it for the default user, even if profiles are enabled. This means that the operating system loads two different User.dat files simultaneously if you use profiles.
C:\Windows\Profiles\Name—Windows loads User.dat from this folder if profiles are enabled and the operating system doesn't find a more recent User.dat file in the user's network home folder.
\\Server\Home or \\Server\Mailfolder—Windows loads User.dat from the network server if the user has a home folder and a profile in it that's more current than the files in C:\Windows\Profiles\Name.
System.dat—For the most part, Windows usually loads System.dat from C:\Windows. If you're using a diskless workstation, the operating system might load System.dat from the network, but this situation is extremely rare.
Config.pol—Windows loads Config.pol from two different places, depending on which network server is designated as the primary network logon:
the Client for Microsoft Networks looks for Config.pol in \\Server\Netlogon, and
the Client for NetWare Networks looks for Config.pol in SYS:PUBLIC.
Two files that existed in Windows 95 are not part of Windows 98. System.da0 and User.da0 were backup copies of the Registry that Windows 95 made every time the operating system started successfully. Since Windows 98 uses Registry Checker to make backup copies in CAB files, these DA0 files are no longer necessary.
The following Registry terminology will come in handy:
Registry—Physically, the Registry is the two files System.dat and User.dat. Logically, the Registry is the configuration data that you see in the Registry Editor.
Registry Editor—The program you use to edit the Registry. It shows the Registry as a single unit, even though Windows stores the Registry in two files.
HKEY—Windows divides the Registry into six sections called HKEY_Name. Programmers know that HKEY means handle to a key. Another name for these is root key. In an outline, these six sections are the very top levels.
Key—Similar to a folder in Windows Explorer. It can contain additional folders and one or more values. Think of a key as sections within an outline.
Subkey—A child that appears under another key (the parent). This concept is similar to folders and subfolders in Windows Explorer. Subkeys are similar to subsections in an outline.
Branch—Represents a particular subkey and everything it contains. A branch can start at the very top of the Registry, but it usually describes a key and all of its contents. In an outline, a branch is a section and everything that appears below it.
Value entry—An order pair with a name and a value. Value entries are analogous to files in Windows Explorer.
Default value—Every key has a default value that may or may not contain data. The default value in each key is called [Default] in the Registry Editor.
Now that you know which files the Registry contains, let's take a look at some of the tools you can use to manipulate it.
Your Choice of Registry Tools
You use a variety of tools to work with the Registry. Some types of tools are required, and others are just niceties. A registry editor is a must-have. You use it to change values in the Registry. You can use the Registry Editor that comes with Windows, or you can use a third-party registry editor such as the Norton Registry Editor or the ShellWizard Registry Editor.
Tools of the non-required variety include customization utilities and troubleshooting tools. Customization utilities are programs that help you make changes to the Registry via a well-defined user interface, which typically uses check boxes to enable or disable options. There are also dozens of other programs.
Troubleshooting tools include programs that help you fix the Registry after it gets messed up. These include programs such as Norton WinDoctor, which fixes a whole host of common Registry problems, and REGCLEAN, which fixes problems specific to several Microsoft products.
A huge variety of Registry tools are available. The ones I've listed below, while not all-inclusive, are some of the more important ones that you'll want to include in your toolbox.
ConfigSafe—Has a good reputation. It locks your configuration in a safe place so that you can restore any portion of it if things go wrong.
Norton Utilities—Comes with two really great Registry programs: Norton Registry Editor and Norton WinDoctor. It also has one average program called Norton Registry Tracker.
Registry Monitor—Enables you to watch what's going on in the Registry in real time. In other words, you can observe changes to the Registry as they occur. The best part is that Registry Monitor is free.
Registry Checker—Comes with Windows 98. It's the best program to use for automatically backing up and restoring the Registry and for fixing the most common problems with the Registry.
Often, the best tools for the job aren't programs at all; they're scripts, INF files, and REG files. You use these files to specify changes to the Registry. When you run, install, or import these files, the operating system implements the changes that you describe in the file. These are particularly hard-working tools for administrators because they enable you to distribute changes to users across the network.
The Registry Editor comes with Windows. This program enables you to make the usual types of changes—you can add and remove keys and values, change values, or export entire branches of the Registry to a REG file and then import that REG file later.
The Registry Editor is powerful enough to tackle most jobs and it's relatively bug-free, but it lacks the advanced features that power users require. My biggest problem with the Registry Editor is that opening the Registry to the same key repeatedly is inconvenient. You must navigate to that same location by opening each parent key and click, click, click, until you finally reach the target. Other Registry Editors, such as Norton Registry Editor, solve this problem by enabling you to bookmark keys and then return to them by choosing the name from a menu. Other features that are missing include the capability to undo changes you make, to search and replace values, to make shortcuts to branches within the Registry, and to back up the Registry from within the editor. The Norton Registry Editor includes all of these capabilities.
If you intend to become a certified Registry guru, you must have Norton Utilities. It fills all the voids left by the Registry tools that come with Windows. You read about Norton Registry Editor in the preceding section and now know that it provides all the advanced features that a guru-in-training needs. It also contains a few other Registry programs that make the entire suite megabyte-worthy. Norton Rescue helps you start the computer in the event of system failure. It can even help you recover from startup problems that are caused by Registry errors. Registry Tracker isn't the sharpest program in the suite, but it does help you track changes to the Registry. Other programs, such as ConfigSafe, are better at this task. One of the most useful programs in the Norton suite is Norton WinDoctor, which helps you fix a host of Registry problems, including orphans. Finally, Norton Optimization Wizard helps you optimize the Registry, both logically and physically, with the aim of improving your computer's performance.
You can purchase Norton Utilities from any computer retailer. You can even get it from most consumer electronics stores, such as Best Buy and Circuit City. If you want more immediate gratification, download an evaluation copy http://www.symantec.com/ or order a copy http://www.software.net/.
Registry Monitor is a freeware program that you can use to monitor changes to the Registry as they occur. It gives you insight into how the operating system and other programs use the Registry. You can monitor Windows Explorer's Registry access as you open the Folder Options dialog box to see where the program stores each option in the Registry. If you're curious about the changes that a setup program makes to the Registry, monitor the setup program and filter Registry Monitor's output so that it displays only changes.
Registry Checker comes with Windows 98. Finally, Microsoft ships a useful Registry program with the operating system! This program fulfills the following purposes:
Backs up and restores the Registry
Scans and fixes a variety of Registry errors
Optimizes unused space in the Registry
The best part about Registry Checker is that it largely does its own thing. Windows 98 starts Registry Checker every time you boot the operating system. Registry Checker then backs up the Registry to CAB files (compressed archive files) that you find in C:\Windows\Sysbckup. It also scans the Registry for errors. If it finds any, Windows 98 restarts the computer in MS-DOS mode and runs Registry Checker to restore a good backup copy of the Registry automatically or to fix those errors.
ConfigSafe periodically makes a backup copy of your configuration. Each backup is called a snapshot and each snapshot contains any portion of your configuration that you specify. You can compare any two snapshots, and ConfigSafe neatly displays the differences. Did you install a program on Wednesday? Compare snapshots taken on Tuesday and Thursday to figure out what changed. You can also compare any snapshot to your current configuration. If you find a change that doesn't sit well with you or if your computer isn't working correctly, compare your current configuration to the most recent snapshot and restore the original settings to fix the problem.
ConfigSafe isn't a substitute for Registry Checker, and vice versa. ConfigSafe is more like a version control system for your configuration, enabling you to undo individual changes to your configuration. Registry Checker can restore an entire backup of the Registry but not individual settings. ConfigSafe can't repair a broken Registry, but Registry Checker can fix common problems.
REGCLEAN is a freeware utility from Microsoft that repairs a number of problems that are common to Microsoft products. This utility isn't nearly as useful as Norton WinDoctor, but it serves the needs of many users.
The one customization utility you need to install is Microsoft Tweak UI. Microsoft developers built this tool to help users run the most popular customizations without actually having to edit the Registry. This program didn't come with Windows 95; instead, you had to download it from the Internet. Now, however, it is included with Windows 98.
Microsoft Windows 98 Resource Kit
The Microsoft Windows 98 Resource Kit, published by Microsoft, comes with three MS-DOS Registry utilities that aren't available on the Windows 98 CD-ROM. Look in \Reskit\Registry. The Microsoft Windows 95 Resource Kit, also published by Microsoft, provides similar utilities.
Compreg.exe enables you to compare branches from two different Registries and list the differences. For example, you can compare a branch in the local Registry to the same branch in a remote Registry, and you can locate differences that might help you solve a problem. Reg.exe provides a plethora of functions in a neatly wrapped MS-DOS program. You can query, add, update, delete, copy, save, back up, restore, load, and unload keys and values. Srchreg.exe enables you to search for keys, value names, and value data in the Registry. It displays each item it finds, but it doesn't allow you to replace values.
Other Files and Programs
There are literally dozens of shareware Registry programs you can use to edit, customize, and troubleshoot the Registry. Some of them are terrific programs, but others aren't worth the money the author is asking. One good example of a shareware Registry program is ShellWizard's Registry Editor. If you don't already own Norton Utilities, ShellWizard's editor is close competition for Norton's Registry Editor. It has most of the same features and then some. (For example, you can record notes for each Registry key.) I prefer Norton Registry Editor because ShellWizard's editor is a bit buggy, but if you don't already have the utilities, ShellWizard's Registry Editor is a good alternative.
One shareware Registry program deserves special mention for administrators. It's called Multi-Remote Registry Change, and it doesn't get enough notice, which is too bad. This is a great product that enables an administrator to change a Registry value across any number of computers on the network. You can't beat convenience like this when you need a quick fix.
So there you have it. You've been given a brief overview of the Windows Registry—what its function is and what files the Registry contains. And you've been given some important tools to include in your troubleshooting arsenal. With a little more understanding of the files included in your registry, you'll be well on your way to solving any Windows Registry problems that may occur on your own system or on network clients.
Joan Bard has been a developmental programmer for the past 13 years. During that time, she has spent many hours pursuing the art of Zen and PC maintenance. She holds degrees in computer science and in business administration from the University of Louisville.
The above article is courtesy of TechRepublic http://www.techrepublic.com.
We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages. All prices for products mentioned in this document are subject to change without notice.