IT tutorials
 
Windows
 

Windows 7 : Editing the Registry - How the Registry Is Organized

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/30/2013 9:04:14 PM

1. What Is the Registry?

The Windows Registry is a database in which Windows and application programs store all manner of configuration settings, startup information, hardware settings, user preferences, file locations, license and registration information, last-viewed file lists, and so on. In addition, the Registry stores the associations between file types and the applications that use them. For example, the Registry holds the information that tells Windows to use Media Player when you click on an MPG movie file. In the early days of DOS and Windows, programs stored this kind of information in a random collection of hundreds of files scattered all over your hard disk. Thankfully, those days are only a dim memory.

2. How the Registry Is Organized

The Registry is organized a lot like the files and folders on a hard disk. Just as a hard disk can contain partitions, the Registry contains separate sections called top-level keys. In each section is a list of named entries, called keys, which correspond to the folders on a hard disk. And just as a folder can contain files and more nested folders, a Registry key can contain values, which hold information such as numbers or text strings, and more nested keys.

The two main “top-level” keys are as follows:

  • HKEY_LOCAL_MACHINE contains all the hardware and machine-specific setup information for your computer.

  • HKEY_USERS contains a key for each user account created on the computer, including the accounts used only internally by Windows services.

    The keys under HKEY_USERS are mostly named using long numeric strings that are the user account’s Security Identifier (SID) number. Usually, not all accounts’ keys are visible at the same time. Each account’s key is loaded into the Registry when the user logs on and is unloaded a short time after the user logs out. Each user’s key contains his or her personal Windows and application settings and preferences.

The Registry Editor displays three other sections that look like they are separate top-level keys but that are actually views of information inside HKEY_LOCAL_MACHINE or HKEY_USERS:

  • HKEY_CURRENT_USER is a shortcut to the subsection of HKEY_USERS that corresponds to the currently logged-on user. That is, when you run the Registry Editor, HKEY_CURRENT_USER shows your Windows and application preferences and settings.

  • HKEY_CURRENT_CONFIG is a shortcut to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current and contains hardware and device settings specific to the hardware profile used when Windows was started.

  • HKEY_CLASSES_ROOT stores file associations, the information that Windows uses to link file types to applications, and a huge amount of setup information for Windows software components. It’s actually a combined view of the contents of two other Registry sections: HKEY_LOCAL_MACHINE\Software\Classes, which holds settings that are made for all users, and HKEY_CURRENT_USER\Software\Classes, which holds personal settings made just by the current user. If the same value is defined in both HKEY_CURRENT_USER\... and HKEY_LOCAL_MACHINE\..., the HKEY_CURRENT_USER value is used.


3. New Registry Features

Windows Vista introduced some new features to the Registry: virtualization and 64/32–bit reflection. These features are also present, although somewhat changed in Windows 7, and this section gives you a brief tour. The features are called Registry virtualization, redirection and reflection. 

Registry Virtualization

On Windows 7 and Vista, if an older application attempts to store information to HKEY_LOCAL_MACHINE\Software\xxx\yyy but doesn’t have permission to change that key, the information will actually be stored in HKEY_CURRENT_USER\Software\CLASSES\VirtualStore\MACHINE\Software\xxx\yyy. This is called Registry virtualization. Applications that the user runs will still “see” the information as if it was in the intended location. As a result, applications that aren’t aware of the new, tighter restrictions on HKEY_LOCAL_MACHINE will run without a hitch, although their settings will be per-user instead of machinewide.

You need to know this so you can check the alternative locations when you’re investigating problems with Registry settings in your system.

If you change an application program’s preference setting that should apply to all users of the program, but it affects only you, and the setting isn’t changed when other users run the application, most likely the configuration setting is stored in a Registry key under HKEY_LOCAL_MACHINE that isn’t writeable by you. When you make the change, Windows virtualizes the Registry value, and only your account sees the change.

To fix this, first try to contact the software manufacturer for a workaround. If none exists, try this:

  1. Locate the Registry key in which the setting is being saved. Either search the Registry for the setting value or use a Registry change-monitoring tool such as Registrar Registry Manager, or procmon from sysinternals.com, to see where the application saves your setting.

  2. As an Administrator, locate the key in the left pane of the Registry Editor, right-click it, and select Permissions. Select the Users entry and check Full Control.

  3. Using your account, locate the virtualized copy of the key under HKEY_CLASES_ROOT\VirtualStore and delete it.

  4. Run the application and change the setting again.

After this, everyone should share the same copy of the setting.

Virtualization doesn’t occur under some circumstances. In those cases, the application simply is allowed to fail in its attempt to make changes to HKEY_LOCAL_MACHINE. These circumstances are listed here:

  • If User Account Control is disabled.

  • If virtualization is disabled by your network administrator, using Group Policy on a Windows domain network.

  • If the application is a 64-bit application.

  • If the application program has a manifest, a block of data inside the application or in a separate file that describes advanced security settings. Almost all the applications that come with Windows—including Notepad; the command-prompt interpreter, cmd.exe; and the Registry Editor—have manifests, so almost all Windows utilities do not see virtualized Registry settings.

  • If a key is marked with a special flag that indicates that it is not to be redirected. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run is marked this way so that a virus that attempts to set itself up to run at logon via this key won’t be capable of doing so. The command-line utility REG can modify the virtualization flag. Type REG FLAGS /? at the command-line prompt for more information.

Virtualization is seen as a stopgap measure and will be unnecessary when most applications either store information in HKEY_CURRENT_USER or explicitly set less restrictive permissions on their keys in HKEY_LOCAL_MACHINE when they’re installed.

Registry Redirection and Reflection

The 64-bit versions of Windows support running 32-bit Windows applications. This presents a problem because many Windows subcomponents are present in both 32- and 64-bit versions, and information about them (such as program filenames) is stored in the Registry under keys whose names were determined before Microsoft considered the need to distinguish between the two flavors. To manage this, Windows stores information for 32-bit components in an alternate location and feeds the stored information to 32-bit applications when they ask for values from the original location. This is called Registry redirection. The information for 32-bit applications is actually redirected to HKEY_LOCAL_MACHINE\Software\WOW6432Node. When a 32-bit application requests information from a redirected key using the original location, it is fed information from below WOW6432Node.

Note

You must close the 64-bit version of the Registry Editor before you can open the 32-bit version, and vice versa, unless you start the second instance of the Registry Editor with the -m command-line argument.


When working with the Registry on a 64-bit system, you need to know to look under WOW6432Node when looking for setup information for 32-bit components.

Alternatively, you can use the 32-bit version of regedit; this presents all information in the standard locations seen by 32-bit applications. When you run regedit from the command line, you get the 64-bit version. However, if you run %systemroot%\syswow64\regedit.exe, you get the 32-bit version and can edit the values seen by 32-bit applications.

So that the 32-bit and 64-bit versions of components and applications can communicate, some settings and values that these components store in the registry are copied to both locations. This is called Registry reflection.

Reflection was used in several sections of the Registry in Windows Vista, but in Windows 7, only two keys are subject to reflection:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\Interface
 
Others
 
- Windows Server : Designing Enterprise-Level Group Policy Strategy (part 4) - Implementing Fine-Grained Password Policies
- Windows Server : Designing Enterprise-Level Group Policy Strategy (part 3) - Planning Authentication and Authorization
- Windows Server : Designing Enterprise-Level Group Policy Strategy (part 2) - Controlling Device Installation
- Windows Server : Designing Enterprise-Level Group Policy Strategy (part 1) - Planning a Group Policy Hierarchy
- Using Windows Home Server’s Command-Line Tools : Working with the Command-Line Tools (part 5)
- Using Windows Home Server’s Command-Line Tools : Working with the Command-Line Tools (part 4) - Shutting Down or Restarting a Computer
- Using Windows Home Server’s Command-Line Tools : Working with the Command-Line Tools (part 3)
- Using Windows Home Server’s Command-Line Tools : Working with the Command-Line Tools (part 2) - Working with File and Folder Management Tools
- Using Windows Home Server’s Command-Line Tools : Working with the Command-Line Tools (part 1) - Working with Disk Management Tools
- Windows 8 : Security - Action Center
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us