Overview
Windows XP uses only one registry editor. Gone are the separate RegEdit and RegEdt32 editors that existed in Windows 2000. No matter which command you enter in Windows XP, RegEdt32 or RegEdit, the same program (RegEdit, which is called the Registry Editor) will run.
Windows XP also has a utility called REG that is included as part of the system installation—
no more needing to install a separate Resource Kit. This tool is run at the command prompt.
REG allows flexible manipulation of the registry, replacing earlier versions of a number of the other Resource Kit components.
In this chapter, I'll first discuss the registry tools specific to Windows XP. In the second half of the chapter, I'll review the many useful tools available in earlier versions of Windows.
Using the Registry Editor
If you have used Windows 2000's RegEdt32, you'll notice some differences in Windows XP's Registry Editor. While RegEdt32 has much more power, the Registry Editor is easier to use.
RegEdt32 is an MDI (multiple document interface) application, and it displays each of the main hives in the registry in its own window. RegEdt32 has powerful administrative tools that the Registry Editor doesn't support, including read-only mode (note the following Warning) and a security configuration, which allows you to restrict access to some registry hives, keys, and subkeys.
Using the Registry Editor is as simple as starting it. From a command prompt, type regedit to start the program. You can also select Start → Run, type RegEdit, and click the OK button to start the Registry Editor. In either case, typing RegEdt32 will have exactly the same effect in Windows XP.
Warning Registry Changes Are Permanent! All changes made with the Registry Editor are immediate and, for all intents, permanent! Though you can go back and manually undo a change made with the Registry Editor, everything that you change with the Registry Editor affects the current registry. Unlike Windows 2000's RegEdt32, XP's Registry Editor does not have a read-only mode. There is no safety net and nothing to catch your bloopers and booboos, and generally you'll have to clean up your own mess. In other words, you are editing the real, working, live, honest-to-goodness registry—not a copy. There is no Save command in the Registry Editor; you type in a change, and it is saved right then and there. So, make sure you have a backup of the registry files before fiddling with registry.
Once started, the Registry Editor displays the current registry (see Figure 4.1). By default, this is the local registry. However, you can open a registry on a remote computer by selecting File
→ Connect Network Registry and entering the name of the computer (see Figure 4.2) whose registry you want to open. If you cannot remember the exact name of the desired computer, the Select Computer window (Figure 4.3) displays a list of all computers found in the domain directory.
Figure 4.1: The Registry Editor automatically opens the current, local registry.
Figure 4.2: Use the Registry Editor's standard Select Computer window for remote registry editing.
Figure 4.3: The Registry Editor's advanced Select Computer windows lets you select the name of the computer whose registry you want to edit.
Figure 4.4 shows a remote registry opened in the Registry Editor. Only HKEY_USERS and HKEY_LOCAL_MACHINE may be edited remotely in Windows XP.
Figure 4.4: A remote registry is open and ready for editing in the Registry Editor.
The Registry Editor has a straightforward set of menus. The Edit menu allows you to save and load text-based .reg (registry) files, connect to and disconnect from a network registry, and print the current branch or the entire registry.
Making the Registry Editor Do What It Used to Do!
Since Windows 2000, the Registry Editor displays the last open key from the previous editing session. Some users like this feature; others do not. There is no easy way to disable this functionality, though perhaps Microsoft will give us the option to do so at a later time. Until that time, try this to disable the feature:
1. Using the Registry Editor, open
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Applets\Regedit
2. Edit the LastKey value, and change its contents to an empty string. (If you want to always start in a specified location, you can put that location in this key's value.) 3. Select the RegEdit key.
4. Select Edit → Permissions.
5. Uncheck the Full Control permission for every user in the list.
This prevents the Registry Editor from saving a value in this key. (Note that this also prevents the Registry Editor from saving any defaults or favorites.)
New! You use the Edit menu to create a new key or value entry. Data types in the Registry Editor are restricted to string, binary, multistring, expandable string, and DWORD. Generally, these types are the only registry data types that you would want to edit. New to the Registry Editor's Edit menu is the Permissions option. Prior versions of the Registry Editor did not allow you to set permissions, but this limitation has been fixed as of Windows XP.
The Edit menu also lets you delete an object, rename a key or subkey, and copy a key name to a new name. At the bottom of the Edit menu are the Find and Find Next options.
Windows 2000 added improvements to the Registry Editor that continue in Windows XP.
One improvement is the addition of the Type column in the right-hand display of values and data, which lists each value's type. Although the Registry Editor displays the names of all the data types available to Windows, the user is still restricted to editing the data types listed above.
Another 2000 improvement is the addition of the Favorites menu. This feature lets you place your most commonly accessed subkeys into a list of favorites so you can quickly navigate to a subkey.
Note If you have disabled the Registry Editor's last open key functionality (as described above), then you have essentially disabled the Favorites options as well. You can't have one without the other...
Importing and Exporting Registry Hives and Keys
The ability to export a registry hive or key (or the entire registry, if necessary) is a powerful feature of the Registry Editor. Once a registry is open, select a hive or key (or My Computer to export the entire registry) and choose File → Export to open the Export Registry File window (see Figure 4.5).
Figure 4.5: Exporting the currently selected hive or key is easy!
Note The typical Windows registry is several thousand to hundreds of thousands of lines long. The registry on my server has over 130,000 lines. At 66 lines per page, the printed report would be at least 2,000 pages. At least, you say? Yes, many registry lines require more than one line to print, so the printout would actually be much more than 2,000 pages.
A hive is exported into a Unicode text-based file. This file has no comments; some of the Resource Kit registry tools do comment exported sections of the registry. However, the file may be opened with most any text editor (such as Notepad), searched, and even (carefully) modified. Any changes made to the exported text file may be incorporated into the registry by simply importing the modified file.
Importing a file that the Registry Editor had previously exported is as simple as selecting Registry → Import Registry File and entering the name of the registry file to import.
What Is an Exported Registry File?
A registry file exported by the Registry Editor starts with the line: "Windows Registry Editor Version 5.00." The following line is the first hive exported in a hierarchical format:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE]
[HKEY_LOCAL_MACHINE\Hardware]
[HKEY_LOCAL_MACHINE\HARDWARE\Description]
Generally, a full export of a registry starts with an export of the HKEY_LOCAL_MACHINE hive, as the above example shows.
The contents of an exported registry are arranged in the file as a hive and key combination (fully qualified, enclosed in brackets), with the data key name in quotes and its value following the equal sign. The following example shows the three value entries that the FloatingPointProcessor contains:
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0]
"Component Information"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00
"Identifier"="x86 Family 5 Model 4 Stepping 3"
"Configuration Data"=hex(9):ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00
Why export the registry? First, the search capabilities in the Registry Editor are not optimal.
(Well, that's my opinion!) Loading an exported registry file into an editor (such as Word, or even Notepad) allows you to quickly search for strings using the editor's search capability.
Another benefit is that it is easy to export the registry before installing an application or system extension. After an installation, it is also a good idea to export the registry. Then, using one of the system comparison tools (such as FC or, if you have it, WinDiff), you can compare the two versions of the registry and see what the installation has changed. Bingo—a quick way to see what's happening to the registry on installations.
Printing the Registry
Printing a registry hive or key is possible in the Registry Editor. As mentioned previously, printing an entire registry is not a swell idea—you'd have to make a major investment in paper and printer supplies. Typically, a registry would require thousands of pages to print.
Printing sections of a registry hive can be very useful if a paper record is needed, or if you need something to take to a meeting, or if you want to jot down some quick notes. The limit of a printed registry hive or key is that searching it might be difficult.
Printing is easily done if you select the hive or subkey to print, then select File → Print from the Registry Editor's main menu. The Print dialog box, shown in Figure 4.6, allows you to edit the branch to be printed (with the currently selected object as the default). The results of printing a registry report are almost identical to exporting, with the exception that a printed report lacks the initial header line that's found in an exported registry file.
Figure 4.6: The Registry Editor's Print dialog box is set to print a small part of the hive HKEY_LOCAL_MACHINE.
Tip Is the registry file readable? Generally, the Registry Editor in Windows XP creates a better report than previous versions did. The Registry Editor print facility is basic and simply wraps lines at 80 characters. Any line more than 80 characters wraps and is difficult to read. Complex registry data types (such as
REG_FULL_RESOURCE_DESCRIPTOR) are well formatted. Another solution is to print the registry to a file, load the file into a word processor, format it to be readable, and print it from the word processor. To do this, you must define a generic text printer device.
Creating, Renaming, and Deleting Entries
The Registry Editor allows you to quickly create, delete, or rename an entry. Entries may consist of keys, subkeys, or value entries.
Creating a New Key
You can quickly create a new key by following these steps:
1. Select the hive or key in which the new key is to be created. Either right-click the object or select Edit → New, and then select the type of object to create.
2. The Registry Editor creates the new subkey, giving it a default name of New Key #n where n is a number beginning with 1. Edit the new subkey's name. Give the subkey a meaningful name or the name that is expected for this subkey. (If you neglect to edit the key's name at this time, you can rename it later.)
Once the new subkey has been created, you can populate it with additional subkeys and value entries.
Note A hive, key, or subkey may contain both value entries and other subkeys at the same time.
Why Can't I Create a Key Here?
New! Prior to Windows XP, not all hives allowed you to create keys directly under the hive itself. For example, it was not possible to create a key under HKEY_LOCAL_MACHINE,
though you could create a key under HKEY_CURRENT_USER. Now you can create keys virtually anywhere. However...
Why not create an object in those locations? Simply put, the HKEY_LOCAL_MACHINE hive is not "saved" when Windows shuts down. Rather it is re-created anew each time Windows boots—therefore, any key or subkey created is lost at the next boot-up time.
Creating a Value Entry, Then Renaming It
You can quickly create a new value entry by following these steps:
1. Select the hive or key in which the new value entry is to be created.
2. Select Edit → New and then select either String Value, Binary Value, DWORD Value, Multi-String Value, or Expandable String Value, depending on the type of data that this value entry will have.
3. The Registry Editor creates the new value entry, giving it a default name of New Value #n where n is a number beginning with 1. Edit the new value entry's name. Give it a meaningful name or the name that is expected for it. Press the Enter key to save the new name.
Tip At any point, you may rename a key or value entry by right-clicking the item to be renamed and selecting Rename from the context menu.
4. To enter data into the new entry, double-click the entry. The correct edit box is displayed, allowing you to edit the data. If you right-click, you can choose to edit the object using the binary format (see Figure 4.7).
Figure 4.7: The Registry Editor after right-clicking on
REG_FULL_RESOURCE_DESCRIPTOR, showing the Modify Binary Data selection in the context menu
Once you've created the new value entry, you can enter data as necessary.
Note A key need not have a data value entered. A key is valid without any data, though no-data defaults vary depending on the type of no-data the key contains: String values have a
zero-length string as their default. Binary values have a zero-length binary value (which is different from having a value of zero). DWORD values have a value of zero.
Figure 4.8 shows the Registry Editor with a new subkey containing another subkey, a string value, a binary value, a DWORD value, a multistring value, and an expandable string value, exactly as created by the Registry Editor. Note that I've named the initial subkey Test Key.
Figure 4.8: The Registry Editor after creating the subkey called Test Key and a further subkey called Test sub-key
In the example, I gave each of the new value entries a name to match the type of data it stores.
I created each value using the Edit → New selection in the menu, as shown in Figure 4.9. You can edit value entries at any time, either in their native format or in a raw, binary format. To change the name, select the key or value entry and choose Edit → Rename. To change the value entry's contents, select the value entry and choose Edit → Modify. To change the value entry's contents in binary format, select the value entry and choose Edit → Modify Binary Data. You can also double-click the value entry or right-click (also known as a context-click) the item and choose Modify to change the value.
Figure 4.9: You create new value entries using the Registry Editor's Edit menu.
Deleting the Unwanted
Getting rid of the unwanted is easy. Select the object, either a key, subkey, or value entry, to be deleted and then either select Edit → Delete or just press the Delete key. The Registry
Editor prompts you to confirm that the object is to be deleted, if the Confirm on Delete option is selected.
Warning Once deleted, 'tis gone forever! Be careful not to delete anything that you will want later. Prior to deleting, it's appropriate to back up the registry. It also might be a good idea to rename the object, just in case you need to restore it at a later time.
Copying Key Names
Is this as simple as it seems? A long, convoluted name without having to type it? Yes, it is!
Copy Key Name, found in the Registry Editor's Edit menu (and from the key's context menu if you right-click the key and select Copy Key Name), copies the key's name to the Clipboard.
The information is copied in text format and may then be pasted into other applications or word processors as needed. For example, when I copy the new key created in Figure 4.8, the following text is placed into the Clipboard:
HKEY_LOCAL_MACHINE\Hardware\Description\System\Test Key\Test sub-key
This means it is not necessary to manually type in long registry keys into other applications and documents. This feature, for example, was a great help when writing this book.
Tip Sadly, we can't copy either value names or their contents in this manner! To copy a key's data, you must edit it and select and copy from the editor.
Searching: Find and Find Next
Searching a registry is one of the most important tasks you'll have to undertake. Before you make a modification, do debugging, or start browsing, it is usually necessary to search for something.
Now, as I've mentioned previously, the Registry Editor's search capabilities are a bit limited.
Tip The Registry Editor searches downward only. If what you are searching for is located above the current selection, you'll be in for a long wait, as the search will have to scan to the end of the registry and then restart at the beginning to find it. When in doubt, start at My Computer, and you can be assured that the search will include the entire registry. Oh, the Registry Editor's search is deathly slow—a long search, in a large registry, is a sure sign that it's time for a coffee break.
Searching allows you to look at keys, data value names, and data value contents. You may choose to search any or all of these (see Figure 4.10), and you can limit the search to whole strings only, which applies to searching text strings exclusively.
Figure 4.10: You can search for any combination of keys, values, and data.
Note The Registry Editor's search is not case specific, so you can enter strings to be searched in lowercase if desired. This is nice, since the case of many registry entries is rather mixed.
Once the search finds the item searched for, it stops on the word(s) found. Use F3 to continue the search or to find subsequent matches.
If the Registry Editor's search is unable to find the string entered, you will see an error dialog box.
Loading and Unloading Hives
The Registry Editor allows a hive to be loaded into the current registry. This hive may be modified and later unloaded. Why?
There are several reasons for loading and unloading hives into the Registry Editor. The following example, configuring a modified new user profile, concerns the file ntuser.dat. In ntuser.dat is the HKEY_CURRENT_USER hive. Within this hive are settings, such as internationalization, colors, schemes, and other items. Windows XP's installation process creates a default user profile—nothing spectacular, a very plain configuration. Whenever a
There are several reasons for loading and unloading hives into the Registry Editor. The following example, configuring a modified new user profile, concerns the file ntuser.dat. In ntuser.dat is the HKEY_CURRENT_USER hive. Within this hive are settings, such as internationalization, colors, schemes, and other items. Windows XP's installation process creates a default user profile—nothing spectacular, a very plain configuration. Whenever a