Edit your Registry safely and effectively to properly care for your system
The ability to navigate and, when necessary, edit entries in the Registry
(Windows NT's system- and user-configuration database) is a vital skill for
Windows NT administrators who need to fine-tune and troubleshoot their local or
remote NT workstations and servers. The editing process is easy; what's harder
is editing safely (i.e., avoiding changes that trash the system and
force you to reinstall NT), backing up critical files, and restoring system
files corrupted by erroneous changes to the Registry. To work with the Registry
safely and effectively, you need to understand how it's organized; how to back
up and, if necessary, restore system files; and how to perform basic editing,
including how to edit a remote system's Registry.
Hives, Subtrees, and Keys
The Registry stores most of its information in sets of files (called hives)
based on different aspects of the NT environment. But, the Registry displays
its configuration data in a tree-like structure: The Registry database you view
and edit consists of five subtrees, each of which has a name starting
with hkey (which stands for "handle to a key"). Simply put, when you
work with the Registry, you view and edit subtrees and their contents, but you
back up and restore hives.
To see the Registry subtrees (see Screen 1), run the program called Registry
Editor (regedt32.exe)--one of two NT tools for viewing and editing Registry
values. (The other tool is regedit.exe, a new tool in NT 4.0 with many of the
same functions as the traditional regedt32.exe tool, plus an expanded search
capability. Both tools are automatically installed when you install NT. The
examples in this article use regedt32 because it supports some editing
tools--such as Load Hive--that regedit does not.) The five subtrees are
* hkey_local_machine, which contains information about the system's
currently installed hardware and operating system. You'll do most of your work
in this subtree, configuring hardware settings or refining logons.
* hkey_classes_root, the "associations" subtree, which is similar
to the Windows 3.x Registry and provides compatibility with it. All information
about which executable files are associated with which file extensions is stored
here. (hkey_local_machine\software\classes also displays this information.)
* hkey_users, which contains the user profiles on the computer, including a
default profile for a user who hasn't logged on before, and (in NT Workstation)
the profile of the current user (i.e., hkey_current_user). This subtree does not
contain the profiles of users logged on to an NT Server machine--those profiles
are stored locally.
* hkey_current_user, which contains information relating to the currently
logged-on user.
* hkey_current_config, which contains information that relates to the
hardware configuration you booted with. This subtree holds changes to the
standard configuration found in hkey_local_ machine's software and system
subkeys, so you can think of this subtree as a condensed version of what appears
there. (hkey_local_machine also displays this information in the
system\currentcontrolset\hardwareprofiles\current subkey.)
As you can see, some information appears in more than one subtree. In
particular, if similar information exists in both hkey_local_machine and
hkey_current_user, the data in the latter takes precedence (e.g., environment
variables defined for the current user have higher priority than system values).
Subtrees in turn contain keys, subkeys, and value
entries. A subtree's keys are the folders shown in the left pane of the
Registry Editor window for that subtree (e.g., Screen 2 shows the Software and
System keys for hkey_current_config.) Subkeys appear as subdirectories of keys.
Value entries appear in the right pane of a subtree window and define the value
of the currently selected key or subkey. Value entries have three parts,
separated by colons: a name, a data type, and a value. For example, in Screen 3,
osloaderpath is a value entry that assigns the value ntwork4\system32 to the
Setup key.
The subtrees that you view and edit are not directly related to the hives
that store the Registry information. For example, the default user profile
information displayed in the hkey_users subtree is stored in two files in the
system32\config directory: default and default.log (which records changes to the
default file). The data in these files comprises the hive. Note that some
Registry information is not in any hive--hives do not store volatile
Registry information (i.e., information created when the computer starts and
deleted when it stops). For example, the information displayed in
hkey_local_machine\hardware, which is re-created each time you boot the system
to adapt to changes in computer hardware, is not in a hive. Read "NT 4.0's
Registry Hives," for more information about the standard NT 4.0 Registry
hives and their associated support files.
Backing Up
Before you edit the Registry (and even if you don't plan to edit it directly
via the Registry Editor), you need to back up its information. Backing up the
Registry regularly--preferably daily--protects you from incorrect changes to and
accidental deletions from settings or account information. Also, if you have to
reinstall NT, you can simply restore the Registry from the backup, thus saving
time you'd otherwise spend reconfiguring your system.
Independent of any backups you make, NT has fault-tolerance capabilities
that protect the Registry from failed updates. For more information about how NT
protects its Registry hive files, see "How NT Protects Its Hives,"
page 101. But when NT's automatic failsafes can't help (e.g., when you
erroneously make a change), you'll need your backups.
Previous
Register
