Microsoft

Don't let the Windows NT Registry intimidate you

Don't avoid the Windows NT Registry out of fear. Become familiar with its operation, and you'll experience less anxiety the next time Registry changes are needed. In the second of two articles, Brien Posey digs deeper into the Registry's workings.


In last week’s article, ”Take control of the Windows NT Regisistry ,” we introduced the Registry Editor and explored the first two Registry keys: HKEY_CLASSES_ROOT and HKEY_CURRENT_USER. This week, we’ll pick up where we left off and discuss the remaining four keys.

HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE controls aspects that relate specifically to the physical computer and the software loaded on it. Because Windows NT is so strict about every aspect of your computer’s hardware, it should come as no surprise that this Registry key is much more complex than its Windows 9x counterpart.

The first subkey is the HARDWARE key. Although the HARDWARE subkey is of relatively little importance in Windows 9x, it’s absolutely crucial to Windows NT. Perhaps the most interesting section of the HARDWARE subkey is its RESOURCEMAP subkey, which holds configuration information for every hardware device in your system. As you can see in Figure A, such information is usually stored in binary format.

Figure A
The HKEY_LOCAL_MACHINE|HARDWARE|RESOURCEMAP subkey contains configuration information for every device in your system.


Another main section under HKEY_LOCAL_MACHINE is the SOFTWARE section. The SOFTWARE subkey contains information about most of the software that’s installed on your system. Keep in mind that only software designed for Windows NT or Windows 9x will make an entry into this section. Also, some simpler programs may not require Registry entries. As you can see in Figure B, programs that depend on Registry entries each have their own subkeys below HKEY_LOCAL_MACHINE|SOFTWARE. Some software manufacturers may rely on an additional subkey containing the name of the company. For example, Microsoft software places its Registry keys under HKEY_LOCAL_MACHINE|SOFTWARE|Microsoft.

Figure B
HKEY_LOCAL_MACHINE|SOFTWARE contains references to most programs.


If you look deeper into the SOFTWARE|Microsoft subkey, you’ll see that there’s an entry for Windows NT. The Windows NT subkey stores Registry entries relating to add-ons to the operating system. For example, in Figure C, you can see that the HKEY_LOCAL_MACHINE_SOFTWARE|Windows NT|CurrentVersion key contains information about which fonts and drivers are installed and about things such as network configurations, time zones, and port configurations.

Figure C
The HKEY_LOCAL_MACHINE|SOFTWARE|Microsoft|Windows NT|CurrentVersion key contains information about Windows NT’s configuration.


Another section of HKEY_LOCAL_MACHINE worth discussing is the SYSTEM subkey. Although everything under the SYSTEM subkey is critical to the operation of Windows NT, the area of most interest is usually the CurrentControlSet subkey, which contains several other subkeys.

The HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet|Control subkey stores crucial information such as the computer name and what to do in the event of a Blue Screen of Death. You can see a sample of a few of the subkeys found beneath Control in Figure D.

Figure D
The HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet|Control subkey contains critical operating system parameters.


Other areas of interest in the HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet key are the Enum and the Hardware Profiles subkeys. The Enum subkey contains configuration information that tells Windows NT how to respond when a program attempts to make a direct call to a device. The configuration information found in this section tells Windows NT to intercept the call and deal with it in a manner that won’t harm other programs. The Hardware Profiles section allows you to set up multiple hardware profiles. For example, you might create a docked and an undocked profile for a notebook computer.

The final subkey beneath CurrentControlSet is Services. This subkey contains information about Windows NT’s various services. The information found in subkeys beneath Services includes information such as the services’ location and startup type. You can see an example of the Services subkey in Figure E.

Figure E
The Services subkey contains information about Windows NT’s services.


HKEY_USERS
The HKEY_USERS key stores profiles for each user with an account that resides on the computer. When a user logs on, his or her settings are read from HKEY_USER and copied to HKEY_CURRENT_USER. Figure F shows an example of an HKEY_USERS key. Notice that the Registry uses each user’s SID number rather than the logon name for the name of the related key.

Figure F
The HKEY_USERS key stores the profile for any user with an account on the computer.


HKEY_CURRENT_CONFIG
The main purpose of the HKEY_CURRENT_CONFIG key is to store video and Internet settings. All of the aspects relating to a video card’s resolution and refresh rate are stored under this key.

You can find information about your Internet connection (but not the browser) under HKEY_CURRENT_CONFIG|SOFTWARE|Microsoft|Windows|
CurrentVersion|Internet Settings.

HKEY_DYN_DATA
The HKEY_DYN_DATA section is virtually nonexistent in Windows NT. In fact, it doesn’t exist in the REGEDT32 program, and although it is visible in the REGEDIT program, it’s inaccessible. In Windows 9x, this key controls some of the operating system’s low-level functions, such as PnP information and other device settings. However, in Windows NT, PnP doesn’t exist, and much of the other information normally stored in this key is stored beneath other keys instead.

Editor's Picks

Free Newsletters, In your Inbox