Application Support
Windows 7 Registry
Registry Structure
- The registry is divided into sections and levels of data. Multiple sections exist to organize data by purpose. The individual sections are called hives. Each hive has a specif c role to play and is stored in memory while it is in use. When the computer is shut down, the memory version of the hives are written to f les and folders typically found in the folder C:\WINDOWS\SYSTEM32\ CONFIG.
- Within a single hive the data is stored in keys and values identif ed by their name and position relative to each other. Figure below shows an example of the registry structure when viewed with a registry editing tool.
- The top-level registry keys, or hives, organize registry information by purpose. The hives are not meant to be mutually exclusive and there is some overlap between hives. The primary hives found in Windows 7 are:
- HKEY_CLASSES_ROOT: Settings in this hive define the types (classes) of documents and properties associated with those types. The information is used primarily by Windows applications to determine COM and OLE parameters for a particular file type or installed application.
- HKEY_CURRENT_USER; Settings in this hive define the preferences of the currently logged-on user. These preferences include environment settings for colors, printers, and applications, to name just a few.
- HKEY_LOCAL_MACHINE: This hive contains global settings for the entire computer and the applications installed on it.
- HKEY_USERS: This hive contains multiple subsections to define user-specific settings for new users and any user that has ever logged on to the computer.
- HKEY_CURRENT_CONFIG: This hive contains details about the current hardware profile in use.
The left-hand navigation pane displays a hierarchical folder structure. Each hive appears as a top-level folder in the left pane. Each folder in the left pane is referred to as a registry key. Each registry key is identif ed by the hive it belongs to, its position relative to other keys in the hive, and its name. The lower level registry keys are commonly referred to as subkeys, or subordinate keys.
The right-hand pane shows the data values that are stored at a specif c level in the registry hierarchy (i.e., within a registry key). Each registry key can store multiple data values. The data values are def ned by a name that is case sensitive, a type indicating how the data is formatted (e.g., binary, string, word), and the actual data stored by the value.
The notation to refer to a registry value or key is written in the format Hive_name\key name\ subordinate key name\ . . .additional subordinate key names . . .\value_name. For example, the value WorkingDirectory in Figure above could be referred to in printed instructions as HKEY_LOCAL_MACHINE\SYSTEM\Setup\WorkingDirectory. It is common to abbreviate the hive name using the first letters of each word in the hive name, so that HKEY_LOCAL_MACHINE is commonly referred to as HKLM.
Registry keys can contain sensitive information that can crash the computer or damage ex- pected functionality if they are improperly conf gured. The registry maintains its own security settings to restrict which entities can read or change specific keys.
Many registry keys affect other registry keys when their settings are changed. Because most keys do not operate in isolation, making changes to a single key may not yield the expected re- sults. A simple required change to the user's environment, for example, may require a change to over 20 registry keys at the same time. The Administrative Tools and Control Panel utilities are designed to be fully aware of all the required changes - not just one or two. A simple check box in a Control Panel utility might alter many keys in a blended fashion, depending on the state of other registry information.
