Grogan
02-18-2003, 02:56 PM
How To Use the Registry Editor Correctly
During the course of solving problems with Windows, you may be called on to edit the system registry.
For example, a solution may be presented in the form of a Microsoft Knowledge Base article with instructions
to delete, create or edit specific registry entries, along with dire warnings about incorrect use of the
registry editor. This is scary stuff to some people, and a clear pictorial guide is needed to give folks
the knowledge and confidence to perform this task safely.
What is the Registry and Why?
The registry is quite simply a central binary database of hardware and software settings. On disk, it
exists as multiple database files which are loaded into memory at startup and become the System Registry.
When Windows was younger, settings were stored in hundreds of separate text files, usually with the .ini
file extension. Such files were often stored in the Windows directory, but many applications kept their
configuration in their own directories. Hundreds of INI files, meant hundreds of disasters waiting to
happen if any of the files were corrupted or missing. It also meant much hard disk seeking to find
and process these configuration files.
With applications like Microsoft Office, came the concept of object linking and embedding (OLE) and a
better method of storing such data for common applications to access, was needed. The concept of the
registry was born, in Windows 3.1. It mostly contained information pertaining to handling of certain
file types and data, by certain applications. Yes, there was even a crude registry editor, for altering
these settings. For history's sake, here is a screen shot of what it looked like.
http://www.bitbenderforums.com/~grogan/reghowto/win31regedit.gif
When designing Windows 95, Microsoft decided to use the registry database for system critical settings
in addition to most all application settings. The advantages were that it was much faster to access the
information if a central database with structure could be loaded into memory, and also easier to protect
and back up a central repository. The disadvantages of this are having all your eggs in one basket.
Corruption (whatever the cause), or deletion of serious data while editing, can render the system
completely unusable.
This is why it is important for both the operating system, and users to take steps to preserve this
critical database.
Backing Up the Registry
First of all, Windows takes some automatic steps to preserve the registry. In Windows 95, this mechanism was
very poor, it consisted of renamed files System.da0 and User.da0 which got created on a successful
startup. If registry corruption occurred, Windows was able to replace the registry files with those
copies. Problem with that was, if the system got started, the copies got overwritten with current ones.
It was a one shot deal.
Windows 98 through Windows Millennium Edition, employ the "Registry Checker" (scanregw.exe) at startup
to create an archive (.cab file) of the registry files once per day when Windows is started. This was
a much better mechanism in that the system could revert back to a good registry, or the user could boot
to DOS and use scanreg /restore to restore a dated registry backup.
Windows NT based operating systems (Windows NT4/2000/XP) have a relatively poor mechanism called the
"Last Known Good Configuration" that can be chosen at boot time through the advanced startup options.
It is simply a copy of the control information in the registry, and the undoing of recent registry edits
from the information contained in log files. It is not really a backup of the system registry, and
as soon as any user logs onto the system, it is overwritten. Also, a one shot deal.
While not really an automated registry backup mechanism, Windows XP has System Restore that tracks
changes to the system and can allow recovery if used correctly.
What should I do, prior to Registry Editing?
If you are using Windows 95, make a copy of C:\Windows\System.dat and C:\Windows\User.dat. If using
multiple profiles, each individual's user.dat file will be in the user's directory under c:\windows\profiles.
In an emergency, these files could be manually copied back, using DOS. Alternatively, there are rescue
utilities you can use. Provided with Windows, is the ERU (emergency recovery utility) for backing
up configuration files. There are also third party rescue utilities, such as WinRescue (www.superwin.com/rescue.htm)
If you are using Windows 98 (1st or Second Edition) or WinME, then you can use the scanregw.exe
utility to take a fresh snapshot of the registry. Simply go to start/run, and type scanregw and
hit enter. Windows will inform you that it has finished checking the registry, and has already backed
it up today and it asks you "Would you like to back it up again?". Say Yes. Should you need to restore
this backup, Restart the system and press F8 before the Starting Windows splash appears. Choose Command
Prompt Only from the boot menu, and type scanreg /restore and choose the most current backup
from the list. The one you created yourself, will say "Not Started" beside it in this list and that's
nothing to worry about. It just means that this registry backup was not one that was used to start
the system. Note that on Windows Millennium systems, you will have to boot with a WinME startup disk to
use scanreg /restore
In Windows NT4, you will have to create an Emergency Repair Disk. It's a floppy that contains a bit of
repair information that Windows NT setup uses to repair your installation. It also creates a backup of
the registry files on the hard disk that can be (optionally) used during the repair process. To do this,
go to Start/Run and type rdisk and hit enter. Follow the prompts. To restore this, start
Windows NT4 setup and choose to Repair and you'll be prompted for the Emergency Repair Diskette.
For Windows 2000, you have a couple of options. The first of which, is an Emergency Repair Disk, much
like in Windows NT4. The difference is, you create it with the Windows 2000 Backup Utility. Go to
Start/Programs/Accessories/System Tools, and choose Microsoft Backup. Choose to make an Emergency Repair
Disk, and check the box to include the Registry (again, the registry files get saved to the hard disk).
Like NT4, you would use this diskette to repair Windows 2000 by starting setup and choosing to repair.
Additionally, in the Windows 2000 backup utility, there is a System State backup. This backs up the
registry, in addition to critical system files and requires a few hundred megabytes of free space on
any drive or partition, for storing the backup file (.bkf file extension). This backup can be restored
with the backup utility.
For Windows XP, you should simply create a current System Restore Point.
Go to Start/Programs/Accessories/System Tools and choose System Restore. Choose to Create a Restore point, and click Next then enter a comment in the field so that you will remember it. Create your restore point. System Restore is only useful, when you have a current, valid restore point to restore. Do not rely on the automated "System Check Points". Always create your own.
For all versions of Windows, there is another mechanism for backing up registry settings, using the
registry editor to create a special text file (a .reg file) that contains information to restore all, or
selected branches of the registry. This is also useful, and will be covered shortly.
Using the Registry Editor - Navigation
Finally, we'll start getting into what we came here for. To open the registry editor, go to start/run
and type regedit and hit enter. The branches of the registry, will be presented to you as a tree
of folders much like Windows Explorer, in the left pane. These are of course not directories, but registry keys and this
is not Windows Explorer, it's the registry editor! To expand or collapse the keys, simply click the plus or
minus signs beside them.
Note: It is critical that you are extremely careful with mouse clicks and keystrokes at all times while the registry editor is up on screen.
http://www.bitbenderforums.com/~grogan/reghowto/regedit1.gif
Usually, you'll be given the location of a registry subkey, in the form of a path. Click + signs
beside the corresponding subkeys (represented as folders) until you get to the desired subkey.
For example, let's say that you are instructed to go to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion
Click the + sign beside the HKEY_LOCAL_MACHINE branch, then click the + beside the Software subkey,
then Microsoft, and so on. When you get to the Currentversion subkey, click on it once in the left
pane of regedit, and in the right pane, you will see the values that it contains.
http://www.bitbenderforums.com/~grogan/reghowto/regedit2.gif
Exporting Branches of the Registry
Our first task using the registry editor, is to export to a text file. This is an alternate means of
backing up settings prior to registry editing.
From the Registry menu in regedit, choose Export Registry File. A browse dialog will appear, where you
choose a location and name for the file. When My Computer (default, when you first open Regedit) is
selected, All will be chosen for the Export Range. This will export the entire registry (all of it's settings),
to a text based .reg file.
http://www.bitbenderforums.com/~grogan/reghowto/exportall.gif
The resulting .reg file can be double clicked to merge the settings back into the registry, or it can
be imported again, using the Import Registry File function of the Registry editor. It is important to
note, that this does not remove erroneous keys and values from the registry, it only restores the data
to existing ones. It is not really a "registry backup", however, in Win9x, you can rebuild the registry
from scratch, using the real mode registry editor from DOS using the command:
regedit /c filename.reg
This is far more risky than restoring a registry backup though, and is not an option for Windows NT
based operating systems.
What is more useful than exporting the entire registry to a text file, is exporting a selected branch.
For example, the one you are going to be editing.
This time, before choosing Export Registry File, drill down to the subkey that you wish to export, and
click on it to highlight. We'll use the example of the Currentversion subkey again.
http://www.bitbenderforums.com/~grogan/reghowto/exportselected.gif
Note that this time, since we had the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion
subkey selected, under Export Range, Selected Branch is chosen, and the path to the subkey we are going
to export is shown. This .reg file can be double clicked at any time, to restore all of the subkeys and
values under Currentversion.
Editing the Registry
Ready to roll up your sleeves (so you don't fumble) and dig in? First of all, there are a few
conventions that I like to follow. It doesn't matter whether you are deleting or renaming a subkey, or
deleting, renaming or editing a value, I recommend that you first click on the object
once (left click) to highlight it. Then, right click on it and choose an action from the context menu.
This ensures that you always have the correct subkey or value selected, and that you are always choosing
the correct action. Keep your mits off the delete or backspace keys on the keyboard while registry editing.
While not always necessary depending on what you are editing, a general rule of thumb is that you should
restart your computer after performing registry editing.
Deleting a Subkey
A common situation, for an example. Say there is a program no longer present on your system, whose uninstall entry in
Add/Remove Programs remains. You try to uninstall it, and you just get an error because the files
are no longer present. To remove the entry from add/remove programs, the uninstall subkey for the
program can be removed from the registry.
Let's say for example, that the program is Kazaa. Open the registry editor, and navigate to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Uninstall
Click the + sign beside Uninstall, to expand the tree of subkeys under it.
http://www.bitbenderforums.com/~grogan/reghowto/uninstall.gif
Scrolling down a little, I don't see a subkey with the word Kazaa in it. Start clicking on each of
the subkeys in the left pane under Uninstall and for each one, look in the right pane of regedit to
see the values. We can see from the information in the right pane that the subkey we want is the
third ugly one with the long string of numbers between parentheses (such a string is knows as a GUID,
or Globally Unique Identifier).
http://www.bitbenderforums.com/~grogan/reghowto/kazaa.gif
Now, if it's not already, click once on that subkey to highlight it, then simply right click on it and
choose Delete from the menu.
http://www.bitbenderforums.com/~grogan/reghowto/kazaadelete.gif
Accept the Confirm Deletion prompt, and then close the registry editor. The uninstall entry for Kazaa will be gone from Add/Remove Programs.
During the course of solving problems with Windows, you may be called on to edit the system registry.
For example, a solution may be presented in the form of a Microsoft Knowledge Base article with instructions
to delete, create or edit specific registry entries, along with dire warnings about incorrect use of the
registry editor. This is scary stuff to some people, and a clear pictorial guide is needed to give folks
the knowledge and confidence to perform this task safely.
What is the Registry and Why?
The registry is quite simply a central binary database of hardware and software settings. On disk, it
exists as multiple database files which are loaded into memory at startup and become the System Registry.
When Windows was younger, settings were stored in hundreds of separate text files, usually with the .ini
file extension. Such files were often stored in the Windows directory, but many applications kept their
configuration in their own directories. Hundreds of INI files, meant hundreds of disasters waiting to
happen if any of the files were corrupted or missing. It also meant much hard disk seeking to find
and process these configuration files.
With applications like Microsoft Office, came the concept of object linking and embedding (OLE) and a
better method of storing such data for common applications to access, was needed. The concept of the
registry was born, in Windows 3.1. It mostly contained information pertaining to handling of certain
file types and data, by certain applications. Yes, there was even a crude registry editor, for altering
these settings. For history's sake, here is a screen shot of what it looked like.
http://www.bitbenderforums.com/~grogan/reghowto/win31regedit.gif
When designing Windows 95, Microsoft decided to use the registry database for system critical settings
in addition to most all application settings. The advantages were that it was much faster to access the
information if a central database with structure could be loaded into memory, and also easier to protect
and back up a central repository. The disadvantages of this are having all your eggs in one basket.
Corruption (whatever the cause), or deletion of serious data while editing, can render the system
completely unusable.
This is why it is important for both the operating system, and users to take steps to preserve this
critical database.
Backing Up the Registry
First of all, Windows takes some automatic steps to preserve the registry. In Windows 95, this mechanism was
very poor, it consisted of renamed files System.da0 and User.da0 which got created on a successful
startup. If registry corruption occurred, Windows was able to replace the registry files with those
copies. Problem with that was, if the system got started, the copies got overwritten with current ones.
It was a one shot deal.
Windows 98 through Windows Millennium Edition, employ the "Registry Checker" (scanregw.exe) at startup
to create an archive (.cab file) of the registry files once per day when Windows is started. This was
a much better mechanism in that the system could revert back to a good registry, or the user could boot
to DOS and use scanreg /restore to restore a dated registry backup.
Windows NT based operating systems (Windows NT4/2000/XP) have a relatively poor mechanism called the
"Last Known Good Configuration" that can be chosen at boot time through the advanced startup options.
It is simply a copy of the control information in the registry, and the undoing of recent registry edits
from the information contained in log files. It is not really a backup of the system registry, and
as soon as any user logs onto the system, it is overwritten. Also, a one shot deal.
While not really an automated registry backup mechanism, Windows XP has System Restore that tracks
changes to the system and can allow recovery if used correctly.
What should I do, prior to Registry Editing?
If you are using Windows 95, make a copy of C:\Windows\System.dat and C:\Windows\User.dat. If using
multiple profiles, each individual's user.dat file will be in the user's directory under c:\windows\profiles.
In an emergency, these files could be manually copied back, using DOS. Alternatively, there are rescue
utilities you can use. Provided with Windows, is the ERU (emergency recovery utility) for backing
up configuration files. There are also third party rescue utilities, such as WinRescue (www.superwin.com/rescue.htm)
If you are using Windows 98 (1st or Second Edition) or WinME, then you can use the scanregw.exe
utility to take a fresh snapshot of the registry. Simply go to start/run, and type scanregw and
hit enter. Windows will inform you that it has finished checking the registry, and has already backed
it up today and it asks you "Would you like to back it up again?". Say Yes. Should you need to restore
this backup, Restart the system and press F8 before the Starting Windows splash appears. Choose Command
Prompt Only from the boot menu, and type scanreg /restore and choose the most current backup
from the list. The one you created yourself, will say "Not Started" beside it in this list and that's
nothing to worry about. It just means that this registry backup was not one that was used to start
the system. Note that on Windows Millennium systems, you will have to boot with a WinME startup disk to
use scanreg /restore
In Windows NT4, you will have to create an Emergency Repair Disk. It's a floppy that contains a bit of
repair information that Windows NT setup uses to repair your installation. It also creates a backup of
the registry files on the hard disk that can be (optionally) used during the repair process. To do this,
go to Start/Run and type rdisk and hit enter. Follow the prompts. To restore this, start
Windows NT4 setup and choose to Repair and you'll be prompted for the Emergency Repair Diskette.
For Windows 2000, you have a couple of options. The first of which, is an Emergency Repair Disk, much
like in Windows NT4. The difference is, you create it with the Windows 2000 Backup Utility. Go to
Start/Programs/Accessories/System Tools, and choose Microsoft Backup. Choose to make an Emergency Repair
Disk, and check the box to include the Registry (again, the registry files get saved to the hard disk).
Like NT4, you would use this diskette to repair Windows 2000 by starting setup and choosing to repair.
Additionally, in the Windows 2000 backup utility, there is a System State backup. This backs up the
registry, in addition to critical system files and requires a few hundred megabytes of free space on
any drive or partition, for storing the backup file (.bkf file extension). This backup can be restored
with the backup utility.
For Windows XP, you should simply create a current System Restore Point.
Go to Start/Programs/Accessories/System Tools and choose System Restore. Choose to Create a Restore point, and click Next then enter a comment in the field so that you will remember it. Create your restore point. System Restore is only useful, when you have a current, valid restore point to restore. Do not rely on the automated "System Check Points". Always create your own.
For all versions of Windows, there is another mechanism for backing up registry settings, using the
registry editor to create a special text file (a .reg file) that contains information to restore all, or
selected branches of the registry. This is also useful, and will be covered shortly.
Using the Registry Editor - Navigation
Finally, we'll start getting into what we came here for. To open the registry editor, go to start/run
and type regedit and hit enter. The branches of the registry, will be presented to you as a tree
of folders much like Windows Explorer, in the left pane. These are of course not directories, but registry keys and this
is not Windows Explorer, it's the registry editor! To expand or collapse the keys, simply click the plus or
minus signs beside them.
Note: It is critical that you are extremely careful with mouse clicks and keystrokes at all times while the registry editor is up on screen.
http://www.bitbenderforums.com/~grogan/reghowto/regedit1.gif
Usually, you'll be given the location of a registry subkey, in the form of a path. Click + signs
beside the corresponding subkeys (represented as folders) until you get to the desired subkey.
For example, let's say that you are instructed to go to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion
Click the + sign beside the HKEY_LOCAL_MACHINE branch, then click the + beside the Software subkey,
then Microsoft, and so on. When you get to the Currentversion subkey, click on it once in the left
pane of regedit, and in the right pane, you will see the values that it contains.
http://www.bitbenderforums.com/~grogan/reghowto/regedit2.gif
Exporting Branches of the Registry
Our first task using the registry editor, is to export to a text file. This is an alternate means of
backing up settings prior to registry editing.
From the Registry menu in regedit, choose Export Registry File. A browse dialog will appear, where you
choose a location and name for the file. When My Computer (default, when you first open Regedit) is
selected, All will be chosen for the Export Range. This will export the entire registry (all of it's settings),
to a text based .reg file.
http://www.bitbenderforums.com/~grogan/reghowto/exportall.gif
The resulting .reg file can be double clicked to merge the settings back into the registry, or it can
be imported again, using the Import Registry File function of the Registry editor. It is important to
note, that this does not remove erroneous keys and values from the registry, it only restores the data
to existing ones. It is not really a "registry backup", however, in Win9x, you can rebuild the registry
from scratch, using the real mode registry editor from DOS using the command:
regedit /c filename.reg
This is far more risky than restoring a registry backup though, and is not an option for Windows NT
based operating systems.
What is more useful than exporting the entire registry to a text file, is exporting a selected branch.
For example, the one you are going to be editing.
This time, before choosing Export Registry File, drill down to the subkey that you wish to export, and
click on it to highlight. We'll use the example of the Currentversion subkey again.
http://www.bitbenderforums.com/~grogan/reghowto/exportselected.gif
Note that this time, since we had the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion
subkey selected, under Export Range, Selected Branch is chosen, and the path to the subkey we are going
to export is shown. This .reg file can be double clicked at any time, to restore all of the subkeys and
values under Currentversion.
Editing the Registry
Ready to roll up your sleeves (so you don't fumble) and dig in? First of all, there are a few
conventions that I like to follow. It doesn't matter whether you are deleting or renaming a subkey, or
deleting, renaming or editing a value, I recommend that you first click on the object
once (left click) to highlight it. Then, right click on it and choose an action from the context menu.
This ensures that you always have the correct subkey or value selected, and that you are always choosing
the correct action. Keep your mits off the delete or backspace keys on the keyboard while registry editing.
While not always necessary depending on what you are editing, a general rule of thumb is that you should
restart your computer after performing registry editing.
Deleting a Subkey
A common situation, for an example. Say there is a program no longer present on your system, whose uninstall entry in
Add/Remove Programs remains. You try to uninstall it, and you just get an error because the files
are no longer present. To remove the entry from add/remove programs, the uninstall subkey for the
program can be removed from the registry.
Let's say for example, that the program is Kazaa. Open the registry editor, and navigate to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Uninstall
Click the + sign beside Uninstall, to expand the tree of subkeys under it.
http://www.bitbenderforums.com/~grogan/reghowto/uninstall.gif
Scrolling down a little, I don't see a subkey with the word Kazaa in it. Start clicking on each of
the subkeys in the left pane under Uninstall and for each one, look in the right pane of regedit to
see the values. We can see from the information in the right pane that the subkey we want is the
third ugly one with the long string of numbers between parentheses (such a string is knows as a GUID,
or Globally Unique Identifier).
http://www.bitbenderforums.com/~grogan/reghowto/kazaa.gif
Now, if it's not already, click once on that subkey to highlight it, then simply right click on it and
choose Delete from the menu.
http://www.bitbenderforums.com/~grogan/reghowto/kazaadelete.gif
Accept the Confirm Deletion prompt, and then close the registry editor. The uninstall entry for Kazaa will be gone from Add/Remove Programs.