Discover how to open Registry Editor, the program included in Windows 10, 8, 7, Vista, and XP that is used to make changes to the registry. HKEYLOCALMACHINE SYSTEM Clone: Volatile hive These files are database files, and only RegEdit, Regedit32 and the Kernel32 can read them. The primary tool in Windows 10/8/7 for working.
(Redirected from HKEY LOCAL MACHINE)
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interface can all use the registry. The registry also allows access to counters for profiling system performance.
In simple terms, the registry or Windows Registry contains information, settings, options, and other values for programs and hardware installed on all versions of Microsoft Windows operating systems. For example, when a program is installed, a new subkey containing settings such as a program's location, its version, and how to start the program, are all added to the Windows Registry.
When introduced with Windows 3.1, the Windows Registry primarily stored configuration information for COM-based components. Windows 95 and Windows NT extended its use to rationalise and centralise the information in the profusion of INI files, which held the configurations for individual programs, and were stored at various locations.[1][2] It is not a requirement for Windows applications to use the Windows Registry. For example, .NET Framework applications use XML files for configuration, while portable applications usually keep their configuration files with their executables.
Rationale[edit]
Prior to the Windows Registry, .INI files stored each program's settings as a text file, often located in a shared location that did not provide user-specific settings in a multi-user scenario. By contrast, the Windows Registry stores all application settings in one logical repository (but a number of discrete files) and in a standardized form. According to Microsoft, this offers several advantages over .INI files.[2][3] Since file parsing is done much more efficiently with a binary format, it may be read from or written to more quickly than an INI file. Furthermore, strongly typed data can be stored in the registry, as opposed to the text information stored in .INI files. This is a benefit when editing keys manually using
RegEdit.exe , the built-in Windows Registry Editor. Because user-based registry settings are loaded from a user-specific path rather than from a read-only system location, the registry allows multiple users to share the same machine, and also allows programs to work for less privileged users. Backup and restoration is also simplified as the registry can be accessed over a network connection for remote management/support, including from scripts, using the standard set of APIs, as long as the Remote Registry service is running and firewall rules permit this.
Because the registry is a database, it offers improved system integrity with features such as atomic updates. If two processes attempt to update the same registry value at the same time, one process's change will precede the other's and the overall consistency of the data will be maintained. Where changes are made to .INI files, such race conditions can result in inconsistent data that does not match either attempted update. Windows Vista and later operating systems provide transactional updates to the registry by means of the Kernel Transaction Manager, extending the atomicity guarantees across multiple key and/or value changes, with traditional commitâabort semantics. (Note however that NTFS provides such support for the file system as well, so the same guarantees could, in theory, be obtained with traditional configuration files.)
Structure[edit]Keys and values[edit]
The registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values and subkeys. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. Keys must have a case insensitive name without backslashes.
The hierarchy of registry keys can only be accessed from a known root key handle (which is anonymous but whose effective value is a constant numeric handle) that is mapped to the content of a registry key preloaded by the kernel from a stored 'hive', or to the content of a subkey within another root key, or mapped to a registered service or DLL that provides access to its contained subkeys and values.
E.g. HKEY_LOCAL_MACHINESoftwareMicrosoftWindows refers to the subkey 'Windows' of the subkey 'Microsoft' of the subkey 'Software' of the HKEY_LOCAL_MACHINE root key.
There are seven predefined root keys, traditionally named according to their constant handles defined in the Win32 API, or by synonymous abbreviations (depending on applications):
Like other files and services in Windows, all registry keys may be restricted by access control lists (ACLs), depending on user privileges, or on security tokens acquired by applications, or on system security policies enforced by the system (these restrictions may be predefined by the system itself, and configured by local system administrators or by domain administrators). Different users, programs, services or remote systems may only see some parts of the hierarchy or distinct hierarchies from the same root keys.
Registry values are name/data pairs stored within keys. Registry values are referenced separately from registry keys. Each registry value stored in a registry key has a unique name whose letter case is not significant. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key. Registry values may contain backslashes in their names, but doing so makes them difficult to distinguish from their key paths when using some legacy Windows Registry API functions (whose usage is deprecated in Win32).
The terminology is somewhat misleading, as each registry key is similar to an associative array, where standard terminology would refer to the name part of each registry value as a 'key'. The terms are a holdout from the 16-bit registry in Windows 3, in which registry keys could not contain arbitrary name/data pairs, but rather contained only one unnamed value (which had to be a string). In this sense, the Windows 3 registry was like a single associative array, in which the keys (in the sense of both 'registry key' and 'associative array key') formed a hierarchy, and the registry values were all strings. When the 32-bit registry was created, so was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distorted.[4] For compatibility with the previous behavior, each registry key may have a 'default' value, whose name is the empty string.
Each value can store arbitrary data with variable length and encoding, but which is associated with a symbolic type (defined as a numeric constant) defining how to parse this data. The standard types are:
Root keys[edit]
The keys at the root level of the hierarchical database are generally named by their WindowsAPI definitions, which all begin 'HKEY'.[2] They are frequently abbreviated to a three- or four-letter short name starting with 'HK' (e.g. HKCU and HKLM). Technically, they are predefined handles (with known constant values) to specific keys that are either maintained in memory, or stored in hive files stored in the local filesystem and loaded by the system kernel at boot time and then shared (with various access rights) between all processes running on the local system, or loaded and mapped in all processes started in a user session when the user logs on the system.
The HKEY_LOCAL_MACHINE (local machine-specific configuration data) and HKEY_CURRENT_USER (user-specific configuration data) nodes have a similar structure to each other; user applications typically look up their settings by first checking for them in 'HKEY_CURRENT_USERSoftwareVendor's nameApplication's nameVersionSetting name', and if the setting is not found, look instead in the same location under the HKEY_LOCAL_MACHINE key[citation needed]. However, the converse may apply for administrator-enforced policy settings where HKLM may take precedence over HKCU. The Windows Logo Program has specific requirements for where different types of user data may be stored, and that the concept of least privilege be followed so that administrator-level access is not required to use an application.[a][5]
HKEY_LOCAL_MACHINE (HKLM)[edit]
Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are specific to the local computer.[6]
The key located by HKLM is actually not stored on disk, but maintained in memory by the system kernel in order to map all the other subkeys. Applications cannot create any additional subkeys. On Windows NT, this key contains four subkeys, 'SAM', 'SECURITY', 'SYSTEM', and 'SOFTWARE', that are loaded at boot time within their respective files located in the %SystemRoot%System32config folder. A fifth subkey, 'HARDWARE', is volatile and is created dynamically, and as such is not stored in a file (it exposes a view of all the currently detected Plug-and-Play devices). On Windows Vista and above, a sixth and seventh subkey, 'COMPONENTS' and 'BCD', are mapped in memory by the kernel on-demand and loaded from %SystemRoot%system32configCOMPONENTS or from boot configuration data, bootBCD on the system partition.
HKEY_CURRENT_CONFIG (HKCC)[edit]
HKEY_CLASSES_ROOT (HKCR)[edit]
HKEY_USERS (HKU)[edit]
HKEY_CURRENT_USER (HKCU)[edit]
HKEY_PERFORMANCE_DATA[edit]
HKEY_DYN_DATA[edit]
Hives[edit]
Even though the registry presents itself as an integrated hierarchical database, branches of the registry are actually stored in a number of disk files called hives.[12] (The word hive constitutes an in-joke.)[13]
Some hives are volatile and are not stored on disk at all. An example of this is the hive of branch starting at HKLMHARDWARE. This hive records information about system hardware and is created each time the system boots and performs hardware detection.
Individual settings for users on a system are stored in a hive (disk file) per user. During user login, the system loads the user hive under the HKEY_USERS key and sets the HKCU (HKEY_CURRENT_USER) symbolic reference to point to the current user. This allows applications to store/retrieve settings for the current user implicitly under the HKCU key.
Not all hives are loaded at any one time. At boot time, only a minimal set of hives are loaded, and after that, hives are loaded as the operating system initializes and as users log in or whenever a hive is explicitly loaded by an application.
File locations[edit]
The registry is physically stored in several files, which are generally obfuscated from the user-mode APIs used to manipulate the data inside the registry. Depending upon the version of Windows, there will be different files and different locations for these files, but they are all on the local machine. The location for system registry files in Windows NT is %SystemRoot%System32Config; the user-specific HKEY_CURRENT_USER user registry hive is stored in
Ntuser.dat inside the user profile. There is one of these per user; if a user has a roaming profile, then this file will be copied to and from a server at logout and login respectively. A second user-specific registry file named UsrClass.dat contains COM registry entries and does not roam by default.
Windows NT[edit]
Windows NT systems store the registry in a binary file format which can be exported, loaded and unloaded by the Registry Editor in these operating systems. The following system registry files are stored in
%SystemRoot%System32Config :
The following file is stored in each user's profile folder:
For Windows 2000, Server 2003 and Windows XP, the following additional user-specific file is used for file associations and COM information:
For Windows Vista and later, the path was changed to:
Windows 2000 keeps an alternate copy of the registry hives (.ALT) and attempts to switch to it when corruption is detected.[15] Windows XP and Windows Server 2003 do not maintain a
System.alt hive because NTLDR on those versions of Windows can process the System.log file to bring up to date a System hive that has become inconsistent during a shutdown or crash. In addition, the %SystemRoot%Repair folder contains a copy of the system's registry hives that were created after installation and the first successful startup of Windows.
Each registry data file has an associated file with a '.log' extension that acts as a transaction log that is used to ensure that any interrupted updates can be completed upon next startup.[16] Internally, Registry files are split into 4 kB 'bins' that contain collections of 'cells'.[16]
Windows 9x[edit]
The registry files are stored in the
%WINDIR% directory under the names USER.DAT and SYSTEM.DAT with the addition of CLASSES.DAT in Windows ME. Also, each user profile (if profiles are enabled) has its own USER.DAT file which is located in the user's profile directory in %WINDIR%Profiles<Username> .
Windows 3.11[edit]
The only registry file is called
REG.DAT and it is stored in the %WINDIR% directory.
Windows 10 Mobile[edit]
Note: To access the registry files, the Phone needs to be set in a special mode using either:
https://yellowbabe864.weebly.com/blog/logitech-k400r-keyboard-and-mouse-driver. If any of above Methods worked - The Device Registry Files can be found in the following location:
Note: InterOp Tools also includes a registry editor.
Editing[edit]Registry editors[edit]
The registry contains important configuration information for the operating system, for installed applications as well as individual settings for each user and application. A careless change to the operating system configuration in the registry could cause irreversible damage, so it is usually only installer programs which perform changes to the registry database during installation/configuration and removal. If a user wants to edit the registry manually, Microsoft recommends that a backup of the registry be performed before the change.[17] When a program is removed from control panel, it is not completely removed and the user must manually check inside directories such as program files. After this, the user needs to manually remove any reference to the uninstalled program in the registry. This is usually done by using RegEdit.exe.[18] Editing the registry is sometimes necessary when working around Windows-specific issues e.g. problems when logging onto a domain can be resolved by editing the registry.[19]
Windows Registry can be edited manually using programs such as RegEdit.exe, although these tools do not expose some of the registry's metadata such as the last modified date.
The registry editor for the 3.1/95 series of operating systems is RegEdit.exe and for Windows NT it is RegEdt32.exe; the functionalities are merged in Windows XP. Optional and/or third-party tools similar to RegEdit.exe are available for many Windows CE versions.
Registry Editor allows users to perform the following functions:
.
|
RegCloseKey | RegOpenKey | RegConnectRegistry | RegOpenKeyEx |
RegCreateKey | RegQueryInfoKey | RegCreateKeyEx | RegQueryMultipleValues |
RegDeleteKey | RegQueryValue | RegDeleteValue | RegQueryValueEx |
RegEnumKey | RegReplaceKey | RegEnumKeyEx | RegRestoreKey |
RegEnumValue | RegSaveKey | RegFlushKey | RegSetKeySecurity |
RegGetKeySecurity | RegSetValue | RegLoadKey | RegSetValueEx |
RegNotifyChangeKeyValue | RegUnLoadKey |
Microsoft.Win32.Registry
in VB.NET and C#, or TRegistry
in Delphi and Free Pascal). COM-enabled applications like Visual Basic 6 can use the WSHWScript.Shell
object. Another way is to use the Windows Resource Kit Tool, Reg.exe
by executing it from code,[24] although this is considered poor programming practice.
Win32::TieRegistry
), Python (with winreg), TCL (which comes bundled with the registry package),[25]Windows Powershell and Windows Scripting Host also enable registry editing from scripts.
RegConnectRegistry
function[33] if the Remote Registry service is running, correctly configured and its network traffic is not firewalled.[34]Permission | Description |
---|---|
Query Value | The right to read the registry key value. |
Set Value | The right to write a new value |
Create Subkey | The right to create subkeys. |
Enumerate Subkeys | Allow the enumeration of subkeys. |
Notify | The right to request change notifications for registry keys or subkeys. |
Create Link | Reserved by the operating system. |
Delete | The right to delete a key. |
Write DACL | The right to modify permissions of the container's DACL. |
Write Owner | The right to modify the container's owner. |
Read Control | The right to read the DACL. |
HKLMSYSTEMCurrentControlSet
key, which stores hardware and device driver information.%Windir%Sysbckup
Scanreg.exe can also run from MS-DOS.[41]RDISK.EXE
, a utility to back up and restore the entire registry.[42]gpedit.msc
, or to multiple users and/or computers in a domain using gpmc.msc
.
POLICY.POL
). The policy file allows administrators to prevent non-administrator users from changing registry settings like, for instance, the security level of Internet Explorer and the desktop background wallpaper. The policy file is primarily used in a business with a large number of computers where the business needs to be protected from rogue or careless users.
.POL
.The policy file filters the settings it enforces by user and by group (a 'group' is a defined set of users). To do that the policy file merges into the registry, preventing users from circumventing it by simply changing back the settings.The policy file is usually distributed through a LAN, but can be placed on the local computer.
poledit.exe
for Windows 95/Windows 98 and with a computer management module for Windows NT. The editor requires administrative permissions to be run on systems that uses permissions.The editor can also directly change the current registry settings of the local computer and if the remote registry service is installed and started on another computer it can also change the registry on that computer.The policy editor loads the settings it can change from .ADM
files, of which one is included, that contains the settings the Windows shell provides. The .ADM
file is plain text and supports easy localisation by allowing all the strings to be stored in one place.
/etc/
and its subdirectories, or sometimes in /usr/local/etc
. Per-user information (information that would be roughly equivalent to that in HKEY_CURRENT_USER) is stored in hidden directories and files (that start with a period/full stop) within the user's home directory. However XDG-compliant applications should refer to the environment variables defined in the Base Directory specification.[49]/Library/
folder, whereas per-user configuration files are stored in the corresponding ~/Library/
folder in the user's home directory, and configuration files set by the system are in /System/Library/
. Within these respective directories, an application typically stores a property list file in the Preferences/
sub-directory.The following table shows other difficulties or limitations caused by using .INI files that are overcome by using the Registry.
|journal=
(help)Wikibooks has a book on the topic of: Windows registry hacks |
Write something about yourself. No need to be fancy, just an overview.