Subscribe to Windows IT Pro
December 01, 1996 12:00 AM

Care and Feeding of the Registry

Christa Anderson
Windows IT Pro
InstantDoc ID #2867
Rating: (0)
Edit your Registry safely and effectively to properly care for your system

The ability to navigate and, when necessary, edit entries in the Registry (Windows NT's system- and user-configuration database) is a vital skill for Windows NT administrators who need to fine-tune and troubleshoot their local or remote NT workstations and servers. The editing process is easy; what's harder is editing safely (i.e., avoiding changes that trash the system and force you to reinstall NT), backing up critical files, and restoring system files corrupted by erroneous changes to the Registry. To work with the Registry safely and effectively, you need to understand how it's organized; how to back up and, if necessary, restore system files; and how to perform basic editing, including how to edit a remote system's Registry.

Hives, Subtrees, and Keys
The Registry stores most of its information in sets of files (called hives) based on different aspects of the NT environment. But, the Registry displays its configuration data in a tree-like structure: The Registry database you view and edit consists of five subtrees, each of which has a name starting with hkey (which stands for "handle to a key"). Simply put, when you work with the Registry, you view and edit subtrees and their contents, but you back up and restore hives.

To see the Registry subtrees (see Screen 1), run the program called Registry Editor (regedt32.exe)--one of two NT tools for viewing and editing Registry values. (The other tool is regedit.exe, a new tool in NT 4.0 with many of the same functions as the traditional regedt32.exe tool, plus an expanded search capability. Both tools are automatically installed when you install NT. The examples in this article use regedt32 because it supports some editing tools--such as Load Hive--that regedit does not.) The five subtrees are

* hkey_local_machine, which contains information about the system's currently installed hardware and operating system. You'll do most of your work in this subtree, configuring hardware settings or refining logons.

* hkey_classes_root, the "associations" subtree, which is similar to the Windows 3.x Registry and provides compatibility with it. All information about which executable files are associated with which file extensions is stored here. (hkey_local_machine\software\classes also displays this information.)

* hkey_users, which contains the user profiles on the computer, including a default profile for a user who hasn't logged on before, and (in NT Workstation) the profile of the current user (i.e., hkey_current_user). This subtree does not contain the profiles of users logged on to an NT Server machine--those profiles are stored locally.

* hkey_current_user, which contains information relating to the currently logged-on user.

* hkey_current_config, which contains information that relates to the hardware configuration you booted with. This subtree holds changes to the standard configuration found in hkey_local_ machine's software and system subkeys, so you can think of this subtree as a condensed version of what appears there. (hkey_local_machine also displays this information in the system\currentcontrolset\hardwareprofiles\current subkey.)

As you can see, some information appears in more than one subtree. In particular, if similar information exists in both hkey_local_machine and hkey_current_user, the data in the latter takes precedence (e.g., environment variables defined for the current user have higher priority than system values).

Subtrees in turn contain keys, subkeys, and value entries. A subtree's keys are the folders shown in the left pane of the Registry Editor window for that subtree (e.g., Screen 2 shows the Software and System keys for hkey_current_config.) Subkeys appear as subdirectories of keys. Value entries appear in the right pane of a subtree window and define the value of the currently selected key or subkey. Value entries have three parts, separated by colons: a name, a data type, and a value. For example, in Screen 3, osloaderpath is a value entry that assigns the value ntwork4\system32 to the Setup key.

The subtrees that you view and edit are not directly related to the hives that store the Registry information. For example, the default user profile information displayed in the hkey_users subtree is stored in two files in the system32\config directory: default and default.log (which records changes to the default file). The data in these files comprises the hive. Note that some Registry information is not in any hive--hives do not store volatile Registry information (i.e., information created when the computer starts and deleted when it stops). For example, the information displayed in hkey_local_machine\hardware, which is re-created each time you boot the system to adapt to changes in computer hardware, is not in a hive. Read "NT 4.0's Registry Hives," for more information about the standard NT 4.0 Registry hives and their associated support files.

Backing Up
Before you edit the Registry (and even if you don't plan to edit it directly via the Registry Editor), you need to back up its information. Backing up the Registry regularly--preferably daily--protects you from incorrect changes to and accidental deletions from settings or account information. Also, if you have to reinstall NT, you can simply restore the Registry from the backup, thus saving time you'd otherwise spend reconfiguring your system.

Independent of any backups you make, NT has fault-tolerance capabilities that protect the Registry from failed updates. For more information about how NT protects its Registry hive files, see "How NT Protects Its Hives," page 101. But when NT's automatic failsafes can't help (e.g., when you erroneously make a change), you'll need your backups.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • David P. Bell
    13 years ago
    Aug 12, 1999

    I hope Christa Anderson can answer a question about backing up the Registry: What does rdisk.exe do? When I create the Emergency Repair Disk, the files on it are much smaller than the Registry files in c:\\winnt35\\system32\\config. Does RDISK just capture any changes I’ve made from the default Registry files, or is the file size difference because of the volatile Registry data that is created each time the system starts? Does RDISK even capture any changes to your system, or does it just bring you back to the default Registry settings as the resource guide on the TechNet CD-ROM seems to indicate? Finally, how does the Configuration-Save option in Disk Administrator fit into the picture? It copies a file called System, which is much larger than the System file that RDISK creates. Thanks for your help.

    --David P. Bell,



    Thanks for your questions. When you run RDISK without switches, it updates the information in the \\repair directory for all hive files except for the System and SAM files and lets you update the entity relationship diagram (ERD). When you run RDISK with the /s switch, RDISK updates all hive files, including those two, in the \\repair directory and then prompts you to create a new ERD that will contain the complete set of hive files.
    The volatile Registry information about the hardware isn’t saved. The difference in file size is because the hive files on the ERD and in the \\repair directory are compressed.
    RDISK brings you back to the state of the system when you last created the ERD. If that point was during installation, you’ll be restored to the installation settings. If you update the ERD when you make any change, that change will appear when you repair the installation.
    As for the role of the Configuration-Save option, RDISK produces a compressed file that is decompressed during restoration. The information saved in the Disk Administrator as you describe is not compressed.

    --Christa Anderson

  • Toby Everett
    13 years ago
    Aug 12, 1999

    Christa Anderson’s well-researched December 1996 article, “Care and Feeding of the Registry,” had one minor oversight regarding the HKEY_USERS\\.DEFAULT Registry key. She correctly noted that the hive mounted at that position is %System Root%\\System32\\Config\\Default. However, in NT 4.0, that hive is not copied when you create a new user profile. The hive that is copied for a new profile is %System
    Root%\\Profiles\\DefaultUser\\NTUser.DAT. That hive is not mounted anywhere in the Registry hierarchy.
    %SystemRoot%\\System32\\Config\\Default is not, as I thought until recently, useless. I assumed that HKEY_USERS\\.DEFAULT points to the Registry hive used for new profiles. However, according to page 1018 of Microsoft’s Windows NT Workstation Resource Kit:



    “When Windows NT is running on a computer that no user is logged on to, a dialog box appears, prompting you to press CTRL+ALT+DEL to log on. This dialog box and other aspects of the Windows NT environment at this point, such as the screen’s background color and its use of wallpaper and screen savers, are controlled by the system default profile. The settings for this profile are stored in System32\\config\\default.”



    To modify the Registry hive used for new profiles, use regedt32.exe to mount %SystemRoot%\\Profiles\\DefaultUser\\NTUser. DAT, make the changes, and then unmount it.

    --Toby Everett

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.