Registry Editor (regedit.exe)
The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information.
You can use the Registry Editor (regedit.exe) to view or edit the registry.
Registry Keys
- registry is structured as a set of five root keys that contain computer and user databases
- HKEY_LOCAL_MACHINE (HKLM)
- governs system-wide settings
- HKEY_USERS
- includes settings that apply to individual user profiles
- HKEY_CURRENT_USER
- subset of HKEY_USERS
- settings for logged in user
- HKEY_LOCAL_MACHINE (HKLM)
- registry database is stored in binary files called hives
- hive contains:
- a single file with no extension
.logfile containing transaction log.savfile (copy of the key as it was at the end of setup)
- system hive has an
.altbackup file - most hive files are stored in
C:\Windows\System32\Configfolder - hive file for each user profile (NTUSER.DAT) is stored in the folder holding the user’s profile
- hive contains:
Editing the Registry
- Each root key can contain subkeys and data items called value entries
- use the Find tool to search for a key or value
- Subkeys are analogous to folders, and the value entries are analogous to files
- value entry has three parts:
- name of the value
- data type of the value
- value itself
- to copy portions of registry and use on other computer:
- File > Export Registry File
- exported in a registry-compatible format and can be merged into another computer’s registry
- double-click the file or call from a script