Regedit and Registry: Guide to the most useful Aspects

20

A brief guide to using Regedit and the main features of the Windows registry. A difficult topic for many that we try to address in a nutshell.

The registry has been preserved, with a substantially identical structure, in all the Windows versions that have followed one another over the years. This is a registry that holds information about the settings of the operating system and installed applications.

The registry as we know it today was introduced in Windows 95, and a similar solution was adopted by Microsoft even earlier, at the time of Windows 3.0.

We are talking about prehistory, yes, yet the registry continues to be widely used, for example, even in Windows 10.

While in Windows 95 and Windows 98, the registry was kept in two separate files, starting from Windows NT up to Windows 10, it is divided into some files stored in the % systemroot% system32 config folder.

By pressing the Windows + R key combination then typing % systemroot% system32 config and confirming access to the folder with a user account with administrator rights (click the Continue button ), you will find – among others – the following files without extension: SAM, Security, Software, System, Default, and UserDiff.

Each of them houses a piece of information that makes up the registry contents used by the version of Windows in use.

Regedit: to open the registry

The tool that allows you to open the Windows registry and view its contents is called Regedit.

It is a utility built into all versions of the Microsoft operating system (improved in Windows 10 in terms of usability) that acts as a registry editor in Windows.

Regedit allows not only to verify the content but also to modify the registry.

The utility simultaneously opens the various files in the % systemroot% system32 config folder seen above and presents their contents to the user.

Regedit is a program that must be used with extreme caution: rash or unwanted changes made to the Windows registry can jeopardize the entire system’s stability. By intervening without knowledge of the system registry’s facts, you can even prevent the correct startup of the operating system or cause major problems by preventing its correct functioning.

Any changes that may be applied to the registry configuration must be made carefully, making sure repeatedly what you are doing.

However, knowing the basics of how the Windows registry works is essential because it can help in many situations:

– Windows shows an error message on startup, explaining that it cannot load any files.

– The operating system displays an error message by right-clicking on a file or folder.

– Windows displays an error message when trying to open a file with a particular extension.

– Uninstalling and then reinstalling a program always seems to remember the previous settings that are never reset even by deleting its reference folders.

– You want to transfer the settings and preferences of an installed program elsewhere, for example, to another Windows PC.

– The Windows context menu (the one that appears when you right-click) is full of useless commands and references to superfluous applications, sometimes even after their uninstallation.

Apply customizations that affect Windows’s behavior and allow you to enable features that cannot be activated through the normal user interface.

The structure of the register and Regedit

To open the registry editor in Windows, just press Windows + R, then type Regedit and press Enter.

Regedit and Registry: Guide to the most useful Aspects

You will find yourself in front of a window divided in two: on the left, some main items, presented as folders, while on the right, an empty panel.

By double-clicking on one of the displayed folders, its contents are immediately shown with the relative “sub-branches”.

Each sub-branch is called a “key” or key: the set of keys present in the registry forms a highly branched tree structure since each key can contain an enormous number of subkeys.
Inside each key are stored, in the form of “values”, the actual information used by Windows and by the applications we work with every day.

The values ​​stored in the selected key are listed in the right panel of Regedit: they can essentially be of three types: String, Binary, or DWORD, depending on the type of data they contain.

The main keys or branches are as follows:

– HKEY_CLASSES_ROOT

Contains references to the HKEY_LOCAL_MACHINE section. The information included in this key concerns the types of files used as well as information about the components used by the various applications.

– HKEY_CURRENT_USER

This key holds information about the user account currently “logged in” in Windows.

– HKEY_LOCAL_MACHINE

Contains information about hardware and software settings that affect all users of the computer.

– HKEY_USERS

Contains information about each user profile used on the PC. When a user enters their name when Windows starts, the system immediately chooses the configuration associated with that user (appearance of the desktop, settings of the various applications, and so on)

– HKEY_CURRENT_CONFIG

Hosts a collection of information about connected hardware devices.

Because it is important to know the registry and to know how Regedit works

Although you may not notice it, the operating system and applications installed in Windows continually access the registry.

Try downloading and running the Process Monitor utility.

Double click on the procmon.exe executable file and wait a few seconds: you will see the main window immediately fill up with hundreds, thousands of information.

In fact, the program shows all access to files (on disk or SSD) and those at the system registry level.

To limit the display to access to the Windows registry only, just click on the Show File System Activity icon at the top of the toolbar.

You will notice how many operations, every second, are performed on the contents of the system log (see the Operation column ) by running programs and processes.

Regedit and Registry: Guide to the most useful Aspects.

As it is easy to guess, Process Monitor can be very useful for more experienced users to detect every change to the registry and every single access made by the installed applications. In this way, it is possible to understand where each program keeps its settings. A very precious tool to diagnose the cause of any problems and export (with the possibility of reusing them elsewhere) the various programs’ configurations.

By acting on the Filter, Filter menu of Process Monitor, you can specify, for example, the name of the executable of the process you want to monitor.

Regedit and Registry - Guide to the most useful Aspects

Thus, you can concentrate on the activities carried out by the single application without being distracted by information that is not of interest.

In the following articles, we explain how Process Monitor can represent a very valid lifeline to solve the appearance of error messages or strange behaviors of the system and installed applications:

– Application crashes clicking on Save As

Some noteworthy registry keys

The registry contains settings that are essential for the proper functioning of Windows and programs. Here are some very important keys (HKLM stands for HKEY_LOCAL_MACHINE; HKCU for HKEY_CURRENT_USER; HKCR for HKEY_CLASSES_ROOT):

– HKLM SOFTWARE

Here are the settings of most of the programs installed on the machine. And it is always here that you can find “orphan” information after uninstalling an application.

Of course, as explained in the article, program settings can be stored in other areas of the registry and % appdata%, % localappdata% folders.and % programdata%, but this registry key should be checked if in doubt.

– HKLM Software Microsoft Windows CurrentVersion Run
HKLM Software Microsoft Windows CurrentVersion RunOnce
HKLM SOFTWARE Wow6432Node Microsoft Windows CurrentVersion Run
HKLM Software Microsoft Windows CurrentVersion RunServices
HKLM Software Microsoft Windows CurrentVersion RunServicesOnce
HKCU Software Microsoft Windows CurrentVersion Run
HKCU Software Microsoft Windows CurrentVersion RunOnce
HKCU Software Microsoft Windows CurrentVersion RunServices

Some folders to check when you have problems with one or more files loaded automatically when Windows starts.

To simplify the procedure, we suggest using Autoruns – see the articleHow to remove autorun programs.

– HKCR * shell
HKCR * shellex ContextMenuHandlers
HKCR AllFileSystemObjects ShellEx
HKCR Directory shell
HKCR Directory shellex ContextMenuHandlers

These keys contain most of the references and commands added by the operating system and third-party applications to the Windows context menu.

To simplify its management, instead of interacting directly with the registry through Regedit.

As you can see, in all cases, the registry keys on which you act are those indicated above.
Restore part of the information contained in the registry with “Load hive.”

Regedit consists of a little known function called Load Hive, which can be called up from the File menu.

It allows you to temporarily load another log file, for example, belonging to another Windows installation. By doing so, it will be possible to check its contents and export the data.REG format (and then possibly import them into the current installation).

Imagine dealing with a Windows system that no longer boots or with an OS installation reinstalled on the same machine ( Media Creation Tool and Windows 10 in-place update ).

Useful information can be extracted from the old system registry to reconfigure newly installed applications.

The procedure is explained in the article How to restore Windows 10 without losing data in point 7).