The computer Registry holds the keys to how your system hardware connects and operates with system-level software and user applications. It also prepares the computer to operate according to each of the users’ preferences. The Registry is the depot and storage facility for system and user configuration data—much like a database. Its structure is similar to the folders and files you see via the Microsoft Explorer window. Typical with databases, each piece of information is stored with an identifier that has an associated value. For example, in other databases it might be a patient identification number and the number itself, the identifier, and a value. Another example might be an employee identification number and their social security number.

How many times have you been told to not mess with the Registry? If you don’t know exactly what you are doing, stay out of there! It is dark and scary and full of cobwebs and spiders, but at least the bogeyman won’t come out to get you (well, probably not from this, anyway). However, this is not true about the Registry! The Registry is a party place, always active—things are always happening in the Registry.

If you are totally unfamiliar with databases, it might pay to spend a little time to get a basic understanding. Microsoft (MS) Access, for example, is a database application. Use its step-by-step series of guidebooks as a fast way to get grounded. Check out the applications that came with your MS Office suite installation, as you may already have it installed!

The Registry Database

The Registry database is used to store configuration settings and options for most of the versions of Microsoft Windows. It contains information and settings for all the hardware, software, users, and preferences of the computer system it resides on. Lots of action in there. Whenever you make a change to a Control Panel setting or File Associations, the changes are mirrored and stored in the Registry. You cannot edit these files directly. You must use a tool commonly known as a MS Registry Editor (regedit).

As mentioned earlier, the Registry has a hierarchal structure similar to the file and folder directory structure we are used to seeing. In this case, the regedit tool would be similar to Windows Explorer. Each main branch or folder in our analogy is called a hive where the hive’s “files” are keys. Each key can contain other keys (also known as sub keys), as well as values. The values make up the actual information stored in the Registry. Each piece of data is stored as an ordered pair. This is the key or name that is associated with a value. In this way, the Registry will keep track of any new application installed on the computer and how each program relates to the others.

Registry Files Located on the Disk

The Registry is stored in two files: System.dat, for system configuration information, and User.dat for, obviously, user configuration information. These files reside in C:Windows. You must “show” hidden and system files in order to see them.

Windows creates a new system folder called C:WindowsProfiles, where there is a folder for each user. Each user’s profile folder contains their copy of User.dat. There will also be another sort of template copy stored in C:Windows to set up new users. The system also keeps a copy in C:WindowsProfilesName for every user. These are the profiles so that each user will see their desktop and the system will boot up into their individual configuration.

The last file to talk about is the config.pol file. This file is stored outside of the Registry on the network and is checked out when you log on to the network. It is enabled by the System Policy Editor tool to control aspects of the Registry as part of the network login procedure. This file can set restrictions on the user according to system policy. Since it is on the network and used at login time, there’s not much the user can do to circumvent any policy restrictions enforced in this way.

Registry Branches

Each of the main branches below contains a specific portion of the information stored in the Registry. They are as follows:

  • HKEY_CLASSES_ROOT (HKCR) stores information about registered apps. It also contains all of the file association mappings to support the drag-and-drop feature, OLE—or object linking and embedding—information, Windows shortcuts, and core aspects of the Windows user interface.
  • HKEY_CURRENT_USER (HKCU) stores information about the current user. It contains information from the Registry database such as logon names, desktop settings, and Start menu settings.
  • HKEY_LOCAL_MACHINE (HKLM) stores system settings and preferences. For example, this would include type of hardware, software, and other PC preferences. This information is used for all users who log on to this computer.
  • HKEY_USERS (HKU) stores information about all users on this PC. This key spells out the general preferences for every user as well as individual preferences for specific users via their sub keys.
  • HKEY_CURRENT_CONFIG (HKCC) stores runtime information that is generated when a computer boots but no one is logged on yet. This information is not permanently stored. Its branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
Define Your Data

One of the typical functions of a database that always caught me by surprise was how data goes in when working directly with it. Simply stated, you insert data and it is in there. In other words, you are not asked, “are you sure?” Or when you close the file, it does not give you a final warning that things have changed: “Do you really want to keep these changes?” When you set up a database you must define what kind of data is going to reside in what particular areas, but it does not necessarily check that you are always using it that way—meaning, you could be inserting bogus data along the way! Therefore, it makes sense to exercise an extra degree of caution when working with the Registry and you will survive (probably).


Read past “Networking” articles in our online archives

Sometimes, just knowing the terminology is enough to gain insight as to how the Registry works. It is not so scary after all. Find a regedit tutorial, create a couple of backup copies of your known good Registry (remember where you put them!), and you are good to go poking around in the Registry when required. This was especially important in the INI (an old configuration file standard for computer applications) days when parsing the text files took a lot longer than today’s already binary Registry values. However, it still takes time. The Registry is abuzz with activity, especially at shutdown time when the system voltage begins to fade and the system operation can get flaky. Problems that arise this way can be traumatic but are recoverable.

Jeff Kabachinski, MS-T, BS-ETE, MCNE, has more than 20 years of experience as an organizational development and training professional. He is the director of technical development for Aramark Healthcare Technologies in Charlotte, NC. For more information, contact .