The registry is a central, secure database in which Windows stores all hardware configuration information, software configuration information, and system security policies. Components that use the registry include the Windows kernel, device drivers, setup programs, hardware profiles, and user profiles.
Most of the time, you will not need to access the registry because programs and applications typically make all the necessary changes automatically. For example, when you change your desktop background or change the default color for Windows, you access the Display settings within the Control Panel, and it saves the changes to the registry.
If you do need to access the registry to make changes, you should follow the instructions from a reputable source closely because an incorrect change to your computer’s registry can render your computer inoperable. However, there may be a time when you need to make a change in the registry because there is no interface or program to make the change. To view and manually change the registry, you use the Registry Editor (Regedit.exe), which can be executed from the command prompt, Start Search box, or Run box. See Figure 1.
The Registry is split into several logical sections, often referred to as hives, which are generally named by their Windows API definitions. The hives begin with HKEY and are often abbreviated to a three- or four-letter short name starting with “HK.” For example, HKCU is HKEY_CURRENT_USER and HKLM is HKEY_LOCAL_MACHINE. Windows Server 2008 R2 has five Root Keys/HKEYs:
• HKEY_CLASSES_ROOT: Stores information about registered applications, such
as the file association that tells which default program opens a file with a certain
• HKEY_CURRENT_USER: Stores settings that are specific to the currently logged-in
user. When a user logs off, the HKEY_CURRENT_USER is saved to HKEY_USERS.
• HKEY_LOCAL_MACHINE: Stores settings that are specific to the local computer.
• HKEY_USERS: Contains subkeys corresponding to the HKEY_CURRENT_USER
keys for each user profile actively loaded on the machine.
• HKEY_CURRENT_CONFIG: Contains information gathered at run time. Information
stored in this key is not permanently stored on disk, but rather regenerated at the boot
Registry keys are similar to folders, which can contain values or subkeys. The keys within the registry follow a syntax similar to a Windows folder or file path using backslashes to separate each level. For example:
refers to the subkey “Windows” of the subkey “Microsoft” of the subkey “Software” of the
Registry values include a name and a value. There are multiple types of values. Some of the common key types are shown in Table 1.
Reg files (also known as Registration entries) are text files used for storing portions of the
registry. They have a.reg filename extension. If you double-click a reg file, it will add the
registry entries into the registry. You can export any registry subkey by right-clicking the
subkey and choosing Export. You can back up the entire registry to a reg file by right-clicking Computer at the top of Regedit and selecting export, or you can back up the system state with Windows Backup.
This lesson is a part of Managing Windows Server 2008 R2 chapter from 98-365 Windows Server Administration Fundamentals Prep course. More lessons in this chapter are
The Practice tests included in this course are: