Special Edition Using Microsoft Windows XP Professional (3rd Edition)

You might never need to edit the Registry by hand. Most Registry keys are set by the software that uses them. For example, Microsoft Office sets its own preference values, and the Control Panel applets set the appropriate Display, Sound, and Networking Registry entries. In a way, the Control Panel is mostly just a Registry Editor in disguise.

You might need to edit the Registry by hand if directed by a technical support person who's helping you fix a problem, or when you're following a published procedure to make an adjustment for which there is no Control Panel setting.

In the latter case, before going any further, I need to say this one last time, to make it absolutely clear: Few circumstances really require you to edit the Registry by hand. Back up the Registry, or at least the section you want to change, before making any changes.

In the next few sections, I'll cover the basics of the Registry Editor.

Viewing the Registry

The Registry Editor doesn't have a Start menu item. You must run it from the Start, Run dialog. Enter regedit and click OK.

Regedit displays a two-pane display much like Explorer, as shown in Figure 32.5. The top-level keys, which are listed below My Computer, can be expanded just like drives and folders in the Explorer. In the pane on the right are the values for each key. The name of the current selected key is shown in the status bar.

Figure 32.5. The Regedit screen shows keys on the left and values on the right.

Values have names, just as the files in a folder do, and it's here that configuration information is finally stored. Each key has a (Default) value, which is the value of the key itself, and any number of named values. For example, in Figure 32.5, key HKEY_CURRENT_USER\Desktop is shown. The value of HKEY_CURRENT_USER\Desktop itself is undefined (blank), and the value HKEY_CURRENT_USER\Control Panel\Desktop\CoolSwitch is 1.

Registry values have a data type, which is usually one of the types shown in Table 32.3.

Table 32.3. Data Types Supported by Regedit

REG_SZ

Textual information, a simple string of letters

REG_DWORD

A single number displayed in hexadecimal or decimal

REG_BINARY

Binary data, displayed as an arbitrary number of hexadecimal digits

REG_MULTI_SZ

A string that can contain more than one line of text

REG_EXPAND_SZ

Text that can contain environment variables (such as %TEMP%)

Other data types such as REG_DWORD,_BIG_ENDIAN, and REG_FULL_RESOURCE_DESCRIPTOR exist, but they are obscure, rare, and can't be edited with Regedit.

Searching in the Registry

You can search for a Registry entry by key name, value name, or the contents of a value string. First, select a starting point for the search in the left pane. You can select My Computer to select the entire Registry, or you can limit your search to one of the top-level keys or any subordinate key. Next, select Find from the menu, and enter a search string into the Find dialog. The Find feature is not case sensitive, so upper- and lowercase don't matter. You can check any of the Look At boxes, as shown in Figure 32.6, to designate where in the Registry you expect to find the desired text: in the name of a key, in the name of a value, or in the data, the value itself.

Figure 32.6. In the Find dialog, you can select whether to search key names, value names, or value data.

Check Match Whole String Only to search only for items whose whole name or value is the desired string.

NOTE

Most of the time I check all the Look At boxes but not Match Whole String Only.

Select Find Next to start the search. The Regedit display indicates the first match to your string, and by pressing F3, you can repeat the search to look for other instances.

TIP

The search function has two limitations:

  • You can't enter a backslash (\) in the search string when looking for a key or value name; Regedit won't complain, but it won't find anything either.

  • You can't search for the initial HKEY_xxx part of a key name. That's not actually part of the name; it's just the section of the Registry in which the key resides.

So, to find a key named, for example, HKEY_CLASSES_ROOT\MIDFile\shell\Play\Command, you can't type all that in and have Find jump right to the key. If you already know the full pathname of a key, use the left pane of Regedit to browse for the key directly.

Editing Keys and Values

Regedit has no Save or Undo menu items. Changes to the Registry happen immediately and permanently. Additions, deletions, and changes are for real. This is the reason for all the warnings to back up before you poke into the Registry.

Adding a Value

To add a value to a key, select the key in the left pane, and choose Edit, New. Select the type of value to add; you can select any of the supported Registry data types: String, Binary, DWORD, Multi-String, or Expandable String. (The instructions you're following will indicate which type of value to add.) A new value entry then appears in the right pane, as shown in Figure 32.7.

Figure 32.7. New value adds an entry in "Rename" mode.

Enter the new value's name, and press Enter to edit the value.

  • For string values, enter the text of the desired string.

  • For DWORD values, choose Decimal or Hexadecimal, and enter the desired value in the chosen format (see Figure 32.8).

    Figure 32.8. You can choose to enter a DWORD value in either decimal or hexadecimal notation.

  • For binary values, enter pairs of hexadecimal characters as instructed. (You'll never be asked to do this, I promise.)

Changing a Value

If you want to change a value, double-click it in the right-hand pane to bring up the Edit Value dialog. Alternatively, you can select it and choose Edit, Modify from the menu, or right-click and select Modify from the context menu. Then make the desired change, and click OK.

That is all you will likely ever need to do with Regedit. However, in the extremely unlikely case that you would want to delete a value or add or remove a key, the following sections can help see you through these processes.

Deleting a Value

If you've added a Registry value in the hope of fixing some problem and found that the change wasn't needed, or if you're instructed to delete a value by a Microsoft Knowledge Base article or other special procedure, you can delete the entry by viewing its key and locating the value on the right-hand pane.

Select the value and choose Edit, Delete from the menu, or right-click and select Delete from the context menu. Confirm by clicking OK.

CAUTION

There is no Undo command in the Registry Editorwhen you delete a value, it's gone for good. Be sure you've made a Registry backup before editing or deleting Registry keys and values.

Adding or Deleting a Key

Keys must be added as subkeys to existing keys; you can't add a top-level key. To add a key, select an existing key in the left pane, and select Edit, New, Key from the menu. Alternatively, right-click the existing key, and select New, Key from the context menu. A new key appears in the left pane, where you can edit its name, as shown in Figure 32.9. Press Enter after you enter the name.

Figure 32.9. A new key appears in "Rename" mode.

You can delete a key by selecting it in the left pane and choosing Edit, Delete from the drop-down menu, or by right-clicking it and selecting Delete from the context menu. Click OK to confirm that you do intend to delete the key. Deleting a key deletes its values and all its subkeys as well, so without the protection of Undo (or a Registry Recycling Bin), this action is serious.

Renaming a Key

As you have probably guessed, the pattern for renaming a key follows the Explorer exactly: Choose the key in the left pane and select Edit, Rename, or right-click the key and select Rename. Finally, enter a new name, and press Enter.

CAUTION

Don't attempt to rename keys without a very good reason, such as you mistyped the name of the key you were adding. If Windows can't find specific Registry keys it needs, Windows may not boot or operate correctly.

Using Copy Key Name

As you have probably noticed by now, Registry keys can be pretty long, tortuous things to type. The Registry Editor offers a bit of help to finger-fatigued Registry editors (and authors): Choosing Edit, Copy Key Name puts the name of the currently selected key into the Clipboard, so you can paste it elsewhere, should the need arise. For example, when you've found a neat Registry trick, you might want to email your friends about it.

Advanced Registry Editing

The Registry Editor has some advanced features you'll need only if you're managing a network of Windows XP computers or if you run into really serious problems with your Windows installation.

Editing the Registry of a Remote Computer

The Registry Editor permits administrators to edit the Registry of other computers on a network. Of course, this operation is highly privileged, and you must have administrator privileges on the computer whose Registry you want to edit. To edit a remote computer's Registry, choose File, Connect Network Registry. Next, enter the name of the remote computer, or click Advanced, then Find Now to select one graphically; then click OK. (Interestingly, Browse doesn't let you use Active Directory to select a computer to manage, only the basic "local computers" list.)

When you've connected, the computer's Registry keys appear in the list along with your own, as shown in Figure 32.10.

Figure 32.10. Viewing and editing a remote computer's Registry.

NOTE

For you to be able to connect to the Registry on a Windows 95 or 98 computer, it must have Remote Management installed. This option must be installed as part of the computer's Network Services through the Network Control Panel. Windows Me is not supposed to support remote Registry editing but you can install the Remote Management feature from a Windows 98 CD-ROM. On Windows NT, 2000, and XP, the Remote Registry service is installed automatically.

Note that only the two main "real" top-level keys will appear: HKEY_LOCAL_MACHINE and HKEY_USERSthe virtual keys will not. When you have finished editing the remote computer's Registry, right click its name in the left-hand pane and select Disconnect.

CAUTION

You can't use File, Export or File, Import to save or load a remote Registry's values. These commands might appear to work, but they operate only on the local computer's Registry.

Editing Registry Entries for Another User

If you open a Registry Editor and look under HKEY_USERS, you will find that the only available subkeys are .DEFAULT, four entries for system services, and your own subkey, which is also accessible as HKEY_CURRENT_USER. As I mentioned earlier, Windows stores various parts of the Registry in data files called hives, and loads the hive containing your part of HKEY_USER only when you are currently logged on. When you log out, your subkey is unloaded from the Registry, and the hive file is left in your user profile folder. (And if you have a roaming user profile, your profile folder is copied back to the domain server. That's how your settings are able to follow you from one computer to another.)

As an administrator, you might find it necessary to edit HKEY_USER entries for another user. For example, a startup program in HKEY_CURRENT_USER\Software\Windows\CurrentVersion\Run might be causing such trouble that the user can't log on. If you can't log on as that user, you can edit his or her HKEY_CURRENT_USER Registry keys in another way:

1.

Log on as Administrator and run Regedit.

2.

Select the HKEY_USERS window.

3.

Highlight the top-level key HKEY_USERS.

4.

Select File, Load Hive.

5.

Browse to the profile folder for the desired user. It is in \Documents and Settings\username for a local machine user in a workgroup, or for a Windows Server domain, in the folder used for user profiles on the domain controller. The name of this folder might have the computer name or a domain name attached. For example, on one computer my profile folder name is "bknittel.java".

6.

Type the filename NTUSER.DAT. (The file does not appear in the Browse dialog because it's "super hidden": a hidden system file). Then click Open.

7.

A dialog then appears, asking you to enter a name for the hive. While HKEY_USERS normally loads user hives with a long numeric name, I suggest that you type the user's logon name. Click OK. The user's Registry data is then loaded and can be edited, as shown in Figure 32.11.

Figure 32.11. An offline user's Registry hive is now loaded and can be edited.

8.

When you're finished editing, unload the hive. Select the key you added under HKEY_USERS (for example, the offline user key in Figure 32.11), and select File, Unload Hive. Confirm by clicking Yes on the warning dialog.

Editing Registry Entries for Another Windows Installation

If you need to retrieve Registry entries from an installation of Windows 2000 or XP on another hard disk or partition, you can load any of that installation's hive files for editing or exporting. This might happen when you

  • Install a new hard disk and install Windows XP on the new disk.

  • Have a severe Registry error that prevents Windows from booting at all. If you can't use the Emergency Recovery procedure to fix the problem, you can install Windows onto another drive, partition, or folder on your computer. When you boot up that copy of Windows, you can load the original installation's Registry files for editing. Then you can try to boot up the original installation.

To edit the other installation's Registry, you will need to locate its hive files. They are usually found in the locations shown in Table 32.4.

Table 32.4. Usual Location of Hive Files

Key

Hive File

HKEY_LOCAL_MACHINE\SAM

\winnt\system32\config\sam

HKEY_LOCAL_MACHINE\Security

\winnt\system32\config\security

HKEY_LOCAL_MACHINE\Software

\winnt\system32\config\software

HKEY_LOCAL_MACHINE\System

\winnt\system32\config\system

HKEY_USERS\.Default

\winnt\system32\config\default

To edit another Windows installation's Registry, use the technique I described under "Editing Registry Entries for Another User" But instead of locating a user's NTUSER.DAT file, locate the desired hive file on the other hard drive or partition. Unload it after you've exported or corrected the desired information.

Editing Registry Security

Just as files and folders have security attributes to control access based on user and group identity, Registry keys and values have a complete set of Access Control attributes that determine who has rights to read, write, and modify each entry. For example, the Registry keys that control system services can't be modified by non-Administrator users; otherwise they could conceivably make the entries refer to their own programs which would then run at a high privilege level. Access controls on the Registry is thus a key part of Windows security.

NOTE

It's rare that you should have to modify registry security settings, but it does happen sometimes. The usual case is that an incorrectly designed program will set up registry keys during installation and will make them readable and/or writeable only by the user who installed the program, which is usually Administrator. Then, you try to run the program from your normal user account, the program can't read or modify its registry values. This happened to me with my @backup online backup service, which was unable to update its "last backup" information unless I was logged on as Administrator. Making the software's registry keys writable by the Power Users group fixed this problem. Also, Microsoft will sometimes recommend modifying registry security in one of their all-too-frequent emergency security bulletins.

If you absolutely must change permissions or auditing controls, locate the desired key or value, right-click it, and select Edit, Permissions. The Permissions dialog looks just like the comparable dialog for files and folders (see Figure 32.12), and lets you set read, write, and modify rights for specific groups and users. There is a corresponding set of audit settings.

Figure 32.12. Registry Key Permissions control which users or groups are allowed to see or modify the Registry key and its values.

Needless to say, incorrectly changing Registry key access rights can cause profound problems with Windows, so I encourage you not to make any changes to Registry access settings unless you're explicitly instructed to do so.

Категории