• United States

Windows registry revelations

Apr 21, 20034 mins
Enterprise Applications

This week, we’ll be rampant with Windows registry revelations, so cry “havoc” and let loose the geeks of tech. . . .

So from the last two weeks of discussion we know about the logical and physical structure of the Windows registry. This week, we’ll be rampant with registry revelations, so cry “havoc” and let loose the geeks of tech. . . .

The sharp-eyed among you will have noticed in our last column that some hives were missing from the list of which files were used to store which hives. The reason is that some hives are volatile and don’t get saved – they are created and exist just for the life of a user session.


You can explore the registry using the RegEdit utility that comes with Windows (under NT and 2000 there’s also RegEdt32 with a different interface). You can fire up this puppy by going to Start | Run and then enter “regedit” to get access to your registry. You also can access registries on other machines if you have the privileges.

Note that under regedit you can export and import keys saved in files with the extension .REG. These files can be edited with any text editor but, once again, be very careful because if you carelessly edit a .REG file and load it into a registry you can destroy a PC in a heartbeat.

Locked down

All of which brings us to security: Without a security system to control access, the registry would be a disaster waiting to happen. So it will come as no surprise that registry keys and their values have permissions that can be set to determine who can view and edit them.

Choose any key and right click, then select “permissions.” You’ll see that there are 11 permissions that can be applied to a key, its subkeys, or the key and its subkeys. The permissions are Query Value, to read one of the key’s values; Set Value, to change a key value or create a new key value; Create Subkey, to create a new subkey under the current key; Enumerate Subkeys, to query the key for a list of its subkeys; Notify, to generate notification events via key changes and record the events in the system log; Create Link, to create a symbolic link to the key; Delete, to delete the key, one of its subkeys or one of its values; Write DAC, to change the security permissions of a key and its subkeys and values (DAC stands for Discretionary Access Control, a list controlled by the owner of an object that specifies the access specific users or groups can have to that object); and Read Control, to access the security permissions for the key.

Sometimes, programs will mess with your registry permission settings by accident, or one of the hive files will get corrupted and then everything goes to hell. If you can access the registry you can edit the permissions directly using regedit, but be careful! Set the wrong permissions and your day quickly will become even worse.

Useful tools

Microsoft supplies a number of tools for working with the registry, most of which are included in the company’s resource kits, but the majority of this software is unsupported. These tools cover functions that include testing, cleaning up, copying and so on. They are OK but not great. So, of course, third-party vendors got into the act: A tool that we really like for exploring and working with the registry is Resplendent Registrar from Resplendence Software Projects.

Resplendent Registrar works on Windows XP, 2000, NT, ME and 9x, and is the best replacement we’ve found for RegEdit or RegEdt32, the registry editors bundled with Windows.

Resplendent Registrar lets you create, delete, cut, paste, copy, compare, and move keys and values. A really cool feature lets you add comments to keys with the bookmark editor, and you can color-code bookmarked keys. Resplendent Registrar includes a registry monitor that tracks and logs registry activity and allows for restoring changes external applications made.

Another interesting and powerful feature is an option to defragment the registry, which removes unused space for registries under Windows XP, 2000 or NT. Defragging the registry can improve system and application performance. Sometimes it also can fix those weird problems we all run into and manage to fix but never know quite how we did it or why it was a problem in the first place. But we digress . . .

The proverbial bottom line is that Resplendent Registrar is an invaluable tool and for $45, very reasonably priced.

So we now have a pretty good grounding in the hows and whys of the registry. Next week, the what. Register your thoughts at


Mark Gibbs is an author, journalist, and man of mystery. His writing for Network World is widely considered to be vastly underpaid. For more than 30 years, Gibbs has consulted, lectured, and authored numerous articles and books about networking, information technology, and the social and political issues surrounding them. His complete bio can be found at

More from this author