When A User Logs Into Windows, What Registry Key Is Created?

Database for Microsoft Windows

Windows Registry

Registry Editor, the user interface for the registry, in Windows ten
Programmer(southward)	Microsoft
Initial release	Apr 6, 1992; 30 years ago  (1992-04-06) with Windows 3.1
Operating system	Microsoft Windows
Platform	IA-32, x86-64 and ARM (and historically December Alpha, Itanium, MIPS, and PowerPC)
Included with	Microsoft Windows
Blazon	Hierarchical database
Website	docs.microsoft.com/en-u.s./windows/desktop/SysInfo/registry

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to apply the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces tin all apply the registry. The registry also allows access to counters for profiling system operation.

In other words, the registry or Windows Registry contains information, settings, options, and other values for programs and hardware installed on all versions of Microsoft Windows operating systems. For example, when a programme is installed, a new subkey containing settings such as a programme'due south location, its version, and how to start the program, are all added to the Windows Registry.

When introduced with Windows 3.one, the Windows Registry primarily stored configuration information for COM-based components. Windows 95 and Windows NT extended its use to rationalize and centralize the information in the profusion of INI files, which held the configurations for private programs, and were stored at various locations.^{[one] [two]} It is not a requirement for Windows applications to use the Windows Registry. For example, .NET Framework applications use XML files for configuration, while portable applications unremarkably go on their configuration files with their executables.

Rationale [edit]

Prior to the Windows Registry, .INI files stored each programme's settings as a text file or binary file, oft located in a shared location that did not provide user-specific settings in a multi-user scenario. By contrast, the Windows Registry stores all awarding settings in ane logical repository (but a number of discrete files) and in a standardized form. According to Microsoft, this offers several advantages over .INI files.^{[two] [3]} Since file parsing is done much more than efficiently with a binary format, it may be read from or written to more quickly than a text INI file. Furthermore, strongly typed data can be stored in the registry, as opposed to the text information stored in .INI files. This is a benefit when editing keys manually using regedit.exe, the built-in Windows Registry Editor. Because user-based registry settings are loaded from a user-specific path rather than from a read-only organization location, the registry allows multiple users to share the same machine, and as well allows programs to piece of work for less privileged users. Backup and restoration is also simplified every bit the registry can be accessed over a network connection for remote management/support, including from scripts, using the standard set of APIs, as long every bit the Remote Registry service is running and firewall rules permit this.

Because the registry is a database, it offers improved system integrity with features such as diminutive updates. If two processes endeavour to update the same registry value at the same time, 1 process'south change will precede the other's and the overall consistency of the data volition exist maintained. Where changes are made to .INI files, such race weather condition tin can outcome in inconsistent data that does not lucifer either attempted update. Windows Vista and afterward operating systems provide transactional updates to the registry by means of the Kernel Transaction Director, extending the atomicity guarantees beyond multiple key and/or value changes, with traditional commit–abort semantics. (Note yet that NTFS provides such support for the file system as well, so the same guarantees could, in theory, exist obtained with traditional configuration files.)

Structure [edit]

Keys and values [edit]

The registry contains 2 bones elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects like to files. Keys may contain values and subkeys. Keys are referenced with a syntax similar to Windows' path names, using backslashes to bespeak levels of hierarchy. Keys must accept a case insensitive name without backslashes.

The hierarchy of registry keys tin can only be accessed from a known root key handle (which is anonymous but whose constructive value is a constant numeric handle) that is mapped to the content of a registry primal preloaded by the kernel from a stored "hive", or to the content of a subkey within some other root key, or mapped to a registered service or DLL that provides access to its contained subkeys and values.

E.g. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE root key.

There are seven predefined root keys, traditionally named co-ordinate to their abiding handles divers in the Win32 API, or by synonymous abbreviations (depending on applications):^[4]

• HKEY_LOCAL_MACHINE or HKLM
• HKEY_CURRENT_CONFIG or HKCC
• HKEY_CLASSES_ROOT or HKCR
• HKEY_CURRENT_USER or HKCU
• HKEY_USERS or HKU
• HKEY_PERFORMANCE_DATA (only in Windows NT, but invisible in the Windows Registry Editor)^[five]
• HKEY_DYN_DATA (but in Windows 9x, and visible in the Windows Registry Editor)

Like other files and services in Windows, all registry keys may be restricted past access control lists (ACLs), depending on user privileges, or on security tokens caused by applications, or on arrangement security policies enforced by the organisation (these restrictions may exist predefined past the system itself, and configured by local organization administrators or by domain administrators). Different users, programs, services or remote systems may but come across some parts of the hierarchy or singled-out hierarchies from the same root keys.

Registry values are name/data pairs stored within keys. Registry values are referenced separately from registry keys. Each registry value stored in a registry key has a unique proper name whose letter case is not significant. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key. Registry values may contain backslashes in their names, but doing so makes them difficult to distinguish from their key paths when using some legacy Windows Registry API functions (whose usage is deprecated in Win32).

The terminology is somewhat misleading, as each registry central is similar to an associative array, where standard terminology would refer to the proper name part of each registry value as a "key". The terms are a holdout from the 16-fleck registry in Windows 3, in which registry keys could non comprise arbitrary name/data pairs, merely rather contained simply one unnamed value (which had to exist a string). In this sense, the Windows 3 registry was like a single associative array, in which the keys (in the sense of both 'registry key' and 'associative assortment key') formed a bureaucracy, and the registry values were all strings. When the 32-fleck registry was created, and then was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distorted.^[6] For compatibility with the previous behavior, each registry cardinal may have a "default" value, whose name is the empty string.

Each value can shop arbitrary data with variable length and encoding, but which is associated with a symbolic type (defined every bit a numeric constant) defining how to parse this information. The standard types are:^[7]

List of standard registry value types

Type ID	Symbolic type name	Pregnant and encoding of the data stored in the registry value
0	REG_NONE	No type (the stored value, if any)
1	REG_SZ	A cord value, normally stored and exposed in UTF-16LE (when using the Unicode version of Win32 API functions), ordinarily terminated by a NUL grapheme
2	REG_EXPAND_SZ	An "expandable" cord value that tin can incorporate environment variables, unremarkably stored and exposed in UTF-16LE, usually terminated by a NUL character
3	REG_BINARY	Binary data (whatever arbitrary data)
four	REG_DWORD / REG_DWORD_LITTLE_ENDIAN	A DWORD value, a 32-fleck unsigned integer (numbers between 0 and 4,294,967,295 [ii32 – 1]) (footling-endian)
v	REG_DWORD_BIG_ENDIAN	A DWORD value, a 32-bit unsigned integer (numbers between 0 and four,294,967,295 [ii32 – 1]) (big-endian)
half-dozen	REG_LINK	A symbolic link (UNICODE) to some other registry key, specifying a root key and the path to the target key
7	REG_MULTI_SZ	A multi-string value, which is an ordered list of non-empty strings, commonly stored and exposed in Unicode, each one terminated by a null grapheme, the list being usually terminated past a second cipher graphic symbol.[8]
viii	REG_RESOURCE_LIST	A resource list (used by the Plug-due north-Play hardware enumeration and configuration)
nine	REG_FULL_RESOURCE_DESCRIPTOR	A resource descriptor (used by the Plug-n-Play hardware enumeration and configuration)
ten	REG_RESOURCE_REQUIREMENTS_LIST	A resource requirements listing (used past the Plug-n-Play hardware enumeration and configuration)
11	REG_QWORD / REG_QWORD_LITTLE_ENDIAN	A QWORD value, a 64-bit integer (either big- or little-endian, or unspecified) (introduced in Windows 2000)[9]

Root keys [edit]

The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".^[2] They are frequently abbreviated to a 3- or 4-letter of the alphabet short name starting with "HK" (east.yard. HKCU and HKLM). Technically, they are predefined handles (with known constant values) to specific keys that are either maintained in retentiveness, or stored in hive files stored in the local filesystem and loaded past the system kernel at boot time and and then shared (with various admission rights) betwixt all processes running on the local system, or loaded and mapped in all processes started in a user session when the user logs on the system.

The HKEY_LOCAL_MACHINE (local automobile-specific configuration information) and HKEY_CURRENT_USER (user-specific configuration data) nodes take a similar structure to each other; user applications typically look up their settings past start checking for them in "HKEY_CURRENT_USER\Software\Vendor's name\Application's name\Version\Setting name", and if the setting is not establish, wait instead in the same location under the HKEY_LOCAL_MACHINE cardinal^{[ commendation needed ]}. However, the antipodal may apply for ambassador-enforced policy settings where HKLM may take precedence over HKCU. The Windows Logo Program has specific requirements for where dissimilar types of user data may be stored, and that the concept of least privilege be followed then that administrator-level access is not required to use an application.^{[a] [10]}

HKEY_LOCAL_MACHINE (HKLM) [edit]

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are specific to the local computer.^[11]

The cardinal located by HKLM is actually not stored on deejay, only maintained in retentiveness by the system kernel in order to map all the other subkeys. Applications cannot create any additional subkeys. On Windows NT, this key contains four subkeys, "SAM", "SECURITY", "System", and "SOFTWARE", that are loaded at kicking time within their corresponding files located in the %SystemRoot%\System32\config folder. A fifth subkey, "HARDWARE", is volatile and is created dynamically, and as such is non stored in a file (information technology exposes a view of all the currently detected Plug-and-Play devices). On Windows Vista and above, a sixth and 7th subkey, "COMPONENTS" and "BCD", are mapped in retention by the kernel on-demand and loaded from %SystemRoot%\system32\config\COMPONENTS or from boot configuration data, \boot\BCD on the system sectionalisation.

• The "HKLM\SAM" key usually appears as empty for most users (unless they are granted access by administrators of the local system or administrators of domains managing the local arrangement). It is used to reference all "Security Accounts Manager" (SAM) databases for all domains into which the local organization has been administratively authorized or configured (including the local domain of the running system, whose SAM database is stored in a subkey also named "SAM": other subkeys will be created as needed, one for each supplementary domain). Each SAM database contains all builtin accounts (mostly group aliases) and configured accounts (users, groups and their aliases, including guest accounts and administrator accounts) created and configured on the corresponding domain, for each business relationship in that domain, information technology notably contains the user name which can exist used to log on that domain, the internal unique user identifier in the domain, a cryptographic hash of each user'southward countersign for each enabled authentication protocol, the location of storage of their user registry hive, diverse status flags (for example if the account can be enumerated and be visible in the logon prompt screen), and the list of domains (including the local domain) into which the business relationship was configured.
• The "HKLM\SECURITY" central commonly appears empty for most users (unless they are granted access past users with administrative privileges) and is linked to the Security database of the domain into which the current user is logged on (if the user is logged on the local system domain, this key volition be linked to the registry hive stored by the local automobile and managed past local system administrators or by the builtin "Organisation" account and Windows installers). The kernel will access it to read and enforce the security policy applicable to the current user and all applications or operations executed by this user. It also contains a "SAM" subkey which is dynamically linked to the SAM database of the domain onto which the current user is logged on.
• The "HKLM\SYSTEM" primal is normally just writable by users with authoritative privileges on the local system. It contains information about the Windows system setup, data for the secure random number generator (RNG), the listing of currently mounted devices containing a filesystem, several numbered "HKLM\SYSTEM\Control Sets" containing alternative configurations for system hardware drivers and services running on the local arrangement (including the currently used one and a backup), a "HKLM\SYSTEM\Select" subkey containing the status of these Control Sets, and a "HKLM\Organisation\CurrentControlSet" which is dynamically linked at boot time to the Control Set which is currently used on the local system. Each configured Command Fix contains:
  • an "Enum" subkey enumerating all known Plug-and-Play devices and associating them with installed system drivers (and storing the device-specific configurations of these drivers),
  • a "Services" subkey list all installed organization drivers (with non device-specific configuration, and the enumeration of devices for which they are instantiated) and all programs running as services (how and when they can be automatically started),
  • a "Control" subkey organizing the various hardware drivers and programs running as services and all other system-broad configuration,
  • a "Hardware Profiles" subkey enumerating the diverse profiles that take been tuned (each one with "System" or "Software" settings used to modify the default profile, either in system drivers and services or in the applications) too as the "Hardware Profiles\Electric current" subkey which is dynamically linked to 1 of these profiles.
• The "HKLM\SOFTWARE" subkey contains software and Windows settings (in the default hardware profile). It is more often than not modified by application and organisation installers. It is organized by software vendor (with a subkey for each), but also contains a "Windows" subkey for some settings of the Windows user interface, a "Classes" subkey containing all registered associations from file extensions, MIME types, Object Classes IDs and interfaces IDs (for OLE, COM/DCOM and ActiveX), to the installed applications or DLLs that may be handling these types on the local machine (still these associations are configurable for each user, see below), and a "Policies" subkey (also organized by vendor) for enforcing general usage policies on applications and system services (including the primal certificates store used for authenticating, authorizing or disallowing remote systems or services running exterior the local network domain).
• The "HKLM\SOFTWARE\Wow6432Node" key is used past 32-bit applications on a 64-bit Windows OS, and is equivalent to simply split from "HKLM\SOFTWARE". The key path is transparently presented to 32-flake applications by WoW64 equally HKLM\SOFTWARE^[12] (in a similar style that 32-bit applications encounter %SystemRoot%\Syswow64 as %SystemRoot%\System32)

HKEY_CLASSES_ROOT (HKCR) [edit]

Abbreviated HKCR, HKEY_CLASSES_ROOT contains data almost registered applications, such as file associations and OLE Object Class IDs, tying them to the applications used to handle these items. On Windows 2000 and in a higher place, HKCR is a compilation of user-based HKCU\Software\Classes and car-based HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes takes precedence.^[xiii] The pattern allows for either automobile- or user-specific registration of COM objects.

HKEY_USERS (HKU) [edit]

Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user contour actively loaded on the motorcar, though user hives are unremarkably only loaded for currently logged-in users.

HKEY_CURRENT_USER (HKCU) [edit]

Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user.^[14] The HKEY_CURRENT_USER key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is attainable in both locations. The specific subkey referenced is "(HKU)\(SID)\..." where (SID) corresponds to the Windows SID; if the "(HKCU)" key has the following suffix "(HKCU)\Software\Classes\..." and so information technology corresponds to "(HKU)\(SID)_CLASSES\..." i.due east. the suffix has the string "_CLASSES" is appended to the (SID).

On Windows NT systems, each user'south settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT within their own Documents and Settings subfolder (or their own Users sub folder in Windows Vista and above). Settings in this hive follow users with a roaming profile from machine to machine.

HKEY_PERFORMANCE_DATA [edit]

This primal provides runtime information into functioning data provided by either the NT kernel itself, or running system drivers, programs and services that provide functioning information. This key is not stored in any hive and not displayed in the Registry Editor, but it is visible through the registry functions in the Windows API, or in a simplified view via the Performance tab of the Task Manager (only for a few operation data on the local organization) or via more advanced control panels (such as the Performances Monitor or the Performances Analyzer which allows collecting and logging these data, including from remote systems).

HKEY_DYN_DATA [edit]

This fundamental is used only on Windows 95, Windows 98 and Windows ME.^[15] It contains information about hardware devices, including Plug and Play and network performance statistics. The data in this hive is too not stored on the difficult drive. The Plug and Play information is gathered and configured at startup and is stored in retentivity.^[16]

Hives [edit]

Even though the registry presents itself as an integrated hierarchical database, branches of the registry are actually stored in a number of disk files chosen hives.^[17] (The word hive constitutes an in-joke.)^[eighteen]

Some hives are volatile and are not stored on disk at all. An example of this is the hive of the branch starting at HKLM\HARDWARE. This hive records information near arrangement hardware and is created each time the arrangement boots and performs hardware detection.

Individual settings for users on a system are stored in a hive (disk file) per user. During user login, the system loads the user hive nether the HKEY_USERS central and sets the HKCU (HKEY_CURRENT_USER) symbolic reference to betoken to the electric current user. This allows applications to shop/recall settings for the current user implicitly under the HKCU key.

Not all hives are loaded at any i time. At kicking time, only a minimal ready of hives are loaded, and after that, hives are loaded as the operating system initializes and every bit users log in or whenever a hive is explicitly loaded past an application.

File locations [edit]

The registry is physically stored in several files, which are more often than not obfuscated from the user-mode APIs used to manipulate the data inside the registry. Depending upon the version of Windows, in that location will be different files and dissimilar locations for these files, only they are all on the local machine. The location for system registry files in Windows NT is %SystemRoot%\System32\Config; the user-specific HKEY_CURRENT_USER user registry hive is stored in Ntuser.dat within the user profile. There is one of these per user; if a user has a roaming profile, and so this file volition exist copied to and from a server at logout and login respectively. A second user-specific registry file named UsrClass.dat contains COM registry entries and does not roam by default.

Windows NT [edit]

Windows NT systems store the registry in a binary file format which can be exported, loaded and unloaded by the Registry Editor in these operating systems. The following system registry files are stored in %SystemRoot%\System32\Config\:

• Sam – HKEY_LOCAL_MACHINE\SAM
• Security – HKEY_LOCAL_MACHINE\SECURITY
• Software – HKEY_LOCAL_MACHINE\SOFTWARE
• System – HKEY_LOCAL_MACHINE\Organisation
• Default – HKEY_USERS\.DEFAULT
• Userdiff – Not associated with a hive. Used only when upgrading operating systems.^[19]

The following file is stored in each user's profile folder:

• %USERPROFILE%\Ntuser.dat – HKEY_USERS\<User SID> (linked to by HKEY_CURRENT_USER)

For Windows 2000, Server 2003 and Windows XP, the following additional user-specific file is used for file associations and COM information:

• %USERPROFILE%\Local Settings\Application Data\Microsoft\Windows\Usrclass.dat (path is localized) – HKEY_USERS\<User SID>_Classes (HKEY_CURRENT_USER\Software\Classes)

For Windows Vista and later, the path was inverse to:

• %USERPROFILE%\AppData\Local\Microsoft\Windows\Usrclass.dat (path is not localized) alias %LocalAppData%\Microsoft\Windows\Usrclass.dat – HKEY_USERS\<User SID>_Classes (HKEY_CURRENT_USER\Software\Classes)

Windows 2000 keeps an alternate copy of the registry hives (.ALT) and attempts to switch to it when abuse is detected.^[twenty] Windows XP and Windows Server 2003 do not maintain a System.alt hive because NTLDR on those versions of Windows can process the System.log file to bring upwardly to date a System hive that has go inconsistent during a shutdown or crash. In addition, the %SystemRoot%\Repair binder contains a copy of the arrangement's registry hives that were created after installation and the offset successful startup of Windows.

Each registry data file has an associated file with a ".log" extension that acts as a transaction log that is used to ensure that any interrupted updates tin can be completed upon next startup.^[21] Internally, Registry files are split into 4 kB "bins" that contain collections of "cells".^[21]

Windows 9x [edit]

The registry files are stored in the %WINDIR% directory under the names USER.DAT and SYSTEM.DAT with the addition of CLASSES.DAT in Windows ME. Also, each user profile (if profiles are enabled) has its own USER.DAT file which is located in the user's profile directory in %WINDIR%\Profiles\<Username>\.

Windows iii.11 [edit]

The but registry file is called REG.DAT and it is stored in the %WINDIR% directory.

Windows ten Mobile [edit]

Note: To access the registry files, the Phone needs to be ready in a special fashion using either:

• WpInternals ( Put the mobile device into flash mode. )
• InterOp Tools ( mount the MainOS Partitioning with MTP. )

If whatever of higher up Methods worked - The Device Registry Files tin can exist constitute in the following location:

          {Phone}\EFIESP\Windows\System32\config        

Note: InterOp Tools likewise includes a registry editor.

Editing [edit]

Registry editors [edit]

The registry contains important configuration information for the operating arrangement, for installed applications as well as private settings for each user and application. A careless alter to the operating organisation configuration in the registry could cause irreversible damage, so it is usually only installer programs which perform changes to the registry database during installation/configuration and removal. If a user wants to edit the registry manually, Microsoft recommends that a backup of the registry be performed before the change.^[22] When a plan is removed from control panel, it may non be completely removed and, in case of errors or glitches caused by references to missing programs, the user might have to manually bank check inside directories such as program files. After this, the user might need to manually remove any reference to the uninstalled program in the registry. This is ordinarily done by using RegEdit.exe.^[23] Editing the registry is sometimes necessary when working around Windows-specific issues due east.g. problems when logging onto a domain can be resolved by editing the registry.^[24]

Windows Registry can exist edited manually using programs such equally RegEdit.exe, although these tools do not betrayal some of the registry'south metadata such as the final modified date.

The registry editor for the iii.1/95 series of operating systems is RegEdit.exe and for Windows NT it is RegEdt32.exe; the functionalities are merged in Windows XP. Optional and/or third-party tools similar to RegEdit.exe are available for many Windows CE versions.

Registry Editor allows users to perform the following functions:

• Creating, manipulating, renaming^[25] and deleting registry keys, subkeys, values and value data
• Importing and exporting .REG files, exporting data in the binary hive format
• Loading, manipulating and unloading registry hive format files (Windows NT systems merely)
• Setting permissions based on ACLs (Windows NT systems only)
• Bookmarking user-selected registry keys as Favorites
• Finding particular strings in key names, value names and value information
• Remotely editing the registry on another networked computer

.REG files [edit]

.REG files (also known as Registration entries) are text-based human-readable files for exporting and importing portions of the registry using a INI-based syntax. On Windows 2000 and after, they contain the cord Windows Registry Editor Version 5.00 at the beginning and are Unicode-based. On Windows 9x and NT 4.0 systems, they contain the cord REGEDIT4 and are ANSI-based.^[26] Windows 9x format .REG files are compatible with Windows 2000 and afterward. The Registry Editor on Windows on these systems also supports exporting .REG files in Windows 9x/NT format. Data is stored in .REG files using the post-obit syntax:^[26]

                        [<Hive proper noun>\<Key proper noun>\<Subkey name>]            "Value name"            =            <Value type>:<Value data>          

The Default Value of a central can be edited past using "@" instead of "Value Name":

                        [<Hive name>\<Central name>\<Subkey proper noun>]            @            =            <Value blazon>:<Value data>          

String values do non require a <Value type> (encounter example), only backslashes ('\') need to be written as a double-backslash ('\\'), and quotes ('"') as backslash-quote ('\"').

For example, to add the values "Value A", "Value B", "Value C", "Value D", "Value East", "Value F", "Value G", "Value H", "Value I", "Value J", "Value One thousand", "Value L", and "Value M" to the HKLM\SOFTWARE\Foobar key:

            Windows Registry Editor Version five.00            [            HKEY_LOCAL_MACHINE            \SOFTWARE\Foobar]            "Value A"            =            "<Cord value data with escape characters>"            "Value B"            =            hex:<Binary information (as comma-delimited list of hexadecimal values)>            "Value C"            =            dword:<DWORD value integer>            "Value D"            =            hex(0):<REG_NONE (as comma-delimited list of hexadecimal values)>            "Value Eastward"            =            hex(1):<REG_SZ (as comma-delimited list of hexadecimal values representing a UTF-16LE NUL-terminated string)>            "Value F"            =            hex(2):<Expandable string value data (as comma-delimited list of hexadecimal values representing a UTF-16LE NUL-terminated string)>            "Value Grand"            =            hex(three):<Binary data (as comma-delimited list of hexadecimal values)> ; equal to "Value B"            "Value H"            =            hex(4):<DWORD value (as comma-delimited listing of 4 hexadecimal values, in little endian byte order)>            "Value I"            =            hex(5):<DWORD value (every bit comma-delimited list of four hexadecimal values, in big endian byte club)>            "Value J"            =            hex(7):<Multi-string value data (as comma-delimited list of hexadecimal values representing UTF-16LE NUL-terminated strings)>            "Value K"            =            hex(8):<REG_RESOURCE_LIST (as comma-delimited list of hexadecimal values)>            "Value 50"            =            hex(a):<REG_RESOURCE_REQUIREMENTS_LIST (as comma-delimited list of hexadecimal values)>            "Value M"            =            hex(b):<QWORD value (equally comma-delimited list of 8 hexadecimal values, in piffling endian byte order)>          

Data from .REG files can be added/merged with the registry by double-clicking these files or using the /southward switch in the command line. REG files tin also be used to remove registry information.

To remove a key (and all subkeys, values and information), the primal proper name must exist preceded by a minus sign ("-").^[26]

For case, to remove the HKLM\SOFTWARE\Foobar key (and all subkeys, values and data),

                        [            -            HKEY_LOCAL_MACHINE            \SOFTWARE\Foobar]          

To remove a value (and its data), the values to be removed must accept a minus sign ("-") afterward the equal sign ("=").^[26]

For example, to remove merely the "Value A" and "Value B" values (and their data) from the HKLM\SOFTWARE\Foobar primal:

                        [            HKEY_LOCAL_MACHINE            \SOFTWARE\Foobar]            "Value A"            =-            "Value B"            =-          

To remove only the Default value of the key HKLM\SOFTWARE\Foobar (and its information):

                        [            HKEY_LOCAL_MACHINE            \SOFTWARE\Foobar]            @            =-          

Lines beginning with a semicolon are considered comments:

                        ; This is a comment. This can be placed in whatsoever part of a .reg file            [            HKEY_LOCAL_MACHINE            \SOFTWARE\Foobar]            "Value"            =            "Example string"          

Group policies [edit]

Windows group policies tin modify registry keys for a number of machines or individual users based on policies. When a policy first takes event for a machine or for an individual user of a machine, the registry settings specified every bit part of the policy are applied to the car or user settings.

Windows will likewise expect for updated policies and apply them periodically, typically every 90 minutes.^[27]

Through its telescopic a policy defines which machines and/or users the policy is to exist applied to. Whether a car or user is within the scope of a policy or not is divers by a set of rules which tin filter on the location of the machine or user account in organizational directory, specific users or machine accounts or security groups. More than advanced rules can be set using Windows Management Instrumentation expressions. Such rules can filter on backdrop such as computer vendor name, CPU compages, installed software, or networks connected to.

For instance, the administrator can create a policy with one set of registry settings for machines in the accounting section and policy with another (lock-down) set of registry settings for kiosk terminals in the visitors area. When a machine is moved from ane scope to some other (due east.grand. irresolute its proper name or moving information technology to some other organizational unit), the correct policy is automatically applied. When a policy is changed it is automatically re-applied to all machines currently in its scope.

The policy is edited through a number of administrative templates which provides a user interface for picking and changing settings. The set of administrative templates is extensible and software packages which support such remote administration tin register their own templates.

Command line editing [edit]

reg

Developer(due south)	Microsoft
Operating system	Microsoft Windows
Type	Command
License	Proprietary commercial software
Website	docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg

regini

Programmer(due south)	Microsoft
Operating system	Microsoft Windows
Type	Control
License	Proprietary commercial software
Website	docs.microsoft.com/en-usa/windows-server/assistants/windows-commands/regini

The registry tin be manipulated in a number of ways from the command line. The Reg.exe and RegIni.exe utility tools are included in Windows XP and later on versions of Windows. Alternative locations for legacy versions of Windows include the Resource Kit CDs or the original Installation CD of Windows.

Also, a .REG file can be imported from the command line with the post-obit command:

RegEdit.exe /due south          file        

The /s ways the file will be silent merged to the registry. If the /s parameter is omitted the user will exist asked to confirm the performance. In Windows 98, Windows 95 and at least some configurations of Windows XP the /s switch besides causes RegEdit.exe to ignore the setting in the registry that allows administrators to disable it. When using the /south switch RegEdit.exe does non render an appropriate return code if the operation fails, different Reg.exe which does.

RegEdit.exe /e          file        

exports the whole registry in V5 format to a UNICODE .REG file, while whatever of

RegEdit.exe /e          file          HKEY_CLASSES_ROOT[\<key>] RegEdit.exe /due east          file          HKEY_CURRENT_CONFIG[\<key>] RegEdit.exe /east          file          HKEY_CURRENT_USER[\<primal>] RegEdit.exe /e          file          HKEY_LOCAL_MACHINE[\<key>] RegEdit.exe /eastward          file          HKEY_USERS[\<key>]        

export the specified (sub)central (which has to be enclosed in quotes if it contains spaces) merely.

RegEdit.exe /a          file        

exports the whole registry in V4 format to an ANSI .REG file.

RegEdit.exe /a          file          <key>        

exports the specified (sub)key (which has to exist enclosed in quotes if it contains spaces) only.

It is too possible to utilize Reg.exe. Here is a sample to display the value of the registry value Version:

                        Reg.exe            QUERY            HKLM\Software\Microsoft\ResKit            /v            Version          

Other command line options include a VBScript or JScript together with CScript, WMI or WMIC.exe and Windows PowerShell.

Registry permissions tin can be manipulated through the control line using RegIni.exe and the SubInACL.exe tool. For example, the permissions on the HKEY_LOCAL_MACHINE\SOFTWARE fundamental tin can exist displayed using:

                        SubInACL.exe            /keyreg            HKEY_LOCAL_MACHINE\SOFTWARE            /display          

PowerShell commands and scripts [edit]

Using PowerShell to navigate the registry

Windows PowerShell comes with a registry provider which presents the registry as a location type similar to the file system. The aforementioned commands used to manipulate files and directories in the file system tin can exist used to manipulate keys and values of the registry.^[28]

Besides similar the file organisation, PowerShell uses the concept of a current location which defines the context on which commands by default operate. The Get-ChildItem (also available through the aliases ls, dir or gci) retrieves the kid keys of the current location. By using the Prepare-Location (or the alias cd) command the user tin can change the current location to another fundamental of the registry.^[28] Commands which rename items, remove items, create new items or ready content of items or properties tin can exist used to rename keys, remove keys or entire sub-trees or change values.

Through PowerShell scripts files, an administrator tin can gear up scripts which, when executed, make changes to the registry. Such scripts can exist distributed to administrators who can execute them on individual machines. The PowerShell Registry provider supports transactions, i.eastward. multiple changes to the registry can be bundled into a single atomic transaction. An diminutive transaction ensures that either all of the changes are committed to the database, or if the script fails, none of the changes are committed to the database.^{[28] [29]}

Programs or scripts [edit]

The registry can exist edited through the APIs of the Advanced Windows 32 Base API Library (advapi32.dll).^[30] List of registry API functions:

• RegCloseKey
• RegConnectRegistry
• RegCreateKey
• RegCreateKeyEx
• RegDeleteKey
• RegDeleteValue
• RegEnumKey
• RegEnumKeyEx
• RegEnumValue
• RegFlushKey
• RegGetKeySecurity
• RegLoadKey
• RegNotifyChangeKeyValue
• RegOpenKey
• RegOpenKeyEx
• RegQueryInfoKey
• RegQueryMultipleValues
• RegQueryValue
• RegQueryValueEx
• RegReplaceKey
• RegRestoreKey
• RegSaveKey
• RegSetKeySecurity
• RegSetValue
• RegSetValueEx
• RegUnLoadKey

Many programming languages offering built-in runtime library functions or classes that wrap the underlying Windows APIs and thereby enable programs to store settings in the registry (e.thou. Microsoft.Win32.Registry in VB.Net and C#, or TRegistry in Delphi and Costless Pascal). COM-enabled applications like Visual Basic vi tin can apply the WSH WScript.Shell object. Another mode is to use the Windows Resource Kit Tool, Reg.exe past executing it from code,^[31] although this is considered poor programming practice.

Similarly, scripting languages such as Perl (with Win32::TieRegistry), Python (with winreg), TCL (which comes bundled with the registry package),^[32] Windows Powershell and Windows Scripting Host as well enable registry editing from scripts.

Offline editing [edit]

The offreg.dll^[33] bachelor from the Windows Driver Kit offers a gear up of APIs for the cosmos and manipulation of currently non loaded registry hives similar to those provided by advapi32.dll.

It is also possible to edit the registry (hives) of an offline organisation from Windows PE or Linux (in the latter case using open source tools).

COM self-registration [edit]

Prior to the introduction of registration-free COM, developers were encouraged to add initialization code to in-process and out-of-process binaries to perform the registry configuration required for that object to work. For in-process binaries such as .DLL and .OCX files, the modules typically exported a function called DllInstall()^[34] that could be called by installation programs or invoked manually with utilities like Regsvr32.exe;^[35] out-of-process binaries typically support the commandline arguments /Regserver and /Unregserver that created or deleted the required registry settings.^[36] COM applications that break because of DLL Hell issues can commonly be repaired with RegSvr32.exe or the /RegServer switch without having to re-invoke installation programs.^[37]

Advanced functionality [edit]

Windows exposes APIs that allows user-style applications to annals to receive a notification result if a particular registry central is inverse.^[38] APIs are also available to permit kernel-manner applications to filter and alter registry calls fabricated by other applications.^[39]

Windows likewise supports remote admission to the registry of another figurer via the RegConnectRegistry function^[forty] if the Remote Registry service is running, correctly configured and its network traffic is not firewalled.^[41]

Security [edit]

Each key in the registry of Windows NT versions can have an associated security descriptor. The security descriptor contains an access control listing (ACL) that describes which user groups or individual users are granted or denied access permissions. The prepare of registry permissions include 10 rights/permissions which can be explicitly allowed or denied to a user or a group of users.

Registry permissions

Permission	Clarification
Query Value	The right to read the registry key value.
Set Value	The right to write a new value
Create Subkey	The right to create subkeys.
Enumerate Subkeys	Permit the enumeration of subkeys.
Notify	The right to request change notifications for registry keys or subkeys.
Create Link	Reserved by the operating system.
Delete	The right to delete a key.
Write DACL	The right to alter permissions of the container's DACL.
Write Owner	The correct to change the container's owner.
Read Control	The right to read the DACL.

As with other securable objects in the operating organization, individual access control entries (ACE) on the security descriptor tin can exist explicit or inherited from a parent object.^[42]

Windows Resource Protection is a feature of Windows Vista and later on versions of Windows that uses security to deny Administrators and the organization WRITE access to some sensitive keys to protect the integrity of the system from malware and accidental modification.^[43]

Special ACEs on the security descriptor can also implement mandatory integrity command for the registry primal and subkeys. A procedure running at a lower integrity level cannot write, modify or delete a registry key/value, even if the account of the process has otherwise been granted access through the ACL. For instance, Cyberspace Explorer running in Protected Mode tin can read medium and low integrity registry keys/values of the currently logged on user, merely it tin but modify low integrity keys.^[44]

Outside security, registry keys cannot be deleted or edited due to other causes. Registry keys containing NUL characters cannot be deleted with standard registry editors and crave a special utility for deletion, such as RegDelNull.^{[45] [46]}

Backups and recovery [edit]

Different editions of Windows have supported a number of unlike methods to back upwardly and restore the registry over the years, some of which are at present deprecated:

• Arrangement Restore can back up the registry and restore it as long equally Windows is bootable, or from the Windows Recovery Environment (starting with Windows Vista).
• NTBackup can back up the registry equally part of the Organisation State and restore information technology. Automatic Organization Recovery in Windows XP tin also restore the registry.
• On Windows NT, the Terminal Known Good Configuration option in startup menu relinks the HKLM\SYSTEM\CurrentControlSet key, which stores hardware and device driver information.
• Windows 98 and Windows ME include command line (Scanreg.exe) and GUI (Scanregw.exe) registry checker tools to check and fix the integrity of the registry, create up to v automatic regular backups by default and restore them manually or whenever abuse is detected.^[47] The registry checker tool backs upwards the registry, by default, to %Windir%\Sysbckup Scanreg.exe tin can besides run from MS-DOS.^[48]
• The Windows 95 CD-ROM included an Emergency Recovery Utility (ERU.exe) and a Configuration Backup Tool (Cfgback.exe) to back up and restore the registry. Additionally Windows 95 backs up the registry to the files organisation.da0 and user.da0 on every successful kicking.
• Windows NT 4.0 included RDISK.EXE, a utility to support and restore the entire registry.^[49]
• Windows 2000 Resources Kit contained an unsupported pair of utilities called Regback.exe and RegRest.exe for fill-in and recovery of the registry.^[50]
• Periodic automatic backups of the registry are now disabled by default on Windows x May 2019 Update (version 1903). Microsoft recommends System Restore be used instead.^[51]

Policy [edit]

Grouping policy [edit]

Windows 2000 and later versions of Windows utilise Group Policy to enforce registry settings through a registry-specific client extension in the Grouping Policy processing engine.^[52] Policy may be applied locally to a single computer using gpedit.msc, or to multiple users and/or computers in a domain using gpmc.msc.

Legacy systems [edit]

With Windows 95, Windows 98, Windows ME and Windows NT 4.0, administrators can utilize a special file to be merged into the registry, called a policy file (POLICY.POL). The policy file allows administrators to prevent not-administrator users from irresolute registry settings like, for instance, the security level of Internet Explorer and the desktop groundwork wallpaper. The policy file is primarily used in a business with a large number of computers where the business needs to exist protected from rogue or careless users.

The default extension for the policy file is .POL. The policy file filters the settings it enforces by user and past group (a "grouping" is a divers set of users). To do that the policy file merges into the registry, preventing users from circumventing information technology by only irresolute back the settings. The policy file is usually distributed through a LAN, simply can be placed on the local figurer.

The policy file is created by a costless tool by Microsoft that goes past the filename poledit.exe for Windows 95/Windows 98 and with a calculator management module for Windows NT. The editor requires administrative permissions to exist run on systems that uses permissions. The editor can likewise directly change the current registry settings of the local computer and if the remote registry service is installed and started on another computer it can also change the registry on that computer. The policy editor loads the settings information technology can change from .ADM files, of which one is included, that contains the settings the Windows shell provides. The .ADM file is plain text and supports piece of cake localisation by assuasive all the strings to exist stored in one place.

Virtualization [edit]

INI file virtualization [edit]

Windows NT kernels support redirection of INI file-related APIs into a virtual file in a registry location such as HKEY_CURRENT_USER using a feature chosen "InifileMapping".^[53] This functionality was introduced to allow legacy applications written for xvi-bit versions of Windows to exist able to run under Windows NT platforms on which the Organization folder is no longer considered an appropriate location for user-specific data or configuration. Non-compliant 32-bit applications can besides be redirected in this style, even though the feature was originally intended for 16-chip applications.

Registry virtualization [edit]

Windows Vista introduced limited registry virtualization, whereby poorly written applications that do non respect the principle of least privilege and instead try to write user data to a read-but system location (such as the HKEY_LOCAL_MACHINE hive), are silently redirected to a more appropriate location, without irresolute the application itself.

Similarly, application virtualization redirects all of an application'south invalid registry operations to a location such every bit a file. Used together with file virtualization, this allows applications to run on a machine without being installed on information technology.

Low integrity processes may also use registry virtualization. For example, Internet Explorer vii or 8 running in "Protected Fashion" on Windows Vista and above volition automatically redirect registry writes past ActiveX controls to a sandboxed location in order to frustrate some classes of security exploits.

The Awarding Compatibility Toolkit^[54] provides shims that tin can transparently redirect HKEY_LOCAL_MACHINE or HKEY_CLASSES_ROOT Registry operations to HKEY_CURRENT_USER to address "LUA" bugs that cause applications not to work for users with bereft rights.

Disadvantages [edit]

Critics labeled the registry in Windows 95 a single point of failure, considering re-installation of the operating arrangement was required if the registry became corrupt.^{[ citation needed ]} Notwithstanding, Windows NT uses transaction logs to protect against abuse during updates. Current versions of Windows employ two levels of log files to ensure integrity even in the case of power failure or similar catastrophic events during database updates.^[55] Fifty-fifty in the case of a non-recoverable error, Windows tin repair or re-initialize damaged registry entries during system kicking.^[55]

Equivalents and alternatives [edit]

In Windows, use of the registry for storing programme data is a affair of programmer'due south discretion. Microsoft provides programming interfaces for storing data in XML files (via MSXML) or database files (via SQL Server Compact) which developers tin can utilize instead. Developers are as well free to utilize non-Microsoft alternatives or develop their own proprietary data stores.

In contrast to Windows Registry's binary-based database model, some other operating systems use separate plain-text files for daemon and application configuration, just group these configurations together for ease of direction.

• In Unix-like operating systems (including Linux) that follow the Filesystem Bureaucracy Standard, system-wide configuration files (information similar to what would appear in HKEY_LOCAL_MACHINE on Windows) are traditionally stored in files in /etc/ and its subdirectories, or sometimes in /usr/local/etc. Per-user information (data that would be roughly equivalent to that in HKEY_CURRENT_USER) is stored in subconscious directories and files (that start with a catamenia/full stop) within the user'south domicile directory. However XDG-compliant applications should refer to the surroundings variables defined in the Base Directory specification.^[56]
• In macOS, arrangement-wide configuration files are typically stored in the /Library/ folder, whereas per-user configuration files are stored in the corresponding ~/Library/ binder in the user'due south home directory, and configuration files ready past the organisation are in /System/Library/. Within these respective directories, an application typically stores a holding list file in the Preferences/ sub-directory.
• RISC OS (non to be confused with MIPS RISC/os) uses directories for configuration data, which allows applications to exist copied into application directories, as opposed to the split up installation procedure that typifies Windows applications; this arroyo is too used on the ROX Desktop for Linux.^[57] This directory-based configuration also makes information technology possible to use different versions of the same awarding, since the configuration is done "on the wing".^[58] If one wishes to remove the application, it is possible to but delete the folder belonging to the application.^{[59] [60]} This will often not remove configuration settings which are stored independently from the application, usually within the figurer's !Boot construction, in !Boot.Choices or potentially anywhere on a network fileserver. Information technology is possible to re-create installed programs between computers running RISC Bone by copying the application directories belonging to the programs, however some programs may require re-installing, e.grand. when shared files are placed outside an application directory.^[58]
• IBM AIX (a Unix variant) uses a registry component called Object Data Director (ODM). The ODM is used to store information almost system and device configuration. An extensive set of tools and utilities provides users with means of extending, checking, correcting the ODM database. The ODM stores its information in several files, default location is /etc/objrepos.
• The GNOME desktop environment uses a registry-similar interface called dconf for storing configuration settings for the desktop and applications.
• The Elektra Initiative provides alternative back-ends for various dissimilar text configuration files.
• While not an operating system, the Vino compatibility layer, which allows Windows software to run on a Unix-similar organization, also employs a Windows-like registry as text files in the WINEPREFIX folder: system.reg (HKEY_LOCAL_MACHINE), user.reg (HKEY_CURRENT_USER) and userdef.reg.^[61]

See besides [edit]

• Registry cleaner
• Application virtualization
• LogParser – SQL-like querying of various types of log files
• List of Beat out Icon Overlay Identifiers
• Ransomware assault that uses Registry

Notes [edit]

1. ^ When applications fail to execute considering they request more than privileges than they require (and are denied those privileges), this is known as a limited user application (LUA) bug.

Footnotes [edit]

1. ^ Esposito, Dino (November 2000). "Windows 2000 Registry: Latest Features and APIs Provide the Power to Customize and Extend Your Apps". MSDN Magazine. Microsoft. Archived from the original on Apr xv, 2003. Retrieved July 19, 2007.
2. ^ ^{a b c} "The System Registry".
3. ^ "Windows 95 Architecture Components". www.microsoft.com. Archived from the original on February 7, 2008. Retrieved April 29, 2008. The following table shows other difficulties or limitations acquired by using .INI files that are overcome by using the Registry.
4. ^ Hipson 2002, p. 5, 41–43.
5. ^ Richter, Jeffrey; Nasarre, Christophe (2008). Windows Via C/C++ (5th ed.). Microsoft Press. ISBN9780735642461 . Retrieved August 28, 2021.
6. ^ Raymond Chen, "Why practise registry keys accept a default value?"
7. ^ Hipson 2002, pp. 207, 513–514.
8. ^ Hipson 2002, pp. 520–521.
9. ^ Hipson 2002, p. 7.
10. ^ "Designed for Windows XP Application Specification". Microsoft. August 20, 2002. Retrieved April 8, 2009.
11. ^ "HKEY_LOCAL_MACHINE". Gautam. 2009. Retrieved April 8, 2009.
12. ^ "Registry Keys Afflicted past WOW64 (Windows)". Msdn.microsoft.com. Retrieved Apr 10, 2014.
13. ^ "Description of the Microsoft Windows registry". Retrieved September 25, 2008.
14. ^ "HKEY_CURRENT_USER". Microsoft. 2009. Retrieved April 8, 2009.
15. ^ "Description of the HKEY_DYN_DATA Registry Key in Windows 95, Windows 98, and Windows 98 SE". support.microsoft.com.
16. ^ "A Closer Look at HKEY_DYN_DATA". rinet.ru. Archived from the original on May ix, 2008.
17. ^ "Registry hives". Retrieved July 19, 2007.
18. ^ Chen, Raymond (August 8, 2011). "Why is a registry file called a "hive"?". The Onetime New Thing. Retrieved July 29, 2011.
19. ^ "Overview of the Windows NT Registry". Retrieved December 2, 2011.
20. ^ "Inside the Registry". Retrieved December 28, 2007.
21. ^ ^{a b} Norris, Peter (Feb 2009). "The Internal Structure of the Windows Registry" (PDF). Cranfield Academy. Archived from the original (PDF) on May 29, 2009.
22. ^ "Incorrect Icons Displayed for .ico Files". Nov xv, 2009. Retrieved March 31, 2012.
23. ^ "How to Completely Uninstall / Remove a Software Programme in Windows without using 3rd Party Software? - AskVG". www.askvg.com.
24. ^ "Yous may receive a "STOP 0x00000035 NO_MORE_IRP_STACK_LOCATIONS" error message when you try to log on to a domain". October 9, 2011. Retrieved March 31, 2012. This folio tells the user to edit the registry when resolving the issue.
25. ^ key renaming is implemented as removal and add while retaining subkeys/values, as the underlying APIs practise non support the rename function directly
26. ^ ^{a b c d} "How to add, change, or delete registry subkeys and values by using a .reg file". support.microsoft.com.
27. ^ "Applying Grouping Policy". Microsoft.
28. ^ ^{a b c} Payette, Bruce; Siddaway, Richard (2018). Windows PowerShell in Activity (Third ed.). Manning Publications. pp. vii–eight, 24, 608, 708–710. ISBN9781633430297 . Retrieved Baronial 28, 2021.
29. ^ Warner, Timothy L. (May 2015). Windows PowerShell in 24 Hours, Sams Teach Yourself. Sams Publishing. p. xix, 211. ISBN9780134049359 . Retrieved August 28, 2021.
30. ^ "Reading and Writing Registry Values with Visual Bones". Retrieved July 19, 2007.
31. ^ "REG control in Windows XP". Retrieved July nineteen, 2007.
32. ^ "registry manual page – Tcl Bundled Packages". www.tcl.tk . Retrieved December xiv, 2017.
33. ^ "Offline Registry Library". Retrieved June iv, 2014.
34. ^ "DllInstall Function". Microsoft. March 7, 2012. Retrieved March 22, 2012.
35. ^ "Regsvr32". Microsoft. Retrieved March 22, 2012.
36. ^ "How to: Register Automation Servers". Microsoft. Retrieved March 22, 2012.
37. ^ "How to re-annals PowerPoint 2000, PowerPoint 2003, PowerPoint 2007 and PowerPoint 2010". Microsoft. Jan 2012. Retrieved March 22, 2012.
38. ^ "RegNotifyChangeKeyValue function". Microsoft.
39. ^ "Registering for Notifications". Microsoft.
40. ^ "RegConnectRegistry part". Microsoft.
41. ^ "How to Manage Remote Admission to the Registry". Microsoft.
42. ^ Gibson, Darril (June 28, 2011). "Affiliate 4: Securing Access with Permissions". Microsoft Windows security : essentials. Indianapolis, Ind.: Wiley. ISBN978-1-118-01684-8.
43. ^ "Application Compatibility: Windows Resources Protection (WRP)". Microsoft. Retrieved August 8, 2012.
44. ^ Marc Silbey, Peter Brundrett. "Understanding and Working in Protected Mode Internet Explorer". Retrieved Baronial 8, 2012.
45. ^ "RegDelNull v1.1". November 1, 2006. Retrieved August 8, 2012.
46. ^ "Unable to delete certain registry keys – Error while deleting cardinal". March 23, 2010. Retrieved August viii, 2012. Microsoft Support page.
47. ^ "Clarification of the Windows Registry Checker Tool (Scanreg.exe)".
48. ^ "Command-Line Switches for the Registry Checker Tool".
49. ^ "How To Backup, Edit, and Restore the Registry in Windows NT 4.0". support.microsoft.com.
50. ^ "Technical Reference to the Registry: Related Resources". Microsoft. Retrieved September 9, 2011.
51. ^ "Microsoft Kills Automated Registry Backups in Windows 10". ExtremeTech . Retrieved July 1, 2019.
52. ^ "How Core Grouping Policy Works". Microsoft. September ii, 2009. Retrieved August thirteen, 2012.
53. ^ "Affiliate 26 – Initialization Files and the Registry". Microsoft. Retrieved March 3, 2008.
54. ^ "Microsoft Application Compatibility Toolkit 5.0". Microsoft. Retrieved July 26, 2008.
55. ^ ^{a b} Ionescu, Mark Russinovich, David A. Solomon, Alex (2012). "Registry Internals". Windows internals (6th ed.). Redmond, Wash.: Microsoft Press. ISBN978-0-7356-4873-9.
56. ^ "XDG Base Directory Specification". standards.freedesktop.org.
57. ^ "Application directories". Archived from the original on May 27, 2012. Retrieved May 17, 2012.
58. ^ ^{a b} "Instance Studies Of The Top 132 Annoyances With Operating Systems Other Than RISC Os". Retrieved April three, 2012. Page from the riscos.com website. Mentioned in points 82 and 104.
59. ^ "RISC Bone tour". Retrieved July nineteen, 2007.
60. ^ "The RISC OS Products Directory". November ii, 2006. Archived from the original on February 19, 2007. Retrieved April 1, 2012.
61. ^ 3.ii. Using the Registry and Regedit (Wine User Guide)

References [edit]

• Hipson, Peter (2002). Mastering Windows XP Registry. Wiley. ISBN0-7821-2987-0 . Retrieved Baronial 28, 2021.
• Russinovich, Mark E.; Solomon, David A. (2005). Microsoft Windows Internals (4th ed.). Microsoft Press. pp. 183–236. ISBN978-0-7356-1917-3.

External links [edit]

• Windows Registry info & reference in the MSDN Library

When A User Logs Into Windows, What Registry Key Is Created?,

Source: https://en.wikipedia.org/wiki/Windows_Registry

Posted by: terrytherend.blogspot.com

Share this post