Windows Registry Tutorial
This article explains how to use the Windows Registry. The Registry is the central storehouse for all settings for the Windows operating systems. This includes hardware configuration, file associations, and control panel settings. Many other programs will also store settings in the registry.
Accessing the Registry
To examine and modify the registry, use the regedit.exe program that is located in the operating system directory.
To open regedit.exe, follow this procedure:
1. Open the Start Menu.
2. Choose "Run".
3. Enter "regedit" and press Enter.
To open regedit.exe, follow this procedure:
1. Open the Start Menu.
2. Choose "Run".
3. Enter "regedit" and press Enter.
Structure
The registry is made up of "Keys". Each key is like the branch of a tree. Each key has one parent key, and zero or more child keys. Each key can contain zero or more "Values", each of which contains a single piece of data.
To make navigating the registry a bit easier, you can think of the registry's construction like your hard drives.
Hard drive <-> Registry
Folders <-> Keys
Files <-> Values
The registry contains 6 main keys:
To make navigating the registry a bit easier, you can think of the registry's construction like your hard drives.
Hard drive <-> Registry
Folders <-> Keys
Files <-> Values
The registry contains 6 main keys:
- HKEY_CLASSES_ROOT ---- Contains information on file types, including which programs are used to open a particular file type.
- HKEY_CURRENT_USER ---- Contains user-specific settings that are built from information in the HKEY_USERS key during the logon process.
- HKEY_LOCAL_MACHINE ---- Contains computer specific information including installed hardware and software. This is the one users tend to spend the most time in.
- HKEY_USERS ---- Contains information (generic and user-specific) about all the users who log on to the computer. The generic settings are available to all users who log on to the computer. The information is made up of default settings for programs, desktop configurations, and so on. This key contains subkeys for each user that logs on to the computer.
- HKEY_CURRENT_CONFIG ---- Contains information about the computer's hardware configuration .
- HKEY_DYN_DATA ---- Contains real-time performance statistics on the computer's hardware.
HKEY_LOCAL_MACHINE (HKLM)
Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are specific to the local computer.[11]
The key located by HKLM is actually not stored on disk, but maintained in memory by the system kernel in order to map there all other subkeys. Applications cannot create any additional subkeys. On NT-based versions of Windows, this key contains four subkeys, "SAM", "SECURITY", "SYSTEM", and "SOFTWARE", that are loaded at boot time within their respective files located in the %SystemRoot%/System32/config folder. A fifth subkey, "HARDWARE", is volatile and is created dynamically, and as such is not stored in a file (it exposes a view of all the currently detected Plug-n-Play devices). On Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7, a sixth subkey is mapped in memory by the kernel and populated from boot configuration data (BCD).
- The "HKLM/SAM" key usually appears as empty for most users (unless they are granted access by administrators of the local system or administrators of domains managing the local system). It is used to reference all "Security and Accounts Management" (SAM) databases for all domains into which the local system has been administratively authorized or configured (including the local domain of the running system, whose SAM database is stored a subkey also named "SAM": other subkeys will be created as needed, one for each supplementary domain). Each SAM database contains all builtin accounts (mostly group aliases) and configured accounts (users, groups and their aliases, including guest accounts and administrator accounts) created and configured on the respective domain, for each account in that domain, it notably contains the user name which can be used to log on that domain, the internal unique user identifier in the domain, their cryptographically hashed password on that domain, the location of storage of their user registry hive, various status flags (for example if the account can be enumerated and be visible in the logon prompt screen), and the list of domains (including the local domain) into which the account was configured.
- The "HKLM/SECURITY" key usually appears empty for most users (unless they are granted access by users with administrative privileges) and is linked to the Security database of the domain into which the current user is logged on (if the user is logged on the local system domain, this key will be linked to the registry hive stored by the local machine and managed by local system administrators or by the builtin "System" account and Windows installers). The kernel will access it to read and enforce the security policy applicable to the current user and all applications or operations executed by this user. It also contains a "SAM" subkey which is dynamically linked to the SAM database of the domain onto which the current user is logged on.
- The "HKLM/SYSTEM" key is normally only writable by users with administrative privileges on the local system. It contains information about the Windows system setup, data for the secure random number generator (RNG), the list of currently mounted devices containing a filesystem, several numbered "HKLM/SYSTEM/Control Sets" containing alternative configurations for system hardware drivers and services running on the local system (including the currently used one and a backup), a "HKLM/SYSTEM/Select" subkey containing the status of these Control Sets, and a "HKLM/SYSTEM/CurrentControlSet" which is dynamically linked at boot time to the Control Set which is currently used on the local system. Each configured Control Set contains:
- a "Enum" subkey enumerating all known Plug-and-Play devices and associating them with installed system drivers (and storing the device-specific configurations of these drivers),
- a "Services" subkey listing all installed system drivers (with non device-specific configuration, and the enumeration of devices for which they are instanciated) and all programs running as services (how and when they can be automatically started),
- a "Control" subkey organizing the various hardware drivers and programs running as services and all other system-wide configuration,
- a "Hardware Profiles" subkey enumerating the various profiles that have been tuned (each one with "System" or "Software" settings used to modify the default profile, either in system drivers and services or in the applications) as well as the "Hardware Profiles/Current" subkey which is dynamically linked to one of these profiles.
- The "HKLM/SOFTWARE" subkey contains software and Windows settings (in the default hardware profile). It is mostly modified by application and system installers. It is organized by software vendor (with a subkey for each), but also contains a "Windows" subkey for some settings of the Windows user interface, a "Classes" subkey containing all registered associations from file extensions, MIME types, Object Classes IDs and interfaces IDs (for OLE, COM/DCOM and ActiveX), to the installed applications or DLLs that may be handling these types on the local machine (however these associations are configurable for each user, see below), and a "Policies" subkey (also organized by vendor) for enforcing general usage policies on applications and system services (including the central certificates store used for authentifying, authorizing or disallowing remote systems or services running outside of the local network domain).
扫一扫
414
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
