“Get a Personal Trainer for Your Computer!”©



Registry symbol

Windows Registry Symbol

Most computer users speak of the system registry, or simply “registry” in hushed tones, like it’s understanding some sort of secret religion.  And, in  sense, it should inspire some sort of awe, because the slightest misstep can wreck your computer’s world beyond repair.  This is one of the few areas about which one can honestly say only a pro should tinker.  Nevertheless, a basic understanding of the registry certainly wouldn’t hurt, so here goes:

What is the registry?  Probably the most important part of any Windows-based computer system (introduced in Win 3.1), it is a system-defined database used by the Windows operating system to store configuration information.  (The “blocks” symbol, above, designates registry files on your computer.) This means information about hardware and software. It is not part of, but is often accessed by the Windows kernel. The Windows initialization files (“.ini”), including the system.ini and win.ini files as well as many, many other .ini files are contained in the registry.  .Ini files  are ASCII files that can be edited by the DOS edit utility or Notepad.  These files specify information that Windows requires, such as ports, DMAs, IRQs and file paths, as well as hardware and software configurations necessary for performing the task at hand (perhaps opening a spreadsheet).  The system.ini file contains system specific information that Windows requires to open successfully, and the win.ini file contains much of the data that a user might customize to suit personal preferences, such as color schemes, desktop icons and fonts.  All of this data is stored in a “tree” structure format common to Windows (similar to what you would see if you open Windows Explorer).   It looks about like this:

The registry has many thousands, sometimes tens of thousands, of entries. 

The five main registry sections, which are called “hives” each have a separate purpose, although many of the settings are “mirrored” (duplicated) in some of the other hives.  That’s because these are “symbolic links,” (aliases), so when you make a change in one registry hive, they are automatically duplicated in any other duplicate locations.   Here’s what the five hives are and what they do:

HKEY_CLASSES_ROOT: This hive contains information about file types, filename extensions and the like.  It instructs the operating system about how to handle the file types for such tasks as opening, printing, context menus and other user interface operations.  It also includes CLASS definitions of unique objects such as file types or OLE objects.  Class IDs (“CLSIDs”) are unique identifiers of system objects  and look like the following: {20D04FEO-3AEA-1069-A2D8-08002B30309D} which stands for the My Computer desktop object.

HKEY_CURRENT_USER: This hive contains configuration information about the system setup of the user that is currently logged on, such as the user’s desktop, appearance, network connections, device connections and security rights.  Also included are the SIDs (“Security Identifiers”) which uniquely identify users of the computer and information about each user’s rights, settings and preferences.

HKEY_LOCAL_MACHINE: This hive contains information about the computer itself (the hardware, ports, storage and the like), as well as the operating system (o/s configuration, drivers, services, startup, installed software and security).

HKEY_USERS:  This hive contains information about every user profile on the system.

HKEY_CURRENT_CONFIG:  This hive contains information about the current hardware configuration of the system.

[The hives themselves are actually stored in the C:\Windows\System 32\Config and C:\Documents and Settings\{username} files.]

Within each hive are certain “keys” which can in turn contain “subkeys” which can in turn contain their own “subkeys” and so on, in typical hierarchy fashion.  Each key or subkey has a specific value, which controls a specific setting, such as the color of your wallpaper, your font type and size, how many clicks it takes to open a program, where to print a file, etc.  Many of these values can either be changed indirectly (e.g. through changes in the Control Panel settings or the software installation process) or directly (through editing the registry using regedit from a command line).

Generally, there are five types of values in these keys:

REG_SZ (String Value):  Quite commonly found, this value is composed of plain text and numbers.  For example, the value for the speed for double-clicking with the mouse is expressed as:  HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickSpeed. You insert a number (starting with the default of 500 (milliseconds)) to change the value of this key.

REG_MULTI_SZ (String Array Value):  This value contains several “strings” of plain text and numbers, which you can edit, but cannot create.

REG_EXPAND_SZ (Expanded String Value):  This value contains variables that Windows uses to point to the location of files.  For example, the key %SystemRoot%\resources\Themes,Windows_Default tells the computer where to look for the Windows Default desktop theme.

REG_BINARY (Binary Values):  As it sounds, this value is made up of 0s and 1s, and is usually not edited directly.

REG_DWORD (DWORD Values):  This value is generally represented as a number (perhaps 383 and 384), often to turn a key “on” or “off.”

Generally, the values for the registry keys are binary  (see explanation HERE), that is “0” represents “off” and “1” represents “on”.

So how does it work? When you install an application (program) or new hardware, data is added into your registry by creating new keys or opening existing keys.  The data is sorted by computer-specific data or user-specific data across the registry itself and through several keys and hives (groups of keys, subkeys and values).  The data is retained in your system until modified or removed.  The registry is also the best tool for manually customizing the operating system itself (from the command line, type “regedit”), as it allows you to change the desktop icons and balloons for system objects, and to remove items that may otherwise be unremovable.

Can it malfunction? Absolutely, like anything else on your computer.  It can be affected by malware, viruses, bad hard drives, improper or interrupted hardware or software installations, power surges and many other problems.  Some malware (like the UZA O/S worm), will purposely disable the “Shift Override” feature of Windows which allows you to bypass programs loading during startup, so that the malware will always be enabled.

Can it be repaired?  Yes, usually. If the registry error was caused by a corrupt software or hardware install, you may be lucky enough to have a system restore point set by Windows and you may only have to go back to an earlier point where the system registry wasn’t damaged.  But there are collateral issues here:  System Restore doesn’t back up everything, it won’t repair hard drive hardware issues, and it won’t remove viruses and some of their damage.  (For more about what System Restore does and doesn’t do, click HERE.)  Sometimes, but not very often, Windows Repair (from a boot disk) may also do the trick (see Tip #72).  If not, it’s usually necessary to manually edit the registry to solve the problem.  If you’re not familiar with the way the registry works and some degree of programming, you should definitely stay away from this.

Can it be edited?  Yes, but you must be very careful or you’ll brick your computer. Let’s say you Google a registry edit to fix a virus or installation issue. Or even get the fix from Microsoft or McAfee.  It may appear that the registry editor (regedit command) provides you with a heirarchal directory of folders and files a la File Explorer, but there is a critical difference:  Changes to the registry cannot be undone by clicking undo or going to the recycle bin.  Therefore, you must specifically export any key that you are going to edit.  Right click on the key you want to export, then save it outside of the registry editor.  You’ll see the key with a .reg extension, which you can copy back if your editing goes bad.

Should I try the Registry Cleaners? There are various registry cleaners and restore utilities (both free and paid) available - some good, some truly awful, take your chances.  Most of the programs on the market don’t really correct serious registry problems, they just “clean up” duplicates, orphaned files and other entries after removal of programs and the like.  You can probably tell, between the lines, that I don’t think much of these programs; they can often create more problems than they solve and may make a manual repair all but impossible after they’re used.  That is,  if you’re not careful, you can irreparably damage the registry to the point that only a complete reinstall of your hard drive will work.  It’s always best to identify the specific problem, figure out the registry keys to edit, make a backup copy of the registry, then make the manual corrections.  See also, Baseline, Tip #59.

Do Macs Have A Registry? No.  Apple doesn’t believe in “putting all their eggs in one basket” like a single monolithic registry.    Rather the Mac O/S uses small preference-list files which are stored in containers unique to the application which requires them, preventing damage and bad code from influencing other applications.

If in doubt, always call a pro to manually edit the registry properly using the Windows Registry Editor. It’ll be a lot less work than reinstalling your whole operating system from scratch...


© Computer Coach.  All written materials are the sole property of Computer Coach (unless otherwise attributed) and no part of this website may be used in any format without the express written permission of Computer Coach.