Home > Articles > Home & Office Computing > Microsoft Windows Vista & Home Server

Using Regedit to Edit the Windows Vista Registry

  • Jan 25, 2008
If you ever need to edit the Vista Registry by hand, Regedit is the tool. It's not without its dangers, however. Robert Cowart and Brian Knittel cover the basics of the Registry editor to help get you started.
This chapter is from the book

This chapter is from the book

Special Edition Using Microsoft Windows VistaSpecial Edition Using Microsoft Windows Vista

Learn More Buy

This chapter is from the book

This chapter is from the book

Special Edition Using Microsoft Windows VistaSpecial Edition Using Microsoft Windows Vista

Learn More Buy

Most people never need to edit the Registry by hand because most Registry keys are set by the software that uses them. For example, Microsoft Office sets its own preference values, and the Control Panel applets set the appropriate Display, Sound, and Networking Registry entries. In a way, the Control Panel is mostly just a Registry editor in disguise.

However, you might need to edit the Registry by hand if you're directed by a technical support person who's helping you fix a problem, or when you're following a published procedure to make an adjustment for which there is no Control Panel setting.

In the latter case, before going any further, I need to say this one last time, to make it absolutely clear: Unless you're quite certain that you can't make a mistake, back up the Registry (or at least the section you want to change) before making any changes.

The next few sections cover the basics of the Registry editor.

Viewing the Registry

The Registry editor doesn't have a Start menu item. The easiest way to run it is to type regedit into the Search field on the Start menu. When regedit appears in the results pane under Programs, take one of the following actions, depending on your needs:

  • If you are logged on as an Administrator, press Enter or click regedit. When the User Account Control dialog box appears, click Continue. The Registry editor will run with full elevated privileges.
  • If you are not logged on as an Administrator but need to change settings in only the HKEY_CURRENT_USER section of the Registry, press Enter or click regedit. The Registry editor will run with reduced privileges, and you will not be able to change systemwide settings.
  • If you are not logged on as an Administrator but need to change systemwide settings in HKEY_LOCAL_MACHINE, right-click regedit and select Run as Administrator. Enter an Administrator account's username and password. The Registry editor will then run with full elevated privileges.

NOTE

The reason for these complicated variations is that malicious programs and email attachments can easily abuse the Registry editor, so it's subject to User Account Control restrictions, for good reason. The editor must be running in elevated mode to modify Registry keys that are secured to be changeable only by the Administrator. By the way, there is no indication in the Registry editor's title bar to tell whether it's running with elevated privileges—you just have to remember.

Regedit displays a two-pane display much like Windows Explorer, as shown in Figure 31.2. The top-level keys, which are listed below Computer, can be expanded just like drives and folders in the Explorer. In the pane on the right are the values for each key. The name of the current selected key appears in the status bar.

Figure 31.2

Figure 31.2 The Regedit screen shows keys on the left and values on the right.

Values have names, just as the files in a folder do, and it's here that configuration information is finally stored. Each key has a (Default) value, which is the value of the key itself, and any number of named values. For example, Figure 31.2 shows the key HKEY_CURRENT_USER\Desktop. The value of HKEY_CURRENT_USER\Desktop itself is undefined (blank), and the value HKEY_CURRENT_USER\Control Panel\Desktop\DragFullWindows is 1.

Registry values have a data type, which is usually one of the types shown in Table 31.2. The Registry editor display lists values by their technical names.

Table 31.2. Data Types Supported by Regedit

Technical Name

"Friendly" Name

Description

REG_SZ

String value

Textual information, a simple string of letters.

REG_BINARY

Binary value

Binary data, displayed as an arbitrary number of hexadecimal digits.

REG_DWORD

DWORD (32-bit) value

A single number displayed in hexadecimal or decimal.

REG_QWORD

QWORD (64-bit) value

A single number displayed in hexadecimal or decimal. QWORD values are used primarily by 64-bit Windows applications.

REG_MULTI_SZ

Multistring value

A string that can contain more than one line of text.

REG_EXPAND_SZ

Expandable string value

Text that can contain environment variables (such as %TEMP%).

Other data types, such as REG_DWORD_BIG_ENDIAN and REG_RESOURCE_LIST, exist, but they are obscure and rare and can't be edited with Regedit.

Searching in the Registry

You can search for a Registry entry by key name, value name, or the contents of a value string. First, select a starting point for the search in the left pane. You can select Computer to select the entire Registry, or you can limit your search to one of the top-level keys or any subordinate key. Next, select Edit, Find from the menu and enter a search string in the Find dialog box. The Find feature is not case-sensitive, so upper- and lower-case don't matter. You can check any of the Look At boxes, shown in Figure 31.3, to designate where in the Registry you expect to find the desired text: in the name of a key, in the name of a value, or in the data, the value itself.

Figure 31.3

Figure 31.3 In the Find dialog box, you can choose whether to search key names, value names, or value data.

Check Match Whole String Only to search only for items whose whole name or value is the desired string.

NOTE

Most of the time, I check all the Look At boxes except Match Whole String Only.

Select Find Next to start the search. The Regedit display indicates the first match to your string; by pressing F3, you can repeat the search to look for other instances.

TIP

The search function has two limitations:

  • You can't enter a backslash (\) in the search string when looking for a key or value name; Regedit won't complain, but it won't find anything, either.
  • You can't search for the initial HKEY_xxx part of a key name. That's not actually part of the name; it's just the section of the Registry in which the key resides.

For example, to find a key named HKEY_CLASSES_ROOT\MIDFile\shell\Play\Command, you can't type all that in and have Find jump right to the key. If you already know the full pathname of a key, use the left pane of Regedit to browse for the key directly.

Also remember that Windows Vista might store information in some places you are not familiar with.

Editing Keys and Values

Regedit has no Save or Undo menu items. Changes to the Registry happen immediately and permanently. Additions, deletions, and changes are for real. This is the reason for all the warnings to back up before you poke into the Registry.

Adding a Value

To add a value to a key, select the key in the left pane and choose Edit, New. Select the type of value to add; you can select any of the supported Registry data types, which are listed by the "friendly" names shown previously in Table 31.2. The instructions you're following indicate which type of value to add. A new value entry then appears in the right pane, as shown in Figure 31.4.

Figure 31.4

Figure 31.4 New Value adds an entry in Rename mode. Type the correct name and then press Enter.

Enter the new value's name and press Enter to edit the value.

  • For string values, enter the text of the desired string.
  • For DWORD values, choose Decimal or Hexadecimal, and enter the desired value in the chosen format (see Figure 31.5).
    Figure 31.5

    Figure 31.5 You can choose to enter a DWORD value in either decimal or hexadecimal notation.

  • For binary values, enter pairs of hexadecimal characters as instructed. (You'll never be asked to do this, I promise.)

Changing a Value

If you want to change a value, double-click it in the right pane to bring up the Edit Value dialog box. Alternatively, right-click it and select. Then make the desired change and click OK.

NOTE

Many of the keys that control Windows itself have access restrictions and can be modified only by an Administrator.

That is all you will likely ever need to do with Regedit. However, in the extremely unlikely case that you want to delete a value or add or remove a key, the following sections can help see you through these processes.

Deleting a Value

If you've added a Registry value in the hope of fixing some problem and found that the change wasn't needed, or if you're instructed to delete a value by a Microsoft KnowledgeBase article or other special procedure, you can delete the entry by viewing its key and locating the value on the right pane.

Select the value and choose Edit, Delete from the menu, or right-click and select Delete from the context menu. Confirm by clicking OK.

CAUTION

There is no Undo command in the Registry editor—when you delete a value, it's gone for good. Be sure you've made a Registry backup before editing or deleting Registry keys and values.

Adding or Deleting a Key

Keys must be added as subkeys of existing keys; you can't create a new top-level key. To add a key, select an existing key in the left pane and select Edit, New, Key from the menu.

Alternatively, right-click the existing key and select New, Key from the context menu. A new key appears in the left pane, where you can edit its name, as shown in Figure 31.6. Press Enter after you enter the name.

Figure 31.6

Figure 31.6 A new key appears in Rename mode.

You can delete a key by selecting it in the left pane and choosing Edit, Delete from the drop-down menu, or by right-clicking it and selecting Delete from the context menu. Click OK to confirm that you intend to delete the key. Deleting a key deletes its values and all its subkeys as well, so without the protection of Undo (or a Registry Recycling Bin), this action is serious.

Renaming a Key

As you have probably guessed, the pattern for renaming a key follows the Explorer model exactly: Choose the key in the left pane and select Edit, Rename, or right-click the key and select Rename. Finally, enter a new name and press Enter.

CAUTION

Don't attempt to rename keys without a very good reason, such as because you mistyped the name of the key you were adding. If Windows can't find specific Registry keys it needs, Windows might not boot or operate correctly.

Using Copy Key Name

As you have probably noticed by now, the names of Registry keys can be quite long, tortuous things. The Registry editor offers a bit of help to finger-fatigued Registry editors (and authors): Choosing Edit, Copy Key Name puts the name of the currently selected key into the Clipboard so you can paste it elsewhere if you need to. For example, when you've found a neat Registry trick, you might want to email your friends about it.

Advanced Registry Editing

The Registry editor has some advanced features that you'll need only if you're managing a network of Windows computers or if you run into serious problems with your Windows installation.

TIP

One advanced feature is the Favorites list. You can create bookmarks for Registry keys that you visit frequently. Simply locate the key of interest and click Favorites, Add to Favorites. You can change the name of the bookmark, if desired. Then press OK to create the Favorite. Later, you can select the entry from the Favorites menu to jump right to the desired Registry key.

We discuss several advanced techniques in the following sections.

Editing the Registry of a Remote Computer

The Registry editor permits Administrators to edit the Registry of other computers on a network. Of course, this operation is highly privileged; you must have Administrator privileges on the computer whose Registry you want to edit, and the Remote Management service must be running on the remote computer.

To edit a remote computer's Registry, choose File, Connect Network Registry. Next, enter the name of the remote computer, or click Advanced and then Find Now to select one graphically; then click OK.

When you're connected, the computer's Registry keys appear in the list along with your own, as shown in Figure 31.7.

Figure 31.7

Figure 31.7 Viewing and editing a remote computer's Registry

NOTE

If you want to connect to the Registry on another computer, the Remote Registry service must be running. On Windows XP, this service is enabled by default. On Windows Vista, it is not. You must change the service's startup mode from Manual to Automatic, or you must use Windows management tools to start the service on the other machine before you can edit its Registry remotely.

Note that only the two main "real" top-level keys appear: HKEY_LOCAL_MACHINE and HKEY_USERS—the virtual keys do not. When you have finished editing the remote computer's Registry, right-click its name in the left pane and select Disconnect.

CAUTION

You can't use File, Export or File, Import to save or load a remote Registry's values. These commands might appear to work, but they operate only on the local computer's Registry.

NOTE

The Remote Registry editing system uses TCP port 139, so before you can connect to a computer whose Registry you wish to edit, that computer must have an exception in Windows Firewall for Windows File and Printer Sharing. On Windows XP, File and Printer sharing is an item in the firewall's Exceptions list. On Windows Vista, you must enable File Sharing on its Network and Sharing Center, and you must also enable Remote Management on its firewall Exceptions tab.

On both Vista and XP, you must also enable the Remote Registry service. It's set to "manual" startup by default, so you must change the service's setting to Automatic and start it on each computer that you want to manage remotely.

Finally, you may not be able to edit the HKLM registry section of a computer on which User Account Control is enabled.

Editing Registry Entries for Another User

If you open a Registry editor and look under HKEY_USERS, you will find that the only available subkeys are .DEFAULT, three or more entries for system services, and your own long, numeric subkey, which is also accessible as HKEY_CURRENT_USER. As I mentioned earlier, Windows stores various parts of the Registry in data files called hives and loads the hive containing your part of HKEY_USER only when you are actually logged on. When you log out, your subkey is unloaded from the Registry, and the hive file is left in your user profile folder. (If you have a roaming user profile, your profile folder is copied back to the domain server. That's how your preference settings follow you from one computer to another.)

As an administrator, you might find it necessary to edit HKEY_USER entries for another user. For example, a startup program in HKEY_CURRENT_USER\Software\Windows\CurrentVersion\Run might be causing such trouble that the user can't log on. If you can't log on as that user, you can edit his HKEY_CURRENT_USER Registry keys in another way:

  1. Log on as an Administrator and run Regedit.
  2. Select the HKEY_USERS window.
  3. Highlight the top-level key HKEY_USERS.
  4. Select File, Load Hive.
  5. Browse to the profile folder for the desired user. For a local user account, this is in \Users\username. (For a Windows Server domain, look in the folder used for user profiles on the domain controller.) The folder name of this folder might have the computer name or a domain name attached. For example, on one computer, my profile folder name is bknittel.java.
  6. Type the filename NTUSER.DAT. (The file will most likely not appear in the Browse dialog box because it's super hidden: marked with both the Hidden and System attributes.) Then click Open.
  7. A dialog box appears, asking you to enter a name for the hive. HKEY_USERS normally loads user hives with a long numeric name, so I suggest that you type the user's logon name. Click OK. The user's Registry data is then loaded and can be edited, as shown in Figure 31.8.
    Figure 31.8

    Figure 31.8 An offline user's Registry hive is now loaded and can be edited.

  8. When you're finished editing, unload the hive. Select the key you added under HKEY_USERS (for example, daves_key in Figure 31.8), and select File, Unload Hive. Confirm by clicking Yes on the warning dialog box.

Editing Registry Entries for Another Windows Installation

If you need to retrieve Registry entries from an installation of Windows 2000, XP, or Vista on another hard disk or partition, you can load any of that installation's hive files for editing or exporting. This might happen when you do one of the following:

  • Install a new hard disk and install Windows Vista on the new disk, leaving your old installation intact.
  • Encounter a severe Registry error that prevents Windows from booting at all. If you can't use the usual recovery procedure to fix the problem, you can install a fresh copy of Windows onto another drive or partition. When you boot up that copy of Windows, you can load the original installation's Registry files for editing. Then, you can try to boot up the original installation.

To edit the other installation's Registry, you need to locate its hive files. They are usually found in the locations shown in Table 31.3.

Table 31.3. Usual Location of Hive Files

Key

Default Location and Hive File

HKEY_LOCAL_MACHINE\SAM

\windows\system32\config\sam

HKEY_LOCAL_MACHINE\Security

\windows\system32\config\security

HKEY_LOCAL_MACHINE\Software

\windows\system32\config\software

HKEY_LOCAL_MACHINE\System

\windows\system32\config\system

HKEY_LOCAL_MACHINE\Components

\windows\system32\config\components

HKEY_USERS\.Default

\windows\system32\config\default

To edit another Windows installation's Registry, use the technique I described under "Editing Registry Entries for Another User." But instead of locating a user's NTUSER.DAT file, locate the desired hive file on the other hard drive or partition. Unload it after you've exported or corrected the desired information.

In some cases, you will find that you cannot view or modify keys loaded from another installation. This occurs if the keys are protected with security attributes that list specific users or groups defined in the other installation. In this case, you need to first take ownership of the keys and then add yourself as a user who is authorized to read or change they keys. The next section describes this.

Editing Registry Security

Just as files and folders in an NTFS-formatted disk partition have security attributes to control access based on user and group identity, Registry keys and values also have a complete set of Access Control attributes that determine who has rights to read, write, and modify each entry. For example, the Registry keys that control system services can't be modified by non-Administrator users; otherwise, malicious programs or users could conceivably make the entries refer to programs of their choosing, which would then run at a high privilege level. Access controls on the Registry is thus an essential part of Windows security.

NOTE

You rarely should have to modify Registry security settings, but it does happen. The usual case is that an incorrectly designed program places information in HKEY_LOCAL_MACHINE\Software that is intended to be shared and modified by all users running the program. Because Windows does not permit standard users to modify any keys in HKEY_LOCAL_MACHINE\Software by default, the program might malfunction. Modifying permissions so that standard users can edit the shared key is sometimes necessary to fix the problem. Microsoft also sometimes recommends modifying Registry security in one of their all-too-frequent emergency security bulletins.

If you absolutely must change permissions or auditing controls, locate the desired key or value, right-click it, and select Permissions. The Permissions dialog box looks just like the comparable dialog box for files and folders (see Figure 31.9), and lets you set read, write, and modify rights for specific groups and users. You'll find a corresponding set of audit settings.

Figure 31.9

Figure 31.9 Registry Key Permissions control which users or groups are allowed to see or modify the Registry key and its values.

Needless to say, incorrectly changing Registry key access rights can cause profound problems with Windows, so I encourage you not to make any changes to Registry access settings unless you're explicitly instructed to do so.

In most cases, a software vendor supplies precise instructions for making changes necessary to work around an application problem. Here, I describe a general procedure to make a given key readable and writeable by all users. You might do this to make a key capable of sharing information between users, or to repair an alternate Windows installation, as mentioned in the previous section. To set more generous permissions, follow these steps:

  1. Locate and select the key in the left pane.
  2. Right-click it and select Permissions.
  3. Select the Users entry in the top Group or User Names section. If Users is not listed, click Add, type Users, and press OK.
  4. In the lower section, check Full Control and then Apply. If this is successful, click OK.
  5. If you are unable to make the changes even though you're running the Registry editor as an Administrator, click Advanced and select the Owner tab.
  6. If the Current owner is listed as unknown, select Administrators in the lower list and click OK.
  7. Click OK to close the Advanced Security Settings dialog box, and return to Step 3.

Needless to say, this is a risky procedure because it could result in another user or application being unable to access its own Registry keys. Use this as a procedure of last resort.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020