Microsoft Windows XP Professional stores hardware and software settings centrally in a hierarchical database called the registry. The registry replaces many of the .ini, .sys, and .com configuration files used in earlier versions of Microsoft Windows. The registry controls the Windows XP Professional operating system by providing the appropriate initialization information to boot Windows XP Professional, to start applications, and to load components, such as device drivers and network protocols.
Most users of Windows XP Professional never need to access the registry. However, management of the registry is an important part of the system administrator's job and includes viewing, editing, backing up, and restoring the registry. You use Registry Editor to view and change the registry configuration.
The registry contains a variety of different types of data, including the following:
The registry structure provides a secure set of records. The data in the registry is read, updated, or modified by many of the Windows XP Professional components.
Table 18.6 describes some of the components that access and store data in the registry.
Table 18.6??Components That Use the Registry
The registry is organized in a hierarchical structure similar to the hierarchical structure of folders and files on a disk. Figure 18.2 shows the hierarchical structure of the registry as displayed by the Registry Editor.
Table 18.7 describes the components that make up the hierarchical structure of the registry.
Table 18.7??Components That Make Up the Registry
Component | Description |
---|---|
Subtree |
A subtree (or subtree key) is analogous to the root folder of a disk. The Windows XP Professional registry has two subtrees: HKEY_LOCAL_MACHINE and HKEY_USERS. However, to make the information in the registry easier to find and view, there are five predefined subtrees that can be seen in the editor: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG |
Keys |
Keys are analogous to folders and subfolders. Keys correspond to hardware or software objects and groups of objects. Subkeys are keys within higher level keys. |
Entries |
Keys contain one or more entries. An entry has three parts: name, data type, and value (data or configuration parameter). |
Hive |
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding registry file and .log file located in %systemroot%\ System32\Config. Windows XP Professional uses the .log file to record changes and ensure the integrity of the registry. |
Data types |
Each entry's value is expressed as one of these data types: REG_SZ (String value). One value; Windows XP Professional interprets it as a string to store. REG_BINARY (Binary value). One value; it must be a string of hexadecimal digits. Windows XP Professional interprets each pair as a byte value. REG_DWORD (DWORD value). One value; must be a string of 1-8 hexadecimal digits. REG_MULTI_SZ (Multistring value). Multiple values allowed; Windows XP Professional interprets each string as a component of multi_sz separate entries. REG_EXPAND_SZ (Expandable string value). Similar to REG_SZ, except the text can contain a replaceable variable; for example, in the string %systemroot% \NTVDM.EXE, Windows XP Professional replaces the systemroot environmental variable with the path to the Windows XP Professional System32 folder. REG_FULL_RESOURCE_DESCRIPTOR. Stores a resource list for hardware components or drivers. You cannot add or modify an entry with this data type. |
Understanding the purpose of each subtree can help you locate specific keys and values in the registry. The following five subtrees or subtree keys are displayed in the Registry Editor (see Figure 18.2):
HKEY_LOCAL_MACHINE provides a good example of the subtrees in the registry for two reasons:
The HKEY_LOCAL_MACHINE root key has five subkeys, which are explained in Table 18.8.
Table 18.8??HKEY_LOCAL_MACHINE Subkeys
Subkey | Description |
---|---|
HARDWARE |
The type and state of physical devices attached to the computer. This subkey is volatile, meaning that Windows XP Professional builds it from information gathered during startup. Because the values for this subkey are volatile, it does not map to a file on the disk. Applications query this subkey to determine the type and state of physical devices attached to the computer. |
SAM |
The directory database for the computer. The SAM hive maps to the SAM and SAM.LOG files in the %systemroot% \System32\Config directory. Applications that query SAM must use the appropriate application programming interfaces (APIs). This hive is a pointer to the same one accessible under HKEY_LOCAL_MACHINE\ SECURITY\SAM. |
SECURITY |
The security information for the local computer. The SECURITY hive maps to the Security and SECURITY.LOG files in the %systemroot%\System32\Config directory. Applications cannot modify the keys contained in the SECURITY subkey. Instead, applications must query security information by using the security APIs. |
SOFTWARE |
Information about the local computer software that is independent of per-user configuration information. This hive maps to the Software and SOFTWARE.LOG files in the %systemroot%\System32\Config directory. It also contains file associations and OLE information. |
SYSTEM |
Information about system devices and services. When you install or configure device drivers or services, they add or modify information under this hive. The SYSTEM hive maps to the System and SYSTEM.LOG files in the %systemroot% \System32\Config directory. The registry keeps a backup of the data in the SYSTEM hive in the SYSTEM.ALT file. |
A typical Windows XP Professional installation contains the following control set subkeys: Clone, ControlSet001, ControlSet002, and CurrentControlSet. Control sets are stored as subkeys of the registry key HKEY_LOCAL_MACHINE\SYSTEM (see Figure 18.3). The registry might contain several control sets, depending on how often you change or have problems with system settings.
The CurrentControlSet subkey is a pointer to one of the ControlSet00x keys. The Clone control set is a clone of the control set used to initialize the computer (either Default or LastKnownGood), and is created by the kernel initialization process each time you start your computer. The Clone control set is not available after you log on.
To better understand control sets, you should know about the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\Select. The entries contained in this subkey include the following:
Each of these entries in HKEY_LOCAL_MACHINE\SYSTEM\Select takes a REG_DWORD data type, and the value for each entry refers to a specific control set. For example, if the value for the Current entry is set to 0x1, the CurrentControlSet points to ControlSet001. Similarly, if the value for the LastKnownGood entry is set to 0x2, the LastKnownGood control set points to ControlSet002.
Setup installs Registry Editor (REGEDT32.EXE) in the %systemroot%\System32 directory during installation. However, because most users do not need to use Registry Editor, it does not appear on the Start menu. You start Registry Editor by selecting Run on the Start menu.
Although Registry Editor allows you to perform manual edits on the registry, it is intended for troubleshooting and problem resolution. You should make most configuration changes through either Control Panel or Administrative Tools. However, some configuration settings can only be made directly through the registry.
Registry Editor saves data automatically as you make entries or corrections. New registry data takes effect immediately.
You can select Find Key on the View menu to search the registry for a specific key. Key names appear in the left pane of Registry Editor. The search begins at the currently selected key and parses all descendant keys for the specified key name. The search is local to the subtree in which the search begins. For example, a search for a key in the HKEY_LOCAL_MACHINE subtree does not include keys under HKEY_CURRENT_USER.
In this practice, you use Registry Editor to view the information in the registry. You determine information such as the BIOS, the processor on your computer, and the version of the operating system. You use Registry Editor's Find Key command to search the registry for a specific word with key names. You then modify the registry by adding a value to it, and you save a subtree as a file so that you can use an editor, like Notepad, to search the file.
In this exercise, you use Registry Editor to view information in the registry.
What are the SystemBIOSDate and SystemBIOSVersion of your computer?
What is the computer type of your local machine according to the Identifier entry?
In this exercise, you use the Registry Editor's Find command to search the registry to find a specific word in the keys, values, and data in the registry.
The Registry Editor displays the Find dialog box.
The Registry Editor locates and highlights the first entry containing serial.
Notice that serial appears in many locations in the registry.
In this exercise, you add a value to the registry.
The values in the Environment key appear in the right pane of the Registry Editor window.
The Registry Editor adds A New Value #1 entry in the right pane of the Registry Editor window.
The Registry Editor displays an Edit String dialog box.
Test REG_SZ %windir%\ system32 is now an entry in the right pane of the Registry Editor window.
The System Properties dialog box appears.
The Environment Variables dialog box appears.
Does the test variable appear in the User Variables For Administrator list?
The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."