Uncover its usefulness
One of the most mysterious parts of Windows NT is the Registry. Often, even
experienced NT users and administrators have only a vague notion of what it
stores and how it organizes data. That users must view the Registry's contents
through NT's Registry editors (Regedt32 and Regedit) supplied with NT does not
make the Registry's mysteriousness any less surprising. The Registry is large,
and its organization often seems to verge on the haphazard.
Knowing where the Registry displays different types of information makes
the Registry less intimidating. Let's start with an overview of its structure
and then look at the specific values each of its major data branches contains.
(I won't talk about just documented or undocumented keys, or describe only data
that you can't access from system administration utilities, because such
restrictions lead to notions that the Registry is somehow more mysterious than
it really is.) I'll conclude with a brief section that provides some useful
Registry settings. For information about NT's Registry editors and how to back
up the Registry, see Christa Anderson, "Care and Feeding of the Registry,"
December 1996.
The Registry's Structure
This section introduces the Registry, so if you're already familiar with the
Registry, skip ahead to the next section. Because the Registry is a database,
its structure is much like that of a logical disk volume. The Registry contains
keys, which are similar to a disk's directories, and values,
which compare to files on a disk. A key is a container that can consist
of other keys (subkeys) or values. Values, on the other hand,
store data. Top-level keys are root keys. Throughout the article, I'll
use subkey and key interchangeably (only the root keys are not subkeys).
Both keys and values borrow their naming convention from the file system.
Thus, you can uniquely identify a value with the name mark, which is
stored in a key called trade, with the name trade\mark. One
exception to this naming scheme is each key's unnamed value. Regedit displays
the unnamed value as Default; Regedt32 uses <No Name>.
Values store different kinds of data and can be one of the 11 types listed
in Table 1. The majority of Registry values are either REG_DWORD, REG_BINARY, or REG_SZ. Values of type REG_DWORD can store numbers or Booleans
(on/off values); REG_BINARY values can store numbers larger than 32 bits,
or raw data such as encrypted passwords; REG_SZ values store strings (Unicode,
of course) that can represent names, filenames, paths, and types.
The REG_LINK type is particularly interesting because it lets a value
transparently point at another key or value. When you traverse the Registry
through a link, the path searching continues at the target of the link. For
example, if \Root1\Link has a REG_LINK value of \Root2\RegKey and RegKey
contains the value RegValue, two paths identify RegValue: \Root1\Link\RegValue
and \Root2\RegKey\RegValue. NT prominently uses Registry links: Three of the six
Registry root keys, listed in Table 2, are links to subkeys within the three
non-link root keys.
Registry Root Keys
You can chart the organization of the Registry via the data stored within
it. The six root keys divide the Registry data into categories. (You cannot add
new root keys or delete existing ones.) Data associated with the currently
logged-on user (HKEY_CURRENT_USER), information about all the accounts on
the machine (HKEY_USERS), file association and Object Linking and Embedding
(OLE) registration information (HKEY_CLASSES_ROOT), system-related information
(HKEY_LOCAL_MACHINE), performance data (HKEY_DYN_DATA), and some
information about the current hardware profile (HKEY_CURRENT_CONFIG) comprise
the six data categories.
Why do root key names begin with an H? The root key names represent Win32
handles (H) to keys (KEY). Throughout the rest of the article, I'll abbreviate
the root key names. For example, HKLM represents HKEY_LOCAL_MACHINE.
Table 3
lists the root key names and corresponding abbreviations.
HKEY_CURRENT_USER
The HKCU root key contains data regarding the preferences and software
configuration of the locally logged-on user. Within HKCU, you find the 10
subkeys shown in Table 4.
Whenever a user logs on, HKCU is created as a link to
the user's key under HKEY_USERS.
HKCU\AppEvents contains two subkeys: EventLabels, where you find event
names (e.g., mail arrival, window minimize), and Schemes, where you find sound
and event associations. Under Schemes\Apps you find groups of event keys whose
values can point at wave files. You can easily change these settings via the
Control Panel Sounds applet.
HKCU\Console contains a subkey for each Command Prompt shortcut in the
user's account. Under these subkeys, you find all the properties (e.g.,
foreground and background text colors, window size, edit mode) for the command
window that's created when you execute a particular shortcut. You can access all
these values through the Properties menu item on the individual command prompt
windows.
HKCU\Control Panel contains GUI settings such as desktop and screen-saver
parameters, cursor file associations, and window attributes such as colors and
geometry settings. As the key's name suggests, you can edit most of these values
through Control Panel applets; however, you must edit some values via a Registry
editor. For example, to make the window focus follow the mouse, you must set the
value of HKCU\ControlPanel\Mouse\ActiveWindowTracking to 1 (and reboot for
the change to take effect). To tell Windows how long (in milliseconds) to pause
before it displays the cascading menus of the Start menu, you must edit
HKCU\Control Panel\Desktop\MenuShowDelay.