Understanding the Windows
2003 Registry
WARNING! Any changes you make to the registry using Registry Editor are permanent,
there is no “undo” button, so be very careful what you do.
Below is a screenshot showing the structure of
the registry, which is made up of five sub trees.
To open the Registry Editor, click Start > Run…
and type “regedit.exe ”.
Setting Permissions
You can set permissions on specific sub trees or
keys so that users or applications will be allowed or not allowed access. By
default, users are allowed read access while administrators are allowed
read/write access on most keys.
To set permissions, open regedit.exe, right
click a key and select “Permissions…”. This will bring up the ACL list for that
key and allow you to edit permissions as you would normally do on an NTFS file
or folder.
The Five SubTrees of the
Registry
The following five sections of the registry
contain a logical grouping of registry information called SubTrees.
These are the five main sections of the registry and they each hold a
set of sub keys. When making changes, you will most likely do most of
the work in the _MACHINE and _USER subtrees.
SUBTREE
DESCRIPTION
HKEY_CLASSES_ROOT
The HKEY_CLASSES_ROOT subtree contains data that associates
file types with applications and configuration for COM
objects.
HKEY_LOCAL_USER
Also known to have the common abbreviation HKCU, the
HKEY_LOCAL_USER subtree contains settings and preferences
for the user currently logged on to the system. These
settings are dynamic and unique to each user.
HKEY_LOCAL_MACHINE
Also known to have the common abbreviation HKLM, the
HKEY_LOCAL_MACHINE subtree contains information about the
hardware currently installed, and the settings for systems
running on the machine. These are normally static for all
users until a change is made.
HKEY_USERS
This subtree simply contains a pointer to HKEY_LOCAL_USER
and the DEFAULT user profile (a template used when assigning
a profile to new users).
HKEY_CURRENT_CONFIG
This subtree stores configuration data for the current
hardware profile and points to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware
Profiles
Data Types defined by
the Registry
On the right hand side of the Registry
Editor, you will notice various data types and their values.
DATA TYPE
DESCRIPTION
REG_SZ A
simple string value. Would usually contain a URL, Path, or
port number for example.
REG_BINARY
Raw binary data represented in hexadecimal format.
REG_DWORD
Another type of REG_BINARY but this one is 4 bytes long.
REG_MULTI_SZ A
character string of variable size that allows you to enter a
number of parameters in this single value entry.
REG_EXPAND_SZ
This is a character string of variable size that can contain
dynamic information which will change at startup (such as
%username% which is of a different size for every name)
Remote Registry
Configuration
Regedit.exe allows you to remotely
configure another machine’s registry quickly and easily. All you need is
the right permissions (Administrator permissions) to do so.
TIP: Make sure that a group policy isn’t in
place that disallows remote registry connections.
Open regedit.exe and from the File menu
select “Connect Network Registry…”. Type the computer name, or press
[Advanced…] and search for one, and press OK. After entering the correct
credentials, the registry of the remote machine is loaded into the
console, as if it was that of the local machine.
Once you’re done making changes simply
select “Disconnect Network Registry…” from the file menu and regedit.exe
will break the connection.
Once again, remember that any changes
you make will be reflected on the remote machine immediately, or in some
cases after the next restart.
When you connect to a registry remotely,
you will only be able to edit the HKEY_LOCAL_MACHINE and HKEY_USERS
keys. In this example I have, from
a local machine, connected to another server called ZTABONA and am able
to make the necessary changes to the above mentioned keys.
Backing up and
Restoring the Registry
There are three methods of backing up the
registry – or portions of it - in Windows 2003. You can backup/restore
the entire Registry using the Windows Backup utility, import/export
certain subtrees or keys from regedit.exe, or use a little tool called
reg.exe from the command line. These are explained in more detail below.
Backup and
Restore Utility (or Wizard)
From the Start menu, navigate to Programs >
Accessories > System Tools and open Backup – this will start the Backup and
Restore Wizard or go straight to the Backup and Restore utility (depending
on your previously chosen settings).
From the Backup tab, expand My Computer and
select the System State check box.
Note: On a domain controller, backing up the
System State will also backup Active Directory, Boot Files,
Certificate Server (if installed), COM object class registries, and
SYSVOL, apart from the full Registry.
Browse for a location to which the
backup file should be placed (ideally removable storage or another
partition) and click Start Backup. A new dialog box will appear showing
the status of the backup procedure. When backup is complete, press OK
and close.
To restore a backup file, go to the
Restore and Manage Media tab and select Tools > Catalog a backup file.
Browse to the location of the backup file and select it. Choose what you
want to restore (in this case it is the entire System State) and press
the Start Restore button.
Importing/Exporting Registry Files
When you export a section of the registry,
it is saved as a .reg file which, when executed, will add its values
back to the registry. This is commonly used when a software vendor needs
a client to enable “debug mode”, for example.
To export a registry file, select the
desired key from the left pane in regedit.exe, right click and choose
Export. Select where you want the .reg file to be saved, and press Save.
Once the file has been exported, you can edit it using Notepad.exe or
any text editor.
An example of a .reg file:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control
Panel\Accessibility\MouseKeys]
To import a reg file, simply double
click it to bring up the dialog and press Yes. The information will then
be added to the registry.
Only import information to the registry if
you know exactly what the key contains.
Note: You can also import/export a registry file
using the command line tool reg.exe.
Using the
Command Line
Using reg.exe you can backup and restore
portions of the registry with a few simple commands. This tool will
allow you to backup one subtree at a time - while the system is running.
For the purpose of this explanation I will
demonstrate the uses of REG SAVE and REG RESTORE.
REG save
Use the REG save command to save root
keys for future restoration. The syntax for this command is:
reg save <root_subtree> <save_location>
In my example, using the above syntax I
have saved the HKEY_CLASSES_ROOT, HKEY_CLASSES_CONFIG and
HKEY_CLASSES_USER subtrees, as seen below.
REG restore
Using the reg restore command you can
restore keys you previously saved using the reg save command. Using my
example, if I wanted to restore HKEY_CLASSES_ROOT I would run the
following command at the command prompt:
Reg restore hkcr c:\regbackup\hkcr
And so on and so forth for the other
keys.
