The Five Logical Registry Hives

The Registry has many thousands of settings; in fact, it often has tens of thousands of them. They are organized into five main Registry sections, called Registry hives. Think of each hive as a root directory. Each of the hives has a different purpose. When you start to delve into the Registry, you may notice that many of the settings seem to be exact duplicates of one another—in other words, settings in one hive mirror the settings in another hive. In fact, frequently one set of settings is merely an alias (called a symbolic link) of another, so that when you change those settings in one place, the changes are made in both hives.

TIP

The hives themselves are stored in the C:\Windows\system32\config and C:\Documents and Settings\{username} files.

Following are the five hives and what each does:

HKEY_CLASSES_ROOT

This hive contains information about file types, filename extensions, and similar information. It instructs XP how to handle every different file type and controls basic user interface options, such as double-clicking and context menus. This hive also includes class definitions (hence the word "CLASSES" in its name) of unique objects, such as file types or OLE objects. Frequently, classes associated with file types contain the Shell subkey, which defines actions, such as opening and printing, that can be taken with that file type.

HKEY_CURRENT_USER

This hive contains configuration information about the system setup of the user that is currently logged into XP. It controls the current user's Desktop, as well as XP's specific appearance and behavior for the current user. This hive also manages network connections and connections to devices such as printers, personal preferences such as screen colors, as well as security rights. Also included in this hive are Security Identifiers (SIDs), which uniquely identify users of the PC and which have information about each user's rights, settings, and preferences.

HKEY_LOCAL_MACHINE

This hive contains information about the computer itself, as well as about the operating system. It includes specific details about all hardware, including keyboard, printer ports, storage—the entire hardware setup. In addition, it has information about security, installed software, system startup, drivers, services, and the machine's specific XP configuration.

HKEY_USERS

This hive contains information about every user profile on the system.

HKEY_CURRENT_CONFIG

This hive contains information about the current hardware configuration of the system, in the same way that HKEY_CURRENT_USER contains information about the current user of the system.

Using Keys and Values

Each hive is at the top of the hierarchy, and underneath each hive are keys, which can in turn contain subkeys, and those subkeys can contain subkeys, and so on, organized in folder-like fashion, much like a hard drive.

Keys and subkeys contain a value, which controls a particular setting. For example, this key:

HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickSpeed

determines the amount of time between mouse clicks that must elapse before Windows won't consider it to be a double-click. To set the amount of time, you change the key's value. In this case, the default value is 500, measured in milliseconds, and you can edit the Registry to change it to whatever value you want, as shown in . You can also make the changes using the Mouse Properties dialog box (Start → Control Panel → Printers and Other Hardware → Mouse). When you make changes to that dialog box, the changes are in turn made in the Registry, which ultimately controls the setting. In essence, the dialog box is merely a convenient front-end to the Registry.

A key can contain one or more values. Following are the five primary data types of values in the Registry:

REG_SZ (String value)

This data type is easy to understand and edit because it is made up of plain text and numbers. It is one of the most common data types in the Registry. The value for DoubleClickSpeed, mentioned earlier in this hack, is of this type.

REG_MULTI_SZ (String array value)

This data type contains several strings of plain text and numbers. The Registry Editor will let you edit these values, but it won't let you create them.

REG_EXPAND_SZ (Expanded string value)

This data type contains variables that Windows uses to point to the location of files. For example, to point to the location of the Luna theme file, the expanded string value in the Registry is %SystemRoot%\resources\Themes\Luna.theme.

REG_BINARY (Binary values)

This data type is made up of binary data: 0s and 1s. Figure 7-3 shows a typical example of a binary value. As a general rule, you won't edit binary values—instead you'll edit string values because they're made up of text and numbers, as shown in Figure 7-4.

REG_DWORD (DWORD values)

This data type is represented as a number. Sometimes a 0 turns on the key or 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8. Figure 7-5 shows a DWORD value being edited.

Launching the Registry Editor

There's an upside and a downside to using XP's Registry Editor. The upside is that it's relatively simple to use. The downside is that it doesn't offer much functionality beyond basic Registry editing.

TIP

In some instances, when you make changes using the Registry the changes take effect as soon as you exit the Registry. In other instances, they'll take effect only after you log out and then log back in. And, in yet other instances, they'll take effect only after you restart Windows.

To run the Registry Editor, type regedit in the Run box or a command prompt and press Enter. If this is the first time you've run the Registry Editor, it will open highlighting the HKEY_CURRENT_USER hive, as shown in . If you've previously used the Registry Editor, it will open highlighting the last key you edited or the last place you were in the Registry.

You can browse through the Registry with the Registry Editor in the same way you browse through a hard disk using Windows Explorer. Clicking a + sign opens a key to reveal the next level down of the hierarchy. Clicking a - sign closes the key.

The Registry can be several levels deep in keys and subkeys, so navigating it using a mouse can take a substantial amount of time. (Every time you open it, it jumps to the last-used key.) You can use shortcut keys, though, to more easily navigate through the Registry. The right arrow key opens a key to reveal subkeys; the left arrow key closes a key and moves one level up in the key hierarchy. To jump to the next subkey that begins with a specific letter, press that letter on the keyboard.

You use the Registry Editor to edit existing keys and values, create new keys and values, or delete existing keys and values. Sometimes, the changes take effect as soon as you make the change and exit the Registry Editor; other times, you'll have to reboot for them to take effect. Keep in mind that there is no "Save" button. When you modify a value, it changes right then and there. There is also no Undo button, so make your changes carefully.

If there's a particular key that you want to edit, an even faster way to navigate is to use the Find command from the Edit menu. (You can also use the Find command by pressing Ctrl-F.) To find successive keys with the same value, press the F3 key.

To edit the data associated with a value, double-click on the value in the right pane of the Registry Editor; a box appears that lets you edit the value, as shown in .

When you're editing the Registry, it's often hard to tell what key you're editing, because the Registry Editor doesn't highlight that key. Instead, it shows only an open folder icon next to it, but it's easy to miss that icon. Check the status bar at the bottom of the Registry Editor; it should display the key you're editing. If it doesn't, choose View → Status Bar from the Registry Editor menu.

To rename a key, select it and choose Edit → Rename from the menu. You can also right-click on the key and choose Edit → Rename.

Adding and Deleting Keys and Values

Editing the Registry often requires that you add and delete keys and values To add a new key, select the new key's parent key in the left pane. Then, choose Edit → New → Key from the menu. Type in the new key's name. You can also right-click on the new key's parent key and choose Edit → New → Key. To delete a key, select it and press the Delete key.

Very often, you need to add values to a key in order for its changes to take effect. To add a value to a key, select the new key's parent key in the left pane. From the menu, choose Edit → New, and from the submenu, select the type of value you want to create. We've already covered the five types of values you can create; as a reminder, they're detailed in .

To create a new value, type in the name of the new value and press Enter. Press Enter again. The Edit Value dialog box appears, as shown in . Enter your data and press Enter.

Table 7. Values you'll encounter in the Registry