18.1. About the Registry
The Registry first appeared in Windows 3.1, in a file called Reg.dat and was mainly used to store information about OLE objects. At that time, several files, namely, Win.ini, System.ini, and other .ini files that were application-specific, carried out the bulk of what is handled by today's Registry.
System.ini maintained information and settings for the hardware (disk drives, memory, mice, and so on). Win.ini controlled the desktop and the applications that were installed. Changes to device drivers, fonts, system settings, and user preferences would all be recorded in the .ini files, and new applications added their information to the .ini files too.
This all worked pretty well until the number of applications grew and their complexity increased, because each installed application added a raft of information to the Registry to the point where it was obvious its 64kB file size limit would be reached. Additionally, everyone made additions to the .ini files, but no one ever deleted anything, even if the application was upgraded or uninstalled. So System.ini and Win.ini grew and grew, and as they grew, performance degraded.
To counter this problem, software vendors started supplying .ini files of their own, and instead of the Windows .ini files containing application-specific information and settings, they contained only pointers to the custom .ini files. This seemed like a good idea at the time; however, good ideas sometimes create problems of their own. In this case, it was the fact that a large number of .ini files began appearing throughout the system, and since an application's .ini settings could override those of Win.ini, there was no systemwide setting that had priority. Anything could happen!
In 32-bit Windows, Registry's role was expanded to include all the operating system and application settings and preferences, doing away with the necessity for .ini files.
As it is today, the Registry is a set of files, called hives, which control all aspects of the operating system and how it interacts with the hardware and software that operate within it. It brings together all the information previously held in Reg.dat and all the .ini files. It was designed to work exclusively with 32-bit applications, and its file size has been increased to about 30MB. With the exception of the hive that controls hardware (which is re-created every time you log on), you can find a list of the hive files in the following Registry key.
HKEY_LOCAL_MACHINESystemCurrentControlSetControlhivelist
18.1.1. What the Registry Does
Without the Registry, Windows will not have enough information to run. It certainly will not have enough information to control devices, to run, and to control applications, or to respond to user input. The Registry essentially performs the following functions.
Hardware and device driver information: In order for the operating system to access a hardware device, it gets the location and settings of the driver from the Registry, even if the device is a basic input/output system (BIOS)-supported device. Drivers are independent of the operating system, but Windows still needs to know where to find them and how to use them. So information such as their filename, location, version, and configuration details must be accessed, otherwise they would be unusable.
Application information: When you launch an application, the Registry supplies all the information the operating system needs in order to run it and manage it.
The Registry also contains information like file locations, menus and toolbars, window status, and other details. The operating system also stores file information in the Registry, such as installation date, the user who installed it, version number, add-ins, and so on.
Often, applications store temporary or runtime information in the Registry, such as the current position of a window, the last document opened by a user, or the value of a Don't display this check box.
18.1.2. What the Registry Controls
The Registry doesn't control anything, but it does contain information that is used by the operating system and applications to control almost everything. The type of information that the Registry stores is about users and machines (computers). That's why there are only two persistent Registry hives: HKEY_LOCAL_MACHINE and HKEY_USERS.
Every Registry entry controls either a user function or a computer function. User functions include customizable options, while computer functions include those items that are common to all users, such as the printers and the software installed on a computer.
Some other examples of user functions controlled by the Registry include:
Some of these functions are the same regardless of the user, while others are user-specific.
Computer-related items are based on the computer name, without regard to the specific user, for example, installing an application. Availability and access to the application are constant, regardless of the user; however, icons to launch the application are dependent on the user. Network protocol availability and priority are based on the computer, but current connections are based on user information.
Some examples of computer-based control items in the Registry include:
The Windows Registry is much more complex than the older .ini files, but then 32-bitWindows is also far too complex for them now. It is time, then, to acquire an understanding of how the Registry works, what it does, and how to work with it. The remainder of this chapter is devoted to just that.
18.1.3. Accessing the Registry
You can access the Registry with a built-in Windows utility called the Registry Editor. There are two flavors of Registry Editor: RegEdit.exe and Regedt32.exe.
18.1.3.1. RegEdit.exe
Prior toWindows NT, Regedit.exe was a 16-bit application for editing the Registry on 16-bitWindows platforms. It was included in Windows NT and 2000 for backward compatibility, but due to its limited functionality under the 32-bit environment, Microsoft recommends that you use Regedit.exe only for its search capabilities on Windows NT 4.0 and Windows 2000.
Note: Microsoft rewrote RegEdit.exe as a 32-bit application for Windows XP and Windows Server 2003, so, on those platforms, RegEdit.exe is the preferred 32-bit Registry Editor.
18.1.3.2. Regedt32.exe
Prior toWindows XP and Windows Server 2003, Regedt32.exe was the preferred 32-bit Registry Editor for Windows NT and 2000. But, of course, nothing is perfect, and Regedt32.exe had limitations, for example, it could not import or export Registry entries (.reg) files.
Now, under Windows XP andWindows Server 2003, Regedt32.exe is a simple wrapper program that runs Regedit.exe. On Windows NT and 2000, you should use Regedt32.exe; whereas on Windows XP and Windows Server 2003, you can use either Regedt32.exe or RegEdit.exe.
18.1.3.3. Launching and Using the Registry Editor
You won't find the Registry Editor on the Start menu. As it's not something that Microsoft wants the average user to fool around with, the only way to launch it is via the Run dialog box.
Type regedit or regedt32, then click OK. The Registry Editor is displayed.
Figure 18-1 shows the Registry Editor with the HKEY_CURRENT_USER hive (the purpose of which is explained in Registry Organization, below) expanded to show some of its keys, subkeys, and values. You can think of keys and subkeys as being like the hierarchy of folders and subfolders in the Windows file system. As its name suggests, a value is a named container for a single piece of information, such as the width of a menu. The Registry Editor's right-hand pane shows the values contained within the subkey selected in the left pane. With the exception of a default value that is present in every subkey, each value has its own unique name. The icon to the left of each value indicates its data type.
18.1.4. Registry Organization
The Registry tree is divided into the following six sections (five in Windows NT). These major sections are called Root Keys, much like c: is the root directory of your hard disk. Since the Registry can differ greatly from one operating system version to another, we have shown the most common keys, and for the sake of simplicity, we have listed them in the order in which they appear in the Registry Editor (see Figure 18-2).
Figure 18.1. Figure 18-1
Figure 18.2. Figure 18-2
18.1.4.1. HKEY_CLASSES_ROOT
This branch of the Registry tree is actually an alias for HKEY_LOCAL_MACHINESoftwareClasses, and contains information about file associations, documents, and OLE objects. It is a very large branch, containing several thousand entries at the first level alone.
The first group contains subkeys that look like file associations, and they are. Each of these subkeys contains a reference to the second group that makes up the remainder of the first-level subkeys. These are the class definitions associated with the relevant document. The class definitions contain information that includes the following:
A descriptive name for the document type (as you might see in the Windows Explorer type column). See Figure 18-3.
A pointer to the default icon.
Information about how the application handles the documents as OLE objects.
Information about how the documents are manipulated from the Windows shell (what context menu actions can be taken). See Figure 18-4.
HKEY_CLASSES_ROOT is updated every time an application is installed or removed.
Figure 18.3. Figure 18-3
Figure 18.4. Figure 18-4
18.1.4.2. HKEY_CURRENT_USER
This branch is built during logon and is an alias for the current user's subkey in the HKEY_USERS branch (see below), and contains user-specific information. There are seven major subkeys in this branch, but depending on how your system is set up and what's installed, you might find some extra ones.
18.1.4.2.1. AppEvents
This subkey contains information about the sound files that are specified for individual system and application events, for example, the Windows Logon sound and the MailBeep sound. The AppEvents subkey contains two subkeys of its own: Event Labels, which contains the event names, and Schemes, which contains references to the actual sound files organized by the application.
18.1.4.2.2. Console
This subkey contains all the user options for the MS-DOS Windows, including layout, screen color, and font settings.
18.1.4.2.3. Control Panel
This subkey contains many other subkeys for all the Control Panel settings, such as color schemes, screen savers, keyboard repeat rate, mouse speed, and so on.
18.1.4.2.4. Environment
This key contains the environment settings, specifically the temporary file locations. The Environment subkey contains the environment variables that you would see in DOS when you typed SET at the command line. Much of the information contained in this key is connected to the System applet in the Control Panel.
18.1.4.2.5. Identities
If Outlook Express 5.x (or later) is installed, there will also be an Identities key. This key contains other subkeys for Outlook Express account, e-mail, and newsgroup settings, and the MSN Messenger, if installed.
18.1.4.2.6. InstallLocationsMRU
This subkey contains a historical list of the locations from which programs were most recently installed. The acronym MRU stands for most recently used.
18.1.4.2.7. Keyboard Layout
This subkey contains three other subkeys that contain information about the current keyboard layout, which you can set using the Control Panel's Keyboard properties. The Preload subkey contains a value for each installed keyboard layout. These values point to keys in HKEY_LOCAL_MACHINESystem CurrentControlSetControlKeyboard Layouts, which contains references to the keyboard drivers.
18.1.4.2.8. Network
This subkey contains two other subkeys that describe the mapped network drives, including persistent connections and recent connections. These subkeys contain values for the connection type and the provider name of each connection
18.1.4.2.9. Printers
This subkey contains information about the current user's installed printers. There may also be a subkey for each remote printer, if installed.
18.1.4.2.10. RemoteAccess
This subkey contains address and profile subkeys for the user's dial-up and networking connections. The subkey itself contains global connection details, such as the area code and the number of redial attempts, whereas the Address and Profile subkeys contain settings for specific connection.
18.1.4.2.11. Software
This subkey is easily the largest key in the Registry, and is one of the two Registry keys that are intended to be used for applications; the other being HKEY_LOCAL_MACHINESoftware, which is discussed below.
The Software subkey contains vendor-specific subkeys that describe the current user's software settings and a raft of application-specific information that were previously stored in the Win.ini or custom vendor .ini files under Windows 3.x. Each vendor subkey contains a separate subkey for each software application supplied by that vendor. The subkeys and values below them are completely determined by the vendor, but typically contain user preferences, histories, and so on.
Of particular interest to VB and VBA programmers is the HKEY_CURRENT_USERSoftwareVB and VBA Program Settings key, which has been set aside specifically for us. Naturally, you will find this key mirrored in HKEY_USERScurrent user subkeySoftwareVB and VBA Program Settings.
18.1.4.2.12. UNICODE Program Groups
This key contains information about the installed applications that use Unicode.
18.1.4.3. HKEY_LOCAL_MACHINE
The HKEY_LOCAL_MACHINE branch contains all the computer-specific settings, including hardware configuration and any computer-specific settings for installed software. In Windows XP, there are five major subkeys in this branch.
18.1.4.3.1. Hardware
This subkey contains profiles for all the hardware that has been installed on the computer, for example, device drivers, resources (like IRQ assignments), and other details. All the information contained in this subkey is built during startup and deleted again during shutdown. That being the case, you should only use this subkey for viewing, not writing.
18.1.4.3.2. SAM
This subkey contains all the user and group account information for the Security Account Manager (SAM). The information in its subkeys is maintained in User Manager. The information contained in this subkey is also mapped to HKEY_LOCAL_MACHINESecurity, so changes to either are immediately reflected in the other.
You should not attempt to change anything in here unless you want to reformat your hard disk afterwards. Since all the data is binary, you would probably need C3PO to decipher it anyway.
18.1.4.3.3. Security
This subkey contains all the security information for the computer, such as password policies, user rights and permissions, and the groups to which each user belongs. The information in its subkeys is maintained in User Manager. You should not attempt to change anything in here either.
18.1.4.3.4. Software
As mentioned earlier (in HKEY_CURRENT_USERSoftware), this subkey contains specific configuration information about the software installed on the computer. The entries under this subkey apply to all users, not just the current user, and contain information about what software is installed, and also define file associations and OLE information.
You will also notice under this key, a subkey called Classes, which is an alias for HKEY_CLASSES_ROOT.
18.1.4.3.5. System
This subkey contains other subkeys that contain the persistent information about devices and parameters that the system needs in order to start up. This includes control sets that contain information like the computer name, subsystems that need to be started, hardware configuration for devices and drivers that the operating system loads, specific hardware profile information when multiple hardware profiles are configured, file system services, and so on.
18.1.4.3.6. HKEY_USERS
This branch contains all the settings for the current user and the default user. Depending on the number of users registered on the system, there can be a variable number of subkeys.
18.1.4.3.7. .DEFAULT
The settings in this key constitute the default template that is applied when new users are added to the system, and includes user profiles, environment, screen, sound, and other user-related settings. If you change any of the settings in this subkey, all new users will inherit the same settings. Existing users will retain their existing settings, though.
The information for the current user changes according to who is logged on. The user information is represented by subkeys whose names represent each user's security ID (SID).
S-1-5-21-1475383443-718524000-196120627-1006
There may be several subkeys such as this, each representing a user who has logged on to the system. The number is the user's SID. Every user on the network is assigned an SID by User Manager for domains, and each SID is unique. The information will change, therefore, depending on who is currently logged on.
The information for this key is gleaned from the NTUSER.DAT file, found in the user's profile directory (c:Documents and Settingsusername). This subkey carries the same data as HKEY_CURRENT_USER:
S-1-5-21-1475383443-718524000-196120627-1006_Classes
For every user key, there will be a _Classes key, like this one. This is where HKEY_CURRENT_USER gets its Network and Software subkey information.
18.1.4.4. HKEY_CURRENT_USER
This branch contains all of the details for the profiles that are current in the system, and is taken from HKEY_LOCAL_MACHINE at system startup.