WINDOWSXP RE6ISTRY EDITOR TUTORIAL

BROUGHT TO YOU BY: CHIDDARTHAN

CONTENTS AT A GLANCE ~~~~~~~~~~~~~~~~~~

~ INTRODUCTION .4

~ WHAT IS REGISTRY? 4

~ OPENING REGISTRY 5

~ CREATING SHORTCUT 6

~ STRUCTURE 6

~ (.REG) FILES 9

~ MODIFY REGISTRY 11

~ IMPORTING AND EXPORTING 13

~ DELETE KEYS OR VALUES 14

~ PRINTING THE REGISTRY 15

~ REGEDIT COMMAND LINE OPTION 16

~ BACKUP AND RECOVERY 17

~ CLEAN REGISTRY 18

~ CONCLUSION 19

INTRODUCTION

The registry is the heart and soul of Microsoft Windows XP. The registry contains the configuration data that makes the operating system work. The registry enables developers to organize configuration data in ways that are impossible with other mechanisms, such as INI files. It's behind just about every feature in Windows XP that you think is cool. More importantly, it enables you to customize Windows XP in ways you can't through the user interface. Windows XP and every application that runs on Microsoft's latest desktop operating system do absolutely nothing without consulting the registry first. When you double-click a file, Windows XP Consults the registry to figure out what to do with it. When you install a device, Windows XP assigns resources to the device based on information in the registry and then stores the device's configuration in the registry. When you run an application such as Microsoft Word 2002, the application looks up your preferences in the registry. If you were to monitor the registry during a normal session, you'd see the registry serves up thousands of values within minutes. In this book, you will learn how to customize the registry, but you must also learn how to take care of the registry. You must learn how to back up the registry so you can restore it if things go awry. You must also learn the best practices for editing the registry safely.

The registry isn't just a hacker's dream, though. The registry is an invaluable tool for the IT

Professional deploying, managing, and supporting Windows XP. Did you know that most policies in Group Policy and system policies are really settings in the registry? Does that give you any ideas? Did you know that scripting registry edits is one of the best ways to deploy settings to users? This

book teaches you about STRUCTURE OF Registry Editor, creating (.reg) files, editing Registry Keys and Value, etc .....

WHAT IS REGISTRY?

The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the Pc. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.

The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT /2000 the files are contained separately in the %SystemRoot%\System32\Config directory. You cannot edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article).

OPENING REGISTRY:

For Editing Registry first Registry Editor should be opened. Every Windows XP defaultly instal this programm.Registry Editor can be Opened in many way .

reg edit

• :. My Computer ---------- System Drive( c:\) ---------- Windows Directory -------- regedit

.:. Start ---------- Run ---------- regedit

File Edit View Favorites Help

!t:' Registry Editor ~1Ql[g]

El ~ My Computer

~"e! HKEY _CLASSES_ROOT

m~

m'lD HKEY _LOCAL_MACHINE m'lD HKEY _USERS

m'lD HKEY _CURRENT _ CONFIG

HKEY _CURRENT _USER

I Type

I Data

Name

§'] (Default)

REG_SZ

(value not set)

My Computer\HKEY _CURRENT _USER

( REGISTORY EDITOR =:

CREATING SHORTCUT:

This can be done by simply right-clicking on a blank area of your desktop, selecting New, then Shortcut, then in the Command line box enter "regedit.exe" and click Next, enter a friendly name (e.g. 'Registry Editor') then click Finish and now you can double click on the new icon to launch the Registry Editor.

ILr_eg_e_dit_.e_x_e ____JI [ Browse ...

This wizard helps you to create shortcuts to local or network programs, files, folders, computers, or Internet addresses,

Type the location of the item:

Click Next to continue,

< Back [Dext >:Jl [ Cancel

( DIRl.JOG BOX TO CRERTE SHORTCUT J

STRUCTURE:

The Registry has a hierarchal structure; although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.

El"'~ My Computer Each main branch (denoted by a folder icon in the

$ ... 1Ej HKEY _CLASSES_ROOT Registry Editor, see left) is called a Hive, and 8"'~ HKEY _CURRENT _USER Hives contains Keys. Each key can contain other

$ Ifj AppEvents keys (sometimes referred to as sub-keys), as well

i ·~ Console as Values. The values contain the actual

8"'~ Control Panel . £ . d i h . h hr III ormation store III t e Registry. T ere are t ee

8 .. ·10 1"".1-'~)CClI

L .... ~ types of values; String, Binary, and DWORD - the

'--- _____::=== _ ____J use of these depends upon the context.

There are six main branches of Keys, each containing a specific portion of the information stored in the Registry. They are as follows:

• HKEY CLASSES ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface.

• HKEY CURRENT USER - This branch links to the section of

HKEY _USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings.

• HKEY LOCAL MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC; this information is used for all users who log onto this computer.

• HKEY USERS - This branch contains individual preferences for each user of the computer; each user is represented by a SID sub-key located under the main branch.

• HKEY CURRENT CONFIG - This branch links to the section of HKEY _ LOCAL _MACHINE appropriate for the current hardware configuration.

• HKEY DYN DATA - This branch points to the part of

HKEY _LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dynamic and will change as devices are added and removed from the system.

Each registry value is stored as one offive main data types:

• REG BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.

• REG DWORD - This type represents the data by a four byte number and is commonly used for Boolean values, such as "0" is disabled and" 1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format or in REGEDIT in hexadecimal and decimal format.

• REG EXPAND SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)

• REG MULTI SZ - This type is a multiple string used to represent values that contain lists or multiple values; each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)

• REG SZ - This type is a standard string, used to represent human readable text values.

Other data types not available through the standard registry editors include:

•

REG DWORD LITTLE END IAN - A 32-bit number in little-endian format.

REG DWORD BIG ENDIAN - A 32-bit number in big-endian format. REG LINK - A Unicode symbolic link. Used internally; applications should not use this type.

REG NONE - No defined value type. REG QWORD - A 64-bit number.

REG QWORD LITTLE END IAN - A 64-bit number in little-endian format.

REG RESOURCE LIST - A device-driver resource list.

•

•

•

•

•

•

Different types of Values:

List of Registry \faille TYlles
0 REG NONE Notype
1 REG SZ A string value
2 REG EXPAND SZ An "expandable" string value that can contain environment variables
- -
3 REG BINARY Binary data (any arbitrary data)
4 REG DWORD/REG DWORD LlTILE ENDIAN A DWORD value, a 32-bit unsiqnsd inteqer (numbers between 0 and 4,294,957,295 [232
- - - - - 1]) (Iittle-endian)
5 REG DWORD BIG ENDIAN A DWORD value, a 32-bit unsiqnsd inteqer (numbers between 0 and 4,294,957,295 [232
- -- - 1]) (big-endian)
5 REG LINK symbolic link (UNICODE)
7 REG MULTI SZ A multi-string value, which is an array of unique strings
- -
8 REG RESOURCE LIST Resource list
- -
9 REG FULL RESOURCE DESCRIPTOR Resource descriptor
- - -
10 REG RESOURCE REQUIREMENTS LIST Resource Requirements List
- - -
11 REG QWORD!REG QWORD LlTILE END IAN A QWORD value, a 54-bit integer (either big- or little-endian, or unspecified) (Introduced
- - - - in Windows 2000) (.REG) FILES:

Extension of Registory Editor Files are (.reg).These files can br created by Notepad and should be saved wit extensiin .reg.

Genrel Syantax:

[<Hive Name>\<Key Name>\<Subkey Name>] "Value Name"=<Value type>:<Value data>

Example:

-------------------------------------------------------------"

r! Example File - Notepad ~(Q]1Rl

~

.. lr .:

~ ...

File Edit Format View Help

pEGEDIT4

; All users:

[HKEY_USERS\.DEFAuLT\control panel\Keyboard] "InitialKeyboardlndicators"="O"

; Current user onl<:

[HKEY_CURRENT_USER control panel\Keyboard] "InitialKeyboardlndicators"="O"

The above Notepad file is saved with .reg extension file.Ifthis file is DoubleClicked following dialog box appears:

Regist ry E dite r ~

[C Yes ]] [ No

Are you sure you want to add the information in c: \Documents and Settings\Ravenclaw\Desktop\Example File. reg to the registry?

If "Yes" is clicked the following Dialog box appears:

Reeist ry E dite r ~

OK

Information in c: \Documents and Settings\Ravenclaw\Desktop\Example File, reg has been successfully entered into the registry,

MODIFY REGISTRY:

Once you have started the Regedit you will notice that on the left side there is a tree with folders and on the right the contents (values) of the currently selected folder. Like Windows explorer, to expand a certain branch (see the structure of the registry section), click on the plus sign [+] to the left of any folder, or just doubleclick on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side,

• NEWKEYOR VALUE:

You can add a new key or value by selecting New from the Edit menu, or by rightclicking your mouse,

• RENAME:

And you can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard,

• DELETE:

You can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete,

Delete Rename

Del

Key

String Value

Binary Value

DWORD Value Multi-String Value Expandable String Value

HKEY _CURRENT _CONFIG

[ REGISTORV EDITOR SHOWInG EDIT menu J

1(;" Registry Editor ~[gJ~
File Edit View Favorites Help
El ~ My Computer Name I Type I Data I
1±J.1CJ HKEY _CLASSES_ROOT =It) REG_52 (value not set)
EJ·lCJ HKEY _CURRENT _USER nor 0' AND_52 %USERPROFILE%\LocaISettings\Temp
l±J·eJ AppE vents ~ Modify AND_52 %USERPROFILE%\LocaISettings\Temp
:····e Console ModiFy Binary Data
tB··e Control Panel
: .... ~ Environment Delete
tB·~ Identities Rename
I±J.~ Keyboard Layout
I±J.~ Printers
,. ... ~ SessionInFormation
$'~ SoFtware
: .... ~ UNICODE Program Groups
: .... ~ Volatile Environment
tB··e! Windows 3.1 Migration Stat
I±J'~ HKEY _LOCAL_MACHINE
I±J'~ HKEY _USERS
tB"e HKEY _CURRENT _CONFIG
E1Ii 1111 ~ ID
My Computer\HKEY _CURRENT _USER\Environment -- [ REGISTORV EDITOR SHOWInG POPUP menu J

Note: It is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It's much better to be safe than sorry!

IMPORTING AND EXPORTING

A great feature of the Registry Editor is its ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings.

Export ...

REG_EXPAND _SZ REG_EXPAND _SZ

%USERPROFILE%\Local Settings\Temp %USERPROFILE%\Local Settings\Temp

Load Hive", Unload Hive, , ,

Connect Network Registry, , , Disconnect Network Registry, , ,

Print",

Ctrl+P

Exit

SoFtware

UNICODE Program Groups Volatile Environment Windows 3,1 Migration HKEY _LOCAL_MACHINE

, HKEY _CURRENT _CONFIG

( REG:STRY EO:TOR SHOUJ:nG :mpORT 8- EXPORT OPT:On )

You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File ... ", choose a filename and save.

If you open this file in notepad you will see a file similar to the example below:

The layout is quite simple, REGEDIT4 indicated the file type and version, [HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values are from, "SetupType"=dword: 00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary.

So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry.

DELETE KEYS OR VALUES BY NOTEPAD

It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the

[HKEY _LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this?

The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like:

REGEDIT4

[HKEY _LOCAL _ MACHINE\S YS TEM\Setup] "SetupType"=-

Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first.

PRINTING THE REGISTRY

Printing a registry hive or key is possible in the Registry Editor. As mentioned previously, printing an entire registry is not a swell idea you'd have to make a major investment in paper and printer supplies. Typically, a registry would require thousands of pages to print. Printing sections of a registry hive can be very useful if a paper record is needed, or if you need something to take to a meeting, or if you want to jot down some quick notes. The limit of a printed registry hive or key is that searching it might be difficult. Printing is easily done if you select the hive or sub key to print, and then select File ~ Print from the Registry Editor's main menu. The Print dialog box, allows you to edit the branch to be printed (with the currently selected object as the default). The results of printing a registry report are almost identical to exporting, with the exception that a printed report lacks the initial header line that's found in an exported registry file.

It Print L1J~

General I
r: S elect Printer

~, '~I
Add Printer PDFConverter
Status: Ready D Print to file [ Preferences ]
Location:
Comment: eD oc Printer [ Find Printer. .. J

,... Print range

o All
® Selected branch
I H KEY _ CU R R E N T _US E R \E nvironment I



[[ Print I] [ Cancel l I Apply I
1- PRuI. 1-'p'II-.n L ,II I I I_I I II_I' I

"IR' 1-11-::;' BI-'" -I 1-11 L.J I_I 1..:- I_I" J

REGEDIT COMMAND LINE OPTION

The registry can be manipulated in a number of ways from the command line. The reg.exe utility tool is included in Windows XP and Windows Vista and can be downloaded separately for previous versions. Alternative locations include the Resource Kit CDs or the original Installation CD of Windows.

Also, a .REG file can be imported from the command line with the following command:

The Is means the file will be silent merged to the Registry. If the Is parameter is omitted the user will be asked to confirm the operation. In Windows 98, Windows 95 and at least some configurations of Windows XP the Is switch also causes regedit.exe to ignore the setting in the registry that allows administrators to disable it. When using the Is switch Regedit does not return an appropriate return code if the operation fails, unlike reg.exe which does. This makes it hard to script (in a batch file), however a possible workaround is to add the following lines into the batch file.

The default association for .REG files in many versions of Microsoft Windows, starting with Windows 98, does require the user to confirm the merging to avoid a user mistake.

Other command line options include a VBScript or JScript together with CScript, WMI or WMIC.exe and Windows PowerShell.

Registry permissions can be manipulated through the command line using the SubInACL.exe tool. The permissions on the

HKEY _LOCAL _ MACHINE\SOFTW ARE key can be displayed using:

To set the owner of the key HKEY_LOCAL_MACHINE\SOFTWARE and all of its sub keys to Administrator:

To grant full access rights to the HKEY _LOCAL _ MACHINE\SOFTW ARE key to Administrator:

BACKUP AND RECOVERY

Windows supports several methods to back up and restore the registry:

.:. Windows NT -based operating systems automatically create a backup of each hive (.BAK) in the %Windir%\System32\config folder. Any file can be restored from the Recovery Console .

• :. System Restore can back up the registry and restore it as long as Windows is bootable, or from the Windows Recovery Environment starting with Windows Vista .

• :. NTBackup can back up the registry as part of the System State and restore it.

.:. On Windows NT -based systems, the Last Known Good Configuration option in startup menu relinks the HKLM\SYSTEM\CurrentControlSet key, which stores hardware and device driver information .

• :. Windows 98 and Windows Me include command line (Scanreg.exe) and GUI (Scanregw.exe) registry checker tools to check and fix the integrity of the registry, create up to five automatic regular backups by default and restore them manually or whenever corruption is detected. The registry checker tool backs up the registry, by default, to

% Windir%\Sysbckup Scanreg.exe can also run from MS-DOS .

• :. The Windows 95 CD-ROM included an Emergency Recovery Utility (ERU.exe) and a Configuration Backup Tool (Cfgback.exe) to back up and restore the registry.

CLEAN REGISTRY:

Although it's possible to manually go through the Registry and delete unwanted entries, Microsoft provides a tool to automate the process, the program is called RegClean. RegClean analyzes Windows Registry keys stored in a common location in the Windows Registry. It finds keys that contain erroneous values; it removes them from the Windows Registry after having recording those entries in the Undo.Reg file. This makes your computer to function more efficiently and fastly. The other Software to maintain Registry properly is CCleaner. These two Softwares can be freely downloaded from my Website xboss.co.cc

y CCleaner y RegClean

y Registry Mechanic

Recommended Software:

[ REGISTRY mECHRnlC (SOFTUJRRE] ]

~ Registry Integrity

~ Missing Shared DLLs

~ Unused File Extensions ~ ActiveX and Class Issues ~ Type Libraries

~ Applications

~Fonts

~ Application Paths ~Help Files

o Installer

~ Obsolete Software ~ Run At Startup

~ Start Menu Ordering ~MUI Cache

~ Problem I Data I Registry Key

rue =111$ : = : m rn

CONCLUSION:

( CCL.ERnER 50FTUJRRE =:

Many people think that working with Registry may cause them many critical problems. But that is somewhat true but not fully. Taking risks makes your life energetic and creative. Those who fear to take risk will never ever invent anything. But person who loves to take risk will invent many things. Working with registry editor is somewhat similar to that. If you are careful and practiced you will not face any problems. Working with registry shows you many ideas about working of windows. You can also customize your windows to the core. There are many tweaks in registry which makes your windows efficient, faster, stylish, smoother, etc .... So work with registry and invent many things. There are many tweaks available in my website. You can also share your new invention with me through my website xboss.co.cc.