The Registry is a central location for unique user and machine configuration data. In basic terms, it is a big database that holds all of the Windows configuration information – settings relative to user accounts, machine hardware and applications. The registry was brought about to replace the old .INI files.
To open the Registry Editor, click Start > Run… and type “regedit.exe”.
The structure of the registry, which is made up of five subtrees.
=> HKEY_CLASSES_ROOT -> This subtree contains data that associates file types with applications and configuration for COM objects.
=> HKEY_LOCAL_USER -> Also known to have the common abbreviation HKCU, the HKEY_LOCAL_USER subtree contains settings and preferences for the user currently logged on to the system. These settings are dynamic and unique to each user.
=> HKEY_LOCAL_MACHINE -> Also known to have the common abbreviation HKLM, the HKEY_LOCAL_MACHINE subtree contains information about the hardware currently installed, and the settings for systems running on the machine. These are normally static for all users until a change is made.
=> HKEY_USERS -> This subtree simply contains a pointer to HKEY_LOCAL_USER and the DEFAULT user profile (a template used when assigning a profile to new users).
=> HKEY_CURRENT_CONFIG -> This subtree stores configuration data for the current hardware profile and points to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles
Data Types defined by the Registry
=> REG_SZ -> A simple string value. Would usually contain a URL, Path, or port number for example.
=> REG_BINARY -> Raw binary data represented in hexadecimal format.
=> REG_DWORD -> Another type of REG_BINARY but this one is 4 bytes long.
=> REG_MULTI_SZ -> A character string of variable size that allows you to enter a number of parameters in this single value entry.
=> REG_EXPAND_SZ -> This is a character string of variable size that can contain dynamic information which will change at startup (such as %username% which is of a different size for every name).
Remote Registry Configuration
Regedit.exe allows you to remotely configure another machine’s registry quickly and easily. All you need is the right permissions (Administrator permissions) to do so.
Open regedit.exe and from the File menu select “Connect Network Registry…”. Type the computer name, or press [Advanced…] and search for one, and press OK. After entering the correct credentials, the registry of the remote machine is loaded into the console, as if it was that of the local machine.
When you connect to a registry remotely, you will only be able to edit the HKEY_LOCAL_MACHINE and HKEY_USERS keys.
From the Backup tab, expand My Computer and select the System State check box. On a domain controller, backing up the System State will also backup Active Directory, Boot Files, Certificate Server (if installed), COM object class registries, and SYSVOL, apart from the full Registry.