Windows Registry

The Windows registry database (also Windows registry or the Windows registry ) is since the first version of Windows NT, the central hierarchical database configuration of the operating system Microsoft Windows. Here, both information of Windows itself, as well as information of programs are stored. With Windows 3.x, Windows registry was introduced in the field of consumer operating systems. While among the early Windows systems mainly file extensions are saved, it is in the registry since Windows 95 and Windows NT 4.0 is a comprehensive database for the management of the system and all integrated system services and processes. The registry offers the possibility, there centrally store the settings of the installed applications.

• 2.1 The default editor RegEdit
• 2.2 Changing the registry with command line parameter by RegEdit and Regdatei
• 2.3 REGEDIT versus REGEDT32
• 2.4 Windows PowerShell
• 2.5 REG.EXE

• 3.1 precursor INI configuration files
• 3.2 Introduction to the central configuration database
• 3.3 References to a beehive
• 3.4 More economical use since Windows 2000

• 4.1 Advantages over configuration files
• 4.2 disadvantages

• 5.1 Protection from unauthorized interference
• 5.2 Retiring RegEdit

• 6.1 Windows registry Windows without

Design and Structure

Registry entries are created in a tree structure in so-called " keys " (English keys), all of which are descended from some of the main keys.

The registration consists of two parts: the first part includes configuration data for the entire Windows installation, the second part contains all user-specific information and settings. The data stored in the registration database data contains all of the variable information of the operating system, such as size and name of the swap file settings for the Windows Explorer, the entire COM registration ( classes and type libraries ), settings for various programs, drivers, settings, and hardware configuration.

Overview of the keys

At the highest level, the registry of a workstation in a few main or root key is divided in their name - per Windows version - is fixed:

The italics in the table excellent keys are not actually exist, but only links to other keys. The abbreviation HKEY, which introduces the names of the master key, stands for "handle to key".

HKEY_CLASSES_ROOT

Under this master key - short " HKCR " - is for each registered file type subkey. This in turn can be a number of other subkeys such as " ShellEx ", " ShellNew ", " Open With List" and many more included. Also this subkey can have values ​​. A very commonly used value is " Content Type", where the content type of the file is specified. This can, for example, "text / plain" be what a plain text file marks, or for example "image / jpeg", which would feature an JFIF image file. The default value of this subkey is also a class name under certain circumstances. This class name identifies a further subkey of HKCR with further information. One of the most important subkey of HKCR is " CLSID " (Class ID). Home to several subkeys with GUID of the registered COM classes and type libraries. When a COM class, there is usually either the subkey " InprocServer32 " or " LocalServer32 ", depending on whether it is an in-process server or not. This subkey contains the default value of the filename of the COM library that contains the class (this is usually a DLL file). The subkey " ProgID " is the Prog ID of the class ( for example, " ADODB.Recordset "), which is used for example in VBScript to create an instance of the class.

HKEY_CURRENT_USER

The master key HKEY_CURRENT_USER is also abbreviated as " HKCU " and contains the user-specific configuration data for the currently logged in user. A significant subkey is 'software', it contains user-specific application settings: many installed application programs place parts of their configuration in this subkey from. The subkey "Software" includes something for everyone software manufacturers its own subkey. For example, there is a subkey "Microsoft", which in turn has a subkey "Windows ", which in turn a sub-key " CurrentVersion ", has in turn a key "Run" has. This contains a list of all applications that are to be executed after the user has logged on.

HKEY_LOCAL_MACHINE

This master key " HKLM " includes all computer-specific settings. The subkey "SOFTWARE" is similar in structure to the subkey "Software " in " HKCU ". Again, there is a subkey "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run ", but contains all the applications that are run after the successful login of each user on this computer.

On the other hand, there are key as "SYSTEM", which contains the configuration of the operating system itself, including the Device Manager settings and Windows services configuration.

HKEY_USERS

This master key contains the user-specific configuration information of all users who are currently logged on to the system. The configuration data is copied to the user-specific master key HKEY_CURRENT_USER only when the user logs out of HKEY_USERS.

Location

The data of the Registry is stored in several files, called hives, in a special database format on the hard disk.

Export format

Regdateien are non-active export from the registry that are stored in a file format (. Reg). They are therefore an interface between registry and files dar. Regdateien are in text format and largely human- readable if only certain registry key types are used, especially of type String. With the below stated RegEdit.exe tool you can easily export and import Regdateien, also scripted.

Currently (2010) there are two different formats of Regdateien version 4 and version 5 Windows 95, his relatives and also Windows NT 4 support only the V4 Regdateien. All operating systems from Windows 2000 upwards to process natively the newer Unicode - based variant, but support ( at least until Windows 8 ) the older still.

Manual editing options

The default editor RegEdit

The registry can with the native Windows registry editor RegEdit (for Windows NT, Windows 2000, Windows XP and Windows Server 2003 also RegEdt32 ) are processed or via the command line tool Reg, the 2000 kit is included for Windows in the resource, since Windows XP in the operating system installation is self- contained.

RegEdit includes only very basic functions. You can create keys and values ​​, edit, search and delete parts of the registry export and import again. In general, should be exercised in the direct manipulation of the registry database caution, since incurred error, the entire system can leave unbootable. While this mainly applies only to key in the hive HKEY_LOCAL_MACHINE \ SYSTEM, and even here not for all; nevertheless changes of values ​​can cause unpredictable behavior if you are not careful.

From other manufacturers partly commercial products are offered, which should make an edit of the registry easier by order, for example, to edit keys by categories.

It is also possible to subsequently adapt existing registration user profiles. However, this is quite a costly venture, as the subfolder under " HKEY_USERS " would have to be machined to suit. There is also the option to "load" profile and then edit. Changing the settings of the system user (Windows 2000 ) under " HKEY_USERS \. DEFAULT" is valid only for this and does not help here. Changing the "Default Profiles" for new users does not help here, too. However, an administrator can define a login script for the user, where the changes are then applied at the next login. Setting a login script is something for everyone ( desired ) configure the user, either manually or by an appropriate tool that supports this.

To change the registry with command line parameter by RegEdit and Regdatei

RegEdit can also be used to change scripted the registry. For Windows 95, there were slight differences, but these are not specified here due to lack of significance.

Exporting individual keys in a Regdatei: / e or / e (export).

Example: regedit.exe / ec: \ hklm_run.reg HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

With the / e switch Unicode is generated in the Regdatei, with the / a switch ASCII code.

Exporting the entire registry in a Regdatei (without dialogues, can be very long lasting even within hours ).

Example: regedit.exe / e C: \ komplett.reg

Exporting individual keys in a Regdatei older format (V4 ) ( without dialogue ): / a or / A

Example: regedit.exe / ac: \ hklm_run.reg HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

Importing a Regdatei in the registry ( with question dialog ):

Example: regedit.exe meinRegfile.reg

Importing a Regdatei in the Registry (. , No dialogue, so silent, silent eng ):

Example: regedit.exe / s meinRegfile.reg

If the key in Regdatei a "-" ( minus) preceded by the entry will be deleted.

Example: [- HKEY_CURRENT_USER \ Software \ ]

If the Movement of a value a "-" is specified, the value is deleted.

For example, " test " = -

REGEDIT versus REGEDT32

REGEDT32 is the original registry editor on Win32 -based operating systems and was under Windows NT 3.x versions available as a single. REGEDIT came with Windows 95 to act on the Win9x product line, he was also the only one supplied. Windows NT 4.0 and Windows 2000 provide the only operating systems with both. Since Windows XP was dropped REGEDT32 left. That is, the call to REGEDT32 start REGEDIT, then on Windows XP REGEDIT includes all the features and REGEDT32 is now obsolete.

Prior to Windows XP REGEDIT could not set permissions, he also could not edit some data types. REGEDT32 had these functions from the beginning, but had significantly lower comfort:

• Multiple windows, one for each hive
• Search function applies only to the currently selected Hive
• No context menus
• Rights very cryptic as not divided displayed in the column
• General menu and interface is very much technical, therefore cryptic

Windows PowerShell

Since the release of Windows PowerShell, there is another very easy way to manage the registry. Here you can access the registry directly from the console or from a shell script like on a conventional drive. To this are, for example, cd HKLM: one, to access the master key HKEY_LOCAL_MACHINE can. One of the subkeys is also obtained with the command cd or in the long form Set-Location. The Get- ItemProperty command. shows all the properties ( registry entries ) that are stored for the current registry key. In this way, for example, by entering the following command sequence in the PowerShell all entries in the Run - key show:

Another Windows - own program, which is used exclusively for changing the registry via scripts and batch files, REG.EXE is. With REG.EXE /? obtained on the command line help for the parameters.

The HKEY_LOCAL_MACHINE is the operating system of Windows NT line, including Windows XP, SystemRoot % \ System32 \ Config stored in the%. Windows 9x, however, stores the contents of that part of the registry in the file system.dat

In more recent 64- bit versions of Windows, the files are located through the transparent mapping of the locations for 32- bit programs in the directory % SystemRoot % \ Sysnative \ config.

The HKEY_CURRENT_USER other hand, is stored in the user profile directory, which is thus transferred across the network with roaming profiles in a Windows domain for login with. For NT systems, it is as ntuser.dat in the% USERPROFILE %. In Windows 9x, the file user.dat if no user separation is enabled.

Since the integrity of these files is essential for a functioning system, Windows automatically creates backup copies of these files. It can also make a copy of all data stored in the Registry Editor, are made by the user himself.

Missing a file that is part of HKEY_LOCAL_MACHINE, and can not be loaded, the backup, Windows can not boot - an error message will result. For this problem only helps to reinstall if you have not manually backed up the files somewhere and, for example, with the Recovery Console ( recovery console ) in Windows 2000 and later can play back.

If the file that contains the HKEY_CURRENT_USER hive, a new file is created by a template is copied with default settings - this is to find the user directory on Windows NT-based systems in default. This is for example the case if the user has just been created again.

History of development

Precursor INI configuration files

Before had enforced the concept of the registry in Windows, parameters were stored in initialization files separately for each program in the directory. Configuration files from older versions of Windows (up to Windows 3.11) usually carry the extension code:. Ini, but often also occur configuration files with different file extensions. They are easy to open and edit, since it is an ASCII text file that can be structured in almost any way with any text editor.

Introduction of the central configuration database

A central hierarchical configuration database, with a clearly defined, hierarchical basic structure, was introduced with the first version of Windows NT, called the Windows Registry. With Windows 3.x, Windows registry was introduced in the field of consumer operating systems. While among the early Windows systems mainly file extensions are saved, it is in the registry since Windows 95 and Windows NT 4.0 is a comprehensive database for the management of the system and all integrated system services and processes. The registry also provides the ability to centrally store the settings of installed applications.

References to a beehive

You can often find in the naming of the parts of the Windows registry database irritating allusions to a hive (or " hive ", engl. For " beehive " ) find out which rumored to be curiously attributed to a dislike of a Microsoft developer to bee and no broader meaning imply. Thus, for example, the importance of the "H " in " HKEY " is often rendered " hive".

More economical use since Windows 2000

After the pros and cons of Registry opposite configuration file solutions became clearer, a more restrained use of the registry have been working since about Windows 2000 increasingly in proprietary application programs through. This is especially true for the so-called self-registration that is not recommended by Microsoft since that date. In particular, program your own configurations and so-called " manifests " are stored in separate files rather. A motivational case, Portable Software (USB stick goods) in which the program uses a local Konifgurationsdatei in the application path; easier to use another that file -based configuration management is potentially more complex than the Windows registry mechanisms.

Properties

The following consideration apply to application programs through third-party vendors (ISVs ) and the advantages and disadvantages of setting stored in the registry (under HKLM \ Software \ .. or HKCU \ Software \ .. ) to a central or program - specific configuration file solution. The advantages and disadvantage of the registry as the operating system configuration mechanism for Windows will not be discussed here.

Advantages over configuration files

• The registry does not need much computing power and is extremely fast access. Since it is an indexed database, keys, subkeys, and values ​​can be found extremely fast ( cf. search for a term in the keyword directory of a book ), even at extremely large registry. In addition, figures for example are not stored as strings rather than hardware oriented binary data word encoding, which makes the reading and saving much faster than storing it in a text file.
• The biggest advantage of the registry is that it represents a single point of access to the operating system, which is independent of file paths. Various programs can access the same registry entries. This allows the communication between different programs can be greatly simplified. The installation of individual programs has no effect and also programs find their own settings still using Windows 7 the same way as in Windows 95, whereas little has changed in the default locations for program settings pretty much. ( Applies only to Windows, as this problem has been solved in other systems by a system-wide standardized directory structure → see FHS. )
• Incremental changes with partial information by REG and ADM files can be easily distributed by administrators. Both file types need little computing power, overwriting only explicitly specified information, so are potentially free of side effects. For incremental changes to configuration files there, unlike some other operating systems, Windows no built-in tools. The replacement of a complete configuration file, however, could lead to an unintended, undesirable change other settings.
• Concurrent accesses and write accesses are possible, without having to worry about locking mechanisms.
• Settings for individual users ( " HKEY_CURRENT_USER " ) are clearly separated from global computer settings (" HKEY_LOCAL_MACHINE " ), also implemented correctly by default security settings.
• Changes to keys and values ​​in the registry can be monitored easier with tools such as Process Monitor as file contents, that is, there is a better tool support. ( Applies only to Windows, because this is quite a matter of course in other operating systems, see → Inotify. ) Standard tools for Windows usually only monitor the existence and properties of configuration files, but not their contents. Compare and Merge (merge ) multiple variants, however, is easier with files; for export registry entries in REG files will generally be carried out beforehand.

Disadvantages

• System binding and compatibility: Using the Registry bind a program to a specific Windows installation. Installations have become more complex with the introduction of a central registry ( Windows 95/NT, OS / 2). A Use a application installation on multiple systems or migrating to a new operating system version is not provided.
• Portable Software: The portable ability to run an application such as on a USB stick to varying systems assumes that the registry was not used. An alternative is virtualized applications that use their own private version of the registry without that other programs are affected.
• It is not possible to leave a detailed documentation directly in the registry, for example, the values ​​used or expected by an application. This needs (eg as a README text file or as an HTML file ) to happen in a detached document, if the author wants to document the possible values ​​. In INI files can by labeled as comment lines ( generally semicolon as the first character of the line) done "on site ".
• Although the registry is very efficient, it is not desirable to have too much information to be written, in part because it is managed hauptspeichernah.
• The central registry is a single point of failure, a single failed running program can negatively affect the operating system and other application software, here would promise a separation of the application program configurations advantages in terms of security, absence of feedback and scalability. However, the occurrence of a catastrophic failure of the registry has become extremely unlikely by a two-step transaction due to an error during a registry update since Windows NT. Even in the case of a non- reconstructable state registry, Windows has the ability to repair the registry on system startup or automatically neuanzulegen at least.
• The registry is built proprietary and also operating system specific. The transfer application settings from Windows to other operating systems is therefore only possible if, for example, the program author offers a Import-/Exportfunktion the settings. However, there are functional alternatives to the registry for other systems, a port of registry use Windows program is thus conceivable.

Security

Protection from unauthorized interference

As well as options such as hiding the Task Manager or components of the system control can be done with the registry, it is useful to protect them, especially in larger networks against unwanted changes by normal users.

In fact, a standard protection is already present when the recommended application scenario is used in companies whose users do not have administrative rights or in which the User Account Control ( UAC) feature of Windows Vista or Windows 7 is used. Without administrative rights you have only read access to HKEY_LOCAL_MACHINE and write permissions only in HKEY_CURRENT_USER (which reflects their own personal settings ).

Alternatively, permissions can be set individually, as with the Registry Editor.

As a further protection is provided by antivirus programs and other security tools additional queries or at least messages when change especially important settings in the registry.

The problem, however, is that Windows tools themselves partly to deal poorly with very long key name and malicious programs can hide entries. The registry editor such as Windows can not edit this, however, already.

Retiring RegEdit

For administrators the option was implemented to prevent the execution of RegEdit.exe by a registry entry in the Policies section for specific users. In this area, a standard user without administrator rights do not write, the setting can be set for example by Group Policy. The presence of this key does not prevent the use of other tools, of course (otherwise would probably not a program run more). If you want to prevent certain keys are changed, so is the use of permissions and use of a standard user without administrative rights to the only sensible way.

The key is also a typical target for malware: If, for a user with administrator privileges in the daily work at the computer, malware can be executed very easily terminate editing the registry.

Alternatives

In most Unix-like operating systems such as Linux or OSX, there is no central configuration database, but numerous centrally stored configuration files.

However, there are projects the registry -like systems will also provide for Unix-like systems, such as Elektra or the Gnome GConf configuration database or the successor dconf. GConf built as opposed to the Windows Registry and dconf consistently on XML files, which offered the possibility to read the key with any text editor or XML parser and edit. Likewise, Elektra sets the circuits in plain text files from, for example, can be worked with editors such as vi.

Apple relies in part on OSX so-called property lists that can XML, JSON, or be in a poeritären binary format.

Windows Registry without Windows

It is available for Linux and UNIX systems Win32 API called Wine contains its own implementation of the Windows registry database. Wine itself determines its own settings from it. Furthermore, other Windows programs that run on Wine, edit your settings there. The registration database appears exactly the same as for Win32 applications on a Windows NT system. In the background, however, is - unlike Windows NT systems and how in Unix-like system for common settings - no database, but simple ASCII text files.. During the following files in the directory ~ / wine the registry of Wine readable in the form of texts included:

The ReactOS project, which attempts to recreate Windows NT, takes over parts of Wine, including the implementation of the Windows registry database.