Editing the Windows registry is considered an advanced-level profession, that normal users should not do. We’re pretty sure that you stumbled upon this article because some software you have is not working the way you like it to, and you read from Reddit that editing the Windows registry will fix the problem.
What is the Windows Registry?
The Windows Registry is basically a proprietary database format that stores all the keys and values read by each application, and Windows itself. Indeed, Windows makes extensive use of the registry to edit values at run-time. Windows also updates those registry values which are out-of-date.
What kind of editing is done on the Windows Registry?
There’s 5 different kinds of editing available for the Windows registry:
- Adding and removing keys and values
- Modifying keys and values
- Add and remove folders
- Changing permissions of keys
- Changing the type of values
We will go through each of these in detail.
Adding and removing keys and values
You are able to create a new key and assign it a name and type. Similarly, the key can have one or more values located inside the key, which may each have different types and names themselves. The keys and values have a naming constraint, which means you can’t just name them whatever you want in the Windows registry. That is because some special characters such as space are not allowed to be present inside a registry key.
Modifying keys and values
In the same way you can add and remove keys, you can also modify them. Note that you cannot modify or delete a read-only key. A read-only key is one where the Windows Registry has permissions for a particular key set to read. We will have more to say about this in the “changing permission of keys” section.
Add and remove folders
In the Windows registry, keys are stored inside folders, and these folders might be nested. It is possible to move a key to another folder, but this is only recommended for keys which you have created explicitly.
Changing permissions of keys
Within a particular key or folder, you can edit the permissions of a key just like you’d edit the permissions of a file in File Explorer. It is an idiosyncrasy of Microsoft Windows, that many objects inside the Windows operating system have the same kind of permissions interface, including the Windows registry and Services.
This permission interface allows you to select from built-in users and groups – though you will rarely be using anything other than “Administrators” and your own user accounts – and enable the permissions for read, write, delete or full control, which turns on all of the other permissions – or disable them.
Changing type of values
Technically, the keys themselves do not have a type. It is the values stored inside the key which have a type. A quick rundown of the value types available:
- REG_SZ, a string type
- REG_EXPAND_SZ, a string type that allows environment variables to be expanded
- REG_MULTI_SZ, an array of strings separated by the NUL (0x00) character, and terminated by two NULs
- REG_BINARY, arbitrary binary data
- REG_QWORD, a 64-bit integer
- REG_DWORD, a 32-bit integer
- REG_NONE, a null value
Windows registry “folders”
The terminology “Folders” might be confusing to some, given that these folders can directly store registry values in addition to keys, and other folders. In that sense, it is helpful to think of the registry like this.
As you can see, this structure resembles nothing like a database product at all. Although Microsoft actually says this registry files are heirarchical databases. Here, you can read what they said here.
(and we wonder why there are many security vulnerabilities on Windows!)
At any rate, it is necessary to explain the structure of the Windows registry in more detail because there are crucial elements that haven’t been introduced yet.
The primary object inside the registry is called a hive (like a beehive). A hive is a group of registry keys which are stored in their own file on the filesystem. The Windows registry loads hives from the user’s folder, and the system’s folder, when the user logs in and starts the computer, respectively. Here are some well-known registry hives:
- HKEY_CURRENT_USER (HKCU)
- HKEY_LOCAL_MACHINE (HKLM)
- HKEY_CLASSES_ROOT (HKCR)
- HKEY_USERS (HKU)
- HKEY_CURRENT_CONFIG (HKCC)
Most of these are system hives, which means you must be an administrator to access them (I mean it’s not like the whole Registry Editor tool shows you a User Account Control prompt when you open it). Anyway, another of the idiosyncrasies of the Windows registry.
HKEY_CURRENT_USER is created when the user logs in. It is merely loaded from the user’s home directory in a hidden system file called NTUSER.DAT, in uppercase – not that case matters in Windows file systems anyway. HKEY_LOCAL_MACHINE keys are stored in C:\Windows\System32\Config.
The HKEY_CURRENT_CONFIG and HKEY_CLASSES_ROOT are virtual hives – they do not actually exist on the file system, and are generated automatically by Windows. The former is populated with hardware and system information, and the latter is merged from HKCU\Software\Classes subkey and HKLM\Software\Classes subkey.
Please be aware that like in everything else in Windows, registry paths are separated with backslash (“\”) and not slash.
Important: You cannot reference hives using the acronym. The acronyms are only used by Microsoft geeks so they don’t have to type ugly long hive names.
Keys and subkeys
As you can see in the diagram, a hive can have one or more keys. Additionally, those keys can have zero or more subkeys and zero or more values. Same goes with subkeys – its recursive. In other words, it is possible for what we called a “folder” to have a value directly, and for what we called a “key” to have no value at all.
Editing the Windows Registry
Warning: Windows is not Linux. If you change a registry key of a program to a wrong value, that program will stop working. If you change the key belonging to Windows to a wrong value, it’ll stop working properly and maybe even prevent you from booting successfully. Always export the registry keys before you edit them, or you’ll have a hard time booting in a recovery console, which doesn’t even have network access.
Although Microsoft and their online help & support moderators repeat this chant hundreds of times a day, it is worth mentioning again. It’s a testimony to how the registry is made of glass, and the unlikelihood of Windows ever automatically backing up the registry in future versions. It even predates Windows 95 (It was introduced in Windows 3.1)!
Scary legal disclaimer aside…
Microsoft does not want you to be editing your Windows registry. They took great pains to ensure that it does not appear in the Start Menu unless you type its full name “regedit”, and even then, you’ll be gated by a UAC screen. But that is where are the scary warnings stop, as Microsoft apparently hasn’t updated the regedit codebase in any significant way for decades – though I am open to being proved wrong.
Since Windows 10, you get a reading of the current key you are in on the top left corner, which is editable so that you can paste any registry key in there as well. In prior versions of windows, you only had the left pane listing all the loaded registry keys and hives. This is displayed in a folder-like view similar to a filesystem.
On the right side, you have the values listed with their names, types, and contents. You should bear in mind that in the case of the string types, they are encoded in UTF16-LE. That means, the lowest byte will come first, followed by the highest byte. As an example, “A” is encoded as 0x41 0x00, where 0x41 is the ASCII byte for “A”.
UTF16 just sets the high byte of ASCII characters to 0x00, so here, it is stored in reverse order.
Ok, time to get our hands dirty.
The default value used in editing the Windows registry
Inside each key, you’ll see a value called “(Default)” in each key, without quotes (as they are also forbidden characters), that has no valid and a type of REG_SZ. What is this mysterious value?
The answer is that this is a special value created for every key you create. It can be used to store any kind of string metadata, without having to go through the trouble of creating a key. But if you ask me, I wouldn’t do that, because it looks like sloppy practice.
The Windows registry editor has the standard menu items File, Edit, View, and Help (which just has an about command on it), as well as a Favorites menu for storing frequently-accessed keys. If options are not covered, it is because they are self-explanatory.
The File menu
The file menu allows you to import and export a key, load a hive, unload a hive, connect a network registry or disconnect it, and for reasons unknown, print the key. Why it allows you to do this I don’t know. Of course, it lets you exit the application if the X button isn’t your thing.
This allows you to import a key you have previously exported. The key is stored as a “Registration Entry” file with the suffix .reg. It is particularly handy if you broke your registry configuration and now you want to undo your mess, as this program has no Undo feature.
Saves a key directly to the disk, so that you can restore it if something goes wrong. It will prompt you for a filename, just like the Import button.
This entry is only available if you have selected a hive that is not currently being used by any processes. It allows you to load another hive as a key under the hive you have selected. When clicked, it displays the Open dialog and you can select such files as NTUSER.DAT.
You can use this to unload a hive which you have loaded using the Load Hive button. You can also use it to unload hives that Windows have loaded, but that is dangerous, reckless behavior that you should not attempt under any circumstances except in a disposable virtual machine.
Connect Network Registry…
This option will allow you to load the registry of another Windows computer that is on your local LAN, so you can start editing it. It opens an old-school prompt that allows you to select a computer that has been discovered by Windows over the network.
Disconnect Network Registry…
Use it to disconnect a Windows registry that was loaded using the Connect Network Entry option.
Did you know you can print the contents of a registry key? You get the standard print interface, with the option to choose between printing the entire registry or just the part you have selected. It is not recommended to print the entire registry or large numbers of keys because it will take too long, causing you to force quit the Windows registry editor.
Commands in this section will modify the key you have currently selected, add values to that key, or search for keys.
You’ll only see this if you have selected a value. Clicking on it will open a box where you can type in characters or hex numbers, depending on the type of the value.
Modify Binary Data…
This is also only visible if a value is selected. Unlike the previous command however, it gives you this editor:
You can type in the byte area, or the character area – but not in the leftmost digits because that indicates the byte position – and the other areas will be updated in real-time
Lets you create a subkey, or one of the value types described earlier in this post. Interestingly, there is no option to create a null key.
There is no dialog for creating any of these things. It just creates the key or value directly. Attempting to delete them brings up a scary warning message. If you are doing things properly and not messing up your registry, you can safely ignore it and continue.
Opens the permissions dialog for the particular key. It’s a place where you can edit allowed usernames and groups for permissions for a particular key.
It is better not to mess with most of these user names, because they have been placed there by Windows for a reason. You can allow, and deny permissions. Also, like most other objects in Windows, they can be inherited by subkeys if you elect them to be that way.
This is the place where you can customize how the Windows registry looks and feels. Though this wording is questionable, because the amount of customization you can give to the registry editor is extremely limited. But you also get commands to refresh the screen and change the font used by the program – it opens the standard font selection dialog.
This checkbox, which is only available in Windows 10 and later, will display the Address Bar at the top of the registry editor. It was only available starting in Windows 10 anyway.
Clicking this button will immediately cause the divider between the folder view and the key values list to move where your mouse cursor is. It can be adjusted simply by moving your mouse left and right. Clicking finalizes those changes.
Display Binary Data…
Only enabled when a value is selected, it opens the Binary Data editor I showed you above so that you can see the binary data. This editor also has radio buttons for you to see the data in byte, word, double word, and quadword formats. Though anything other than the byte selection will cause you to lose the Windows -1252 encoding view of the data, which can come in handy.
No picture here because this will be brief. You use this menu to add and remove keys from your bookmarks, frequently used list, favorites, whatever you call it. There are only two commands here – one for adding, and another for removing. The remove button will prompt you what key you want to remove from the favorites. The add button will add the currently selected key into your favorites list.
Should you really be editing your Windows registry?
There are of course other ways you can access these menu options, the simplest being to just click on a key to expand it and reveal its values, and click on a value to edit it – provided it isn’t read-only of course.
Also, right-clicking on any of these keys or values reveals a few of the more common options we have discussed above.
Now of course, I have not answered the question yet. But since you read up to this point, I’m going to assume you are very comfortable with the registry editor. Or maybe you just like a good read. But there’s usually no reason for you to be modifying this stuff unless something is broken, or you’re just a geek or hacker. So, the answer really depends on you. And of course, on whether you’ll remember back up your registry keys before you modify them.