What Is The Registry?

The registry is the central storehouse for all configuration information for Windows NT Server. It replaces the Windows 3.x INI files, although applications can still make use of INI files if desired. The registry contains information about the hardware platform; performance data; the installed software; all OLE, DDE, and file associations; and all configuration settings for the services and device drivers. Some of this information is backed up by files stored on your hard disk, which are located in your SystemRoot\System32\Config subdirectory, while the rest of the keys are created and stored only in memory. Table 13.1 summarizes the relationship between the primary registry keys and the files used to store these keys. The registry, like the NTFS file system or an SQL Server database, makes use of a transaction log (the LOG version of the file) to ensure that any change to the registry is guaranteed to either succeed or fail in entirety. This helps to maintain the integrity of the registry. Another interesting use of the registry files is the SYSTEM.ALT file that contains a copy of the previous system registry hive since the last time a user logged on to the system. This file is used by the Last Known Good operation to replace a failed or corrupted system registry hive.

User profiles are stored in the form of the first five characters of the user name plus three digits (starting with 000) to create a unique file name. For example, my user name is Arthur, and my local user profile is stored in the files ARTHU000 and ARTHU000.LOG while my domain user profile is stored in the files ARTHU001 and ARTHU001.LOG. I use the same user name for both my local and domain user accounts.

The registry is basically composed of eight hives. A registry hive is a collection of registry keys, subkeys, values, and data. HKEY_LOCAL_MACHINE is the root key for the configuration information of a computer. HKEY_LOCAL_MACHINE has several subkeys of importance. These subkeys are:

•  HARDWARE—This key contains information about the detected hardware on your system. It includes information about your processor, disk controller, video adapter, and serial and parallel ports.

•  SAM—An acronym for Security Account Manager, this key contains all of the user and group data.

•  SECURITY—This key contains system security related data.

---

The SAM and SECURITY keys are protected keys and inaccessible (which is why they display as gray folders in the Registry Editor rather than yellow folders). The only way to see the data in these keys is to take ownership of the keys. However, if you do that, the system will be unable to access the keys and essentially make your system unusable until you restore the keys from the repair disk or a previous tape backup (where you also backed up the registry).

---

•  SOFTWARE—This key contains all system-wide configuration data for the software installed on a computer.

•  SYSTEM—This key contains all system-specific configuration data for system services and device drivers installed on a computer.

•  HKEY_CLASS_ROOT—This is a subkey of HKEY_LOCAL_MACHINE\SOFTWARE and contains all of the OLE, DDE, and file association information.

•  HKEY_CURRENT_CONFIG—This is a subkey of HKEY_LOCAL_ MACHINE\SYSTEM\Services\CurrentControlSet\Hardware profiles\CurrentControlSet and contains all of the information associated with the current hardware profile.

•  HKEY_USERS—This is the root key for all user-specific configuration data for a computer. It contains the user profiles for all users who have logged in locally on the computer.

•  HKEY_CURRENT_USER—This is a subkey of HKEY_USERS and contains the profile for the currently logged on user.

Now that we’ve defined the registry, let’s look at using the Registry Editor.