Editing the Registry on Windows 10
Windows 10 stores hardware and software settings centrally in a hierarchical database called the Registry, Which replaces many of the .ini, .sys. and .com Configuration files used in earlier versions of Windows. The Registry controls the Windows. 10 operating system by providing the appropriate initialization information to boot Windows 10, to start applications, and to load components such as device drivers and network protocols.
Most users of Winndows 10 never need to access the Registry. However. management of the Registry is an important part of the system administrator’s job, and includes viewing, editing, backing up, and restoring the Registry. You use Registry Editor to view and change the Registry configuration.
What Is the Registry on Windows 10?
The Registry is a hierarchical database that contains a variety of different types of data, including descriptions of the following:
The hardware installed on the computer, including the central processing unit (CPU), bus type, pointing device or mouse, and keyboard.
Installed device drivers. Installed applications.
Installed network protocols.
Network adapter card settings. Examples include the interrupt request (IRQ) number, memory base address, I/O port base address, I/O channel. ready, and transceiver type.
The Registry structure provides a secure set of records. The data in the Registry is read, updated, or modified by many of the Windows 10 components.
Windows 10 kernel During startup, the windows 10 kernel (NTOSKRNLEXE) reads information from the Registry, including the device drivers to load and the order in which they should be loaded. The kernel writes information about itself to the Registry, such as the version number.
Device drivers receive configuration parameters from the Registry. They also write information to the Registry. A device driver informs the Registry which system resources it is using, such as hardware interrupts or direct memory access (DMA) channels. Device drivers also report discovered configuration data.
User Profiles, Windows 10 creates and maintains user work environment settings in a user profile. When a user logs on, the system caches the profile in the Registry. Windows 10 first writes user configuration changes to the Registry and then to the user profile.
Setup programs, During setup of a hardware device or application, a setup program can add new configuration data to the Registry. It can also query the Registry to determine whether required components have been installed.
Hardware profiles, Computers with two or more hardware configurations use hardware profiles. When Windows 10 starts, the user selects a hardware profile, and Windows 10 configures the system accordingly.
N'IDETECTCOM , During system stanup, NTDETECT.COM performs hardware detection. This dynamic hardware configuration data is stored in the Registry.
How To Back Up Your Registry Database on Windows 10
To access the registry editor in Windows 10, type regedit in the Cortana search bar. Right click on the regedit option and choose, Open as administrator or press on the Windows key + R key and write
regedit and press Ok.Click on File --> Export. Type a file name and save the Registry file
regedit and press Ok.Click on File --> Export. Type a file name and save the Registry file
How To Edit The Registry on Windows 10
With the Registry Editor, you can make changes to your current registry file.open the Registry Editor by typing in Regedit in the Cortana search bar and agreeing to the UAC dialog box or press Windows key + R key . Click the + sign next to the HKEY_CURRENT_USER, then click on Software à Microsoft à Internet Explorer. right click on Main and choose Export then save the file to your computer. Finally, right click on the file, choose "open with" and select Notepad.
The Hierarchical Structure of the Registry
The Registry is organized in a hierarchical structure similar to the hierarchical structfure of folders and files on a disk.
A subtree (or subtree key) is analogous to the root folder of a disk. The Win. dows XP Professional Registry has two subtrees: HKEY_LOCAL_MACHINE and HKEY_USERS. However, to make the information in the Registry easier to find and view, there are five predefined subtrees that can be seen in the editor: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT__CONFIG
Keys, which are analogous to folders and subfolders, correspond to hardware or software objects and groups of objects. Subkeys are keys within higher-level keys.
Entries, keys contain one or more entries. An entry has three parts: name, data type, and value (data or configuration parameter).
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding Registry file and .log file located in %systemroot%System32Config. Windows 10 uses the .log file to record changes and ensuxe the integrity of the Registry.
Data Types,Each entry’s value is expressed as one of these data types:
REG_SZ (String value). One value; Windows 10 interprets it as a string to store.
REG_BINARY(Binary value). One value; it must be a string of hexadecimal digits. Windows 10 l interprets each pair as a byte value.
REG_DWORD (DWORD value). One value; must be a string of 1-8 hexadecimal digits. REG_MUL’I'I_SZ (Multistring value). Multiple values allowed; Windows 10 interprets each string as a component of MULTI_SZ separate entries.
REG_EXPAND_SZ (Expandable string value). Similar to REG_SZ, except the text can contain a replaceable variable. For example, in the string %systemroot%NTVDM.EXE, Windows10 replaces the systemroot environmental variable with the path to the Windows 10 System32 folder.
REG_FUIL_RESOURCE_DESCRIPTOR. Stores a resource list for hardware components or drivers. You cannot add or modify an entry with this data type.
Registry Subtrees
Understanding the purpose of each subtree can help you locate specific keys and Val. ues in the Registry. The following five subtrees or subtree keys are displayed in the Registry EditorHKEY_CLASSES_ROOT Contains software configuration data: object linking and embedding (OLE) and file-class association data. This subtree points to the Classes subkey under HKEY,LOCAL_MACHINESOFTWARE.
HKEY_CURRENT_USER Contains data about the current user. Retrieves a copy of each user account used to log on to the computer from the NTUSERDAT file and stores it in the %systemroot%Profiles\username key. This subkey points to the same data contained in HKEY_USERSSID_currently_logged_on_user. This sub tree takes precedence over HKEY_LOCAL_MACHINE for duplicated values.
HKEY_LOCAL~MACHINE Contains all configuration data for the local computer, including hardware and operating system data such as bus type, system memory, device drivers, and startup control data. Applications, device drivers, and the operating system use this data to set the computer configuration. The data in this subtree remains constant regardless of the user.
HKEY_USERS Contains the .DEFAULT subkey, which holds the system default settings (system default profile) used to display the CTRL+ALT+DELETE logon screen, and the Security Identifier (SID) of the current user.
HKEY_CURRENT_CONFIG Contains data on the active hardware profile extracted from the SOFI WARE and SYSTEM hives. This information is used to configure settings such as the device drivers to load and the display resolution to use.
The HKEY_LOCAL_MACH|NE Subtree
HKEY_LOCAL_MACHINE provides a good example of the subtrees in the Registry for ' two reasons:
The structure of all subtrees is similar. I HKEY_LOCAL_MACHINE contains information specific to the local computer and is always the same, regardless of the user who is logged on.
The HKEY_LOCAL_MACHINE root key has Five subkeys,
HARDWARE The type and state of physical devices attached to the computer. This subkey is volatile, meaning that Windows 10 builds it from information gathered during startup. Because the values for this subkey are volatile, It does not map to a file on the disk. Applications query this subkey to determine the type: and state of physical devices attached to the computer.
SAM The directory database for the computer. The SAM hive maps to the SAM and SAM.LOG files in the o/osystemroot°/oSystem32Config directory. Applications that query SAM must use the appropriate application programming interfaces (APIs). This hive is a pointer to the same one accessible under HKEY_LOCAL_MACHINESECURITYSAM.
SECURITY The security information for the local computer. The SECURITY hive maps to the Security and SECURITYLOG files in the 0/osystemroot°/oSystem32Config directory. Applications cannot modify the keys contained in the SECURITY subkey. Instead, applications must query security information by using the security APIs.
SOFTWARE Information about the local computer software that is independent of per-user configuration information. This hive maps to the Software and SOFTWARELOG files in the %systemroot°/oSystem32Config directory. It also contains file associations and OLE information.
SYSTEM Information about system devices and services. When you install or configure device drivers or services, they add or modify information under this hive. The SYSTEM hive maps to the System and SYS'I'EM.LOG files in the %systemroot%System32Config directory. The Registry keeps a backup of the data in the SYSTEM hive in the SYSTEMALT file.
Control Sets
A typical Windows 10 installation contains the following control set subkeys: Clone, ControlSetOOl, ControlSetOOZ, and CurrentControlSet. Control sets are stored as subkeys of the Registry key HKEY_LOCAL_MACHINESYSTEM The Registry might contain several control sets, depending on how often you change or have problems with system settings.
The CurrentControlSet subkey is a pointer to one of the ControiSetOOx keys. The Clone control set is a clone of the control set used to initialize the computer (either Default or Last Known Good), and is created by the kernel initialization process each time you start your computer. The Clone control set is not available after you log on.
To better understand control sets, you should know about the Registry subkey HKEY_LOCAL_MACHINESYSTEMSelect. The entries contained in this subkey include the following:
Current, Identifies which control set is the CurrentControlSet. When you use Control Panel options or the Registry Editor to change the Registry, you modify information in the CurrentControlSet.
Default, Identifies the control set to use the next time Windows 10 starts unless you select the Last Known Good configuration. Default and Current typically contain the same control set number.
Failed Identifies the control set that was designated as failed the last time the computer was started using the Last Known Good control set.
IastKnownGood Identifies a copy of the control set that was used the last time the computer started Windows 10 successfully. After a successful logon, the Clone control set is copied to the Last Known Good control set.
Each of these entries in HKEY_LOCAL_MACHINESYSTEMSelect takes a REG_DWORD data type, and the value for each entry refers to a specific control set. For example, if the value for the Current entry is set to 0x1, the CurrentControlSet points to ControiSetOOI. Similarly, if the value for the Last Known Good entry is set to 0x2, the Last Known Good control set points to ControlSetOOZ.
How to View and Edit the Registry Using the Registry Editor
Setup installs Registry Editor (REGEDITEE) in the %systemroot%System32 directory during installation. However, because most users do not need to use Registry Editor, it does not appear on the Start menu. To start Registry Editor, click Run on the Start menu, type Regedit, and then click OK.
Although Registry Editor allows you to perform manual edits on the Registry, it is intended for troubleshooting and problem resolution. You should make most configuration changes through either Control Panel or Administrative Tools. However, some configuration settings can be made only directly through the Registry.
Using Registry Editor incorrectly can cause serious, system-wide proh|ems that could require reinstallation of Windows 10. When using Registry Edttor to view or edit data. use a program such as Windows Backup to save a backup copy of the Regtstry me before viewing. In Windows 10 l, you can use Backup to back up the System State. which includes the Registry, the COM class registration database, and the system boot met.
Registry Editor saves data automatically as you make entries or corrections. New Reglstry data takes effect immediately.
You can select Find Key on the View menu to search the Registry for a specific key. Key names appear in the left pane of Registry Editor. The search begins at the currently selected key and parses all descendant keys for the specified key name. The search is local to the subtree in which the search begins. For example, a search for a key in the HKEY_LOCAL_MACHINE subtree does not include keys under HKEY_CURRENT_USER.
No comments:
Post a Comment