WindowsMaven - Virus and Spyware Advisor
|
Basics
Scanning
General
Coming Soon
© 2006 David R. Snow. All rights reserved. ▬▬▬▬▬▬▬▬▬
|
How to Use the Windows Registry EditorIntroduction The windows Registry Editor (regedit.exe) included with Windows 2000 and Windows XP is an easy to use utility for managing the data in the system registry. The system registry is a very large repository of data used by the operating system by programs to store data. The advantage of using this registry is that the data in it does not disappear when the program or the Windows operating system is shut down. This gives Windows and the programs running under Windows the means of having permanent memory. The data stored in it may be anything from the position and size of a Window on the Desktop, fonts, colors, etc. up to data essential to the correct functioning of Windows itself. Windows is so dependent on the data in the registry that if the registry becomes corrupted the system may not even be able to boot.
That having been said, the Registry Editor is used every day by countless users without causing any damage. It is important that you be careful, and there are a couple of tricks that make using the Registry Editor not only safer, but even easier to use. I worked as a Microsoft telephone technical support technician for four and a half years. I directed my customers in using the Registry Editor on a daily basis. No customer that I handled ever suffered damage to his registry while following my directions. In this tutorial I will show you how to use regedit safely and surely, providing only that you show reasonable care. The Registry Editor Interface The Registry Editor is started by going to Start, clicking Run and in the Open: editor box typing "regedit" (without the quotes) and hitting the Enter key or clicking OK. The Registry Editor will then open. Below is a screen shot of the Windows XP Registry Editor. The appearance of the Windows 2000 Registry Editor is nearly identical, as is its use.
View 1. The Registry Editor user interface as shown in view 1 is straightforward. The menu is the usual type of menu found in Windows programs, and there are two panes, with a vertical bar between them that can be dragged with the mouse to adjust their width. In the left pane we see My Computer, the root of the registry (programmers draw trees with the roots pointing up) and the five main "leaves." Actually, these "leaves" are normally referred to as root keys. In the view shown here no additional subkeys are visible. You will often encounter abbreviations for the names of the five root keys so lets list them here:
Thus, the key My Computer\HKEY_LOCAL_MACHINE can also be listed as My Computer\HKLM. As all keys start with My Computer, this top level key is usually omitted. Note that the folder icon for HKEY_LOCAL_MACHINE in the view above has a slightly dirrerent appearance from the other folders. This shows that this key has been selected by left-clicking once on it. Regedit shows which key is currently selected key in the status bar along the bottom of its window. The "\" signifies that HKEY_LOCAL_MACHINE is a subkey of My Computer. The right pane shows the values contained in the selected key. There are three columns in the pane, showing the name of the value, the type of the valu, and the contents. In this no values have been added to the key, and the default value, an unnamed value associated with all keys, has not been set. Although HKEY_LOCAL_MACHINE in the view above does not have any values assoviated with it, it is by no means empty. Note that there is a "+" to the left of the folder icon for it in the left pane. The presence of this "+" to the left of a key informs us that the key contains subkeys. If a key does not contain any subkeys there will be no "+" next to the name. In the next view we will the contents of HKEY_LOCAL_MACHINE.
View 2. In view 2 we see a view with HKLM (remember, that is the abbreviation for HKEY_LOCAL_MACHINE) expanded, or opened--both terms are used. A key that contains subkeys can be opened either by left-clicking once on the "+" or by double-clicking on the name of the key. An expanded key has a "-" instead of a "+." An opened key can be closed again by left-clicking once on the "-" or by double-clicking the name. When a key is opened, its subkeys are shown below it and indented. In this view, the SYSTEM subkey of HKLM has been opened, and the Select subkey of SYSTEM has been selected. Once again, note that the name of this subkey along with its full path is shown in the status bar. This key does contain values, as shown in the right pane. There are four named values besides the default value, which in this case is also not set. For each value we see the type as well as the contents. REG_DWORD refers to a 32 bit number. On a Pentium processor a double word refers to a 32 bit integer--if you do not know what this means, don't worry about it, you do not need to know this to use regedit effectively. REG-SZ types are simply text variable, such as "This is an example of a possible REG_SZ content." The SZ means it is a zero terminated string, which tells us... Never mind, you don't need to know this to use regedit. To a programmer who writes programs in C or C++ such matters are vital. The rest of us do not need to know. You now know the basics of navigating through the registry, so now let's learn how to add values to the registry and delete them. In fact, let's learn how to do something with the registry that is actually useful. We will now make an entry in the registry that will make Notepad open when you start your computer. After testing this to make sure it worked, we will then delete it. Perhaps you are thinking that this does not sound particularly useful, but this same basic technique can be used to start just about any other program. Also, deleting the key is a method of keeping unwanted programs from starting. Ever had a program that started every time you booted your computer, and you couldn't make it stop? At the end of this tutorial you will know one way of stopping unwanted startup programs. To make Notepad start at boot time, we have to add a REG_SZ value to the following key, giving as a data value the full path to Notepad, or better yet, notepad.exe: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This is one of the famous Run keys you may have heard about. We will give the value we add the name of "Notepad," but the exact name is unimportant, as long as it does not duplicate the name of a value already in the key. Start the Registry Editor. Go to Start, click Run and then type "regedit" (without the quotes) and hit the Enter key or click OK. The Registry Editor will open. Hopefully the left pane will appear as is view 1, showing just the root keys, but regedit has the characteristic of remembering what the last key was that was selected, and is reopens to this key. If regedit was used previously on your system, it may be opened to some key deeply embedded in the tree, and what you see on the left side will be utterly confusing. You can now close the tree as shown above by going up the tree and clicking on each opened tree you encounter, but there is an easier way. Use the left arrow key in the inverted T on your keyboard. The first click of the left arrow selects the first key in the next opened key above. If you are already positioned on the first subkey of an opened key, the next click of the left arrow key will close the key. The next click will take you to the first subkey of this level of the hierarchy, and so on. This is easier to show than to explain, so just try repeatedly hitting the left arrow key, and you will find that the tree closes down to the state shown in view 1, and then down to where all you see is My Computer with a "+" next to it. At that point, one click of the right-arrow key will open My Computer to show the root keys as in view 1.
To go to the Run key shown above, click on the "+" next to HKEY_LOCAL_MACHINE. Next open the SOFTWARE key, this time by double-clicking SOFTWARE so as to try out the other way of opening a key. Then go on and open the next subkeys, namely Microsoft, Windows, and CurrentVersion. Then go down the list of subkeys in CurrentVersion and find Run. Do not open Run, just highlight it by left-clicking once on its name. The right pane will now show you the contents of this key, certainly different from my computer, but view 3 will give you an idea of what you should see:
View 3. We will now enter a value in the Run key that will cause Notepad to start when you boot your computer.
Left-click on the Run key in the left pane to select it. When selected it will be highlighted. In the menu at the top of regedit select Edit, and then select new. From the pop-up menu select String Value. A new value will appear in the right pane with the name of New Value #1, highlighted and ready to edit. Enter the name you want, in this case "Notepad" (without the quotes.) Hit the Enter key when you are finished entering the name. If you make a mistake and need to start, you can edit the name by highlighting the value name, selecting Edit, and then rename, or in the Edit menu you can select Delete (or hit the DEL key on your keyboard) to delete the value and start over.
The Notepad value we have just entered does not yet have a value assigned to it. We need to give it the path of Notepad on your system. If you are using Windows 2000 or Windows XP that was installed as an upgrade to Windows 2000, the full path name of notepad is probably a:\WINNT\notepad.exe. If you are using Windows XP the full path name is probably a:\Windows\notepad.exe. It is best to check the path of a program before entering it in a run key to be sure it is correct. Here is how I do it. Open My Computer, the open you system drive, normally C:. Then go to the folder where the program is located, in this case WINNT or Windows, and confirm that notepad.exe is there. Then in regedit select the Notepad value by left-clicking it, and in the Edit menu (or right-click pop-up menu) select Modify, then enter the full path name of notepad.exe in the Value data editor box. Better yet, use the clipboard:
Trick 3 gets the path into the Edit String line, but you still have to add "\notepad.exe" (without the quotes) by hand. Click on OK, and then close the Registry Editor. Restart your computer, and (providing you got everything right) Notepad will start as the Desktop opens. Now go back to Start, Run (regedit will still be there) and click OK. The registry will open to the Run key we were just using. Select the Notepad value and hit DEL on your keyboard (or use any of the other methods you now know) to delete the value. Now clean up the appearance ok regedit for the next time it is opened. Use the left-arrow key (see Trick 1) and collapse the tree down to where is looks like view 1. That way it will look good the next time someone (perhaps you) opens it. Be careful that you do not abuse one feature of the Registry Editor. In the Edit menu there is a search function. Many users will use this search to find keys or values in the registry based on a name or data content, and based on the name or content attempt to divine their purpose, and make changes. This is a dangerous practice, that gets users in trouble! Only the programmer who programmed the code that uses these keys and values really knows what they are used for and what side effects they can have. Support technicians doing support for Microsoft are generally prohibited from having customers do registry searches except in special instances, and this is a good rule for everyone to follow.
You now know how to use the Registry Editor in a safe manner, and as an added bonus you have a head start on the tutorial How to keep startup programs from starting. |
|