Beginners Guides: The Registry: Backups, Repairs, and Protection

Written on by Kay

Beginners Guides: The Registry: Backups, Repairs, and Protection

The Windows registry is one of the most important topics a personal computer can have. It is a complex structure , but despite this its main function is to give the operating system?s code a friendly face that could be easily understood. The entries in the registry are in simple English , and all functions can be changed with software built in Windows XP.

The registry gives the user infinite possibilities for changing the look , feel and operation of Windows , but the improper editing can result in damaging the system , and if a malicious program is installed removing it can be difficult.

This article will reveal the composition of the registry , as well as how to backup , protect and restore it. In the end you will see what you could easily achieve by editing the registry.

What is the registry ?

The registry contains all the configuration data of Windows XP , and the programs that are installed. All the information the system handles is here and can be accessed by opening a single menu.

The registry shows all the variables of the system like: what font the text should have,

what size , how many icons are on the desktop , what is the default browser and so on. Here you can access the hidden areas of Windows.

Viewing the registry with REGEDIT

Viewing and editing the registry in done with the help of a simple tool called Regedit.

Before you start editing make sure you make a backup of the registry because improper

edit ca can result in damaging the operating system.

To start REGEDIT, go to the start menu, hit ‘run’ and type ‘regedit‘.

This is the main regedit screen , with all the subtrees.

A closer look at the XP registry

The Windows registry has five main areas. Each holds different information about the system.

HKEY_CLASSES_ROOT: this is the most difficult branch to edit . It contains internal functions like OLE (Object linking and embedding) and drag and drop. It has also the database for the file associations which determines what programs are opened by double click by the system.

HKEY_CURRENT_USER: contains several configuration settings for the user that is currently logged. If you changed the desktop or the font the info will be stored here. The applications that are custom to a certain user are stored here.

HKEY_LOCAL_MACHINE: It contains configuration settings and the software installed on the computer , independent of the users. Any change will be made for all the computers users. The SOFTWRE submenu of this branch contains configuration settings on all the installed software. Look into SOFTWARE \ Microsoft \ Windows \ CurrentVersion for other configuration options.

HKEY_USERS: it is similar to the CURRENT_USER . It contains information for all the users crated. Each user is identified by the SID number which is assigned to all the created users.

HKEY_CURRENT_CONFIG: this is responsible for hardware and software settings that apply for all the users,for a hardware profile.It is connected to HKEY_LOCAL_MACHINE

Inside each branch there are folders that represent keys , that hold subkeys and the values that make up the registry data.

Other Registry Values

REG_DWORD: the values used are a 4 byte number as data , and represented in a hexadecimal format with the decimal part placed in brackets. The format is used to enter DWORD values which are usually used for switch values. The value is ’0′ for off and ’1′ for on. The DWORD is used with the ‘new’ command.

REG_SZ: this represent data as a string of characters. It is another of the most edited type of value and it can represent a word , a number ,or the location of a file on the HDD.

REG_EXPAND_SZ: An application or a user input can place a value. A string that acts like a variable.

REG_MULTI_SZ: A string value that contains several values or lists.

REG_BINARY: Contains hardware information that is not to be usually changed by an user. The values is represented by binary data.

Editing the registry with REGEDIT

Here is a simple edit that will place on your desktop the WINDOWS XP version number. Open the HKEY_CURRENT_USER , Then the CONTROL PANEL and after that open the subkey DESKTOP. You will see now a number of values in the right-hand pane. Scroll down and select PaintDesktopVesion Dword value. Double click and open the editing box.

Select the decimal option and in the value data write ’1′ and the OK.

Any changes made here don?t need to be saved. Some will apply immediately, others after you reboot. After you restart the system the version number should appear on the desktop.

Many registry editing requires adding new keys , subkeys and values. To do this right click the location where you wish to make a change and select ?new? followed by the type of value or the key name.

Backing up Windows Registry Manually

Initial precautions: registry editing offers great possibilities that are not given by the user interface , but it also gives access to cripple the operating system while rebooting.

Thanks to Windows XP system restore features , restoring registry problems on your computer is now easier , but making a backup of the registry before you start editing is still a good idea.

A manual backup creates a file of the registry information and if your editing damages the OS it will be rolled back to repair the mess. This info file can now be stored on a removable disk such as floppy CD etc.

To back up the registry highlight ?My computer? then open Regedit the file / export.

In this window you will have to enter the location where you want your export registry saved and select the file type. In the end check on the bottom the ?all? button to backup all the registry.

The easiest to use is ‘reg A .reg’ backup will copy over all the changes made in the registry leaving the ones changed after untouched. This means that backing up in the future will not affect installed software after the backup.

To backup the registry with ‘.reg’ select the type and hit ‘save’ .

Restoring with a ‘.reg’ is very easy. You just have to find the location of the saved file right click it and hit ‘merge.’  You can also save parts of the registry before you start editing by selecting the key and hitting ‘export.’

Another helpful file format is a ‘hive.’ It restores the registry to its state at the time of the backup , all changes made after the backup will be lost. Beware !! this may cause functioning problems to programs installed after the registry was saved. To save some sections do it like a ‘reg’ file.

Using Windows XP Backup

Another method to backup the registry is using Windows built in software. By making a ‘system state’ backup with the utility, a copy of the registry is made and can be restored using a backup utility. If you own a Windows XP professional you can access the utility right away , while home edition users need the CD and go to \Valueadd\msft\ntbackup and click : ?NTBACKUP.MSI? file. This will install the wizard program.

Using Windows backup to backup the system state : open backup utility (‘start\all programs\accessories\system tools\backup’)

Select ?backup wizard (advanced)?

Skip to the welcome screen and select ?only back up the system state data?.

The next step is to select the name and location for the backup file you want to create. The file will have the extension ‘bkf ‘

Verify the settings in the final screen and then select ‘finish’ (this will begin the backup process).

Backing up the system state data saves more then the registry ; it also preserves crucial system configuration data .

Enabling System Restore

The system restore tool that is integrated in Windows XP can be used to roll back the system registry and system configuration to a previous point in time. It works by ‘picturing’ your systems status at regular intervals. In order for it to work you need to be sure it is enabled. By default it is turned on by Windows , but many users turn it off because it takes a lot of space on the HDD.

To see if system restore is activated on your computer : right click on ‘My computer,’ select properties, then the system restore tab.

Make sure that the Turn off system restore on all drives box is not checked and that the status is listed ‘Monitoring.’

Repairing the registry

If you made a mistake while editing or you deleted a vital key or adding a value for example you will need to repair the registry. Usually you restore a previous registry backup or use Windows XP’s built in system restore utility.

The problems begin if a malicious software changed the registry to the point where the computer will not boot. In this case you will have to restore windows registry from outside the familiar Windows interface.

Now we will cover both problems. First you have made some changes to the registry but things are not working well. You can still access the REGEDIT. Restoring a backup of your registry should solve the problems.

Open REGEDIT, select file, then import. Locate your registry backup(.reg or .hive you will need to change the type of file box ) and open it. You will be asked for permission and then you will have to reboot. This will solve your problems.

Restoring the Registry

If problems seem to be caused by entries in the registry bay a new installed program or the improper removal of one , restoring an earlier registry backup will not necessarily solve your troubles , because this type of file will not overwrite newer registry entries. Therefore it is good to keep both .reg and .hive file backups.

Your next option will be to use the system restore utility. When enabled this hold general configuration information at regular intervals. Using this you will be able to chose from different ?snapshots? and restore the registry to a certain point in time.

To use system restore:

Go to ?start\all programs\accessories\system tools\system restore to begin. If you wish to make manually a restore point , select ?create restore point?.

If you select ‘restore my computer to an earlier time,’ you will restore your pc to a specific point , and then ,with the help of the calendar ,choose your desired restore date.

If your computer will not fully boot Windows XP you will be able to use system restore to a degree. You can use system restore in safe mode to restore saved points normally. To boot into safe mode press F8 quickly after you reboot and a the Windows Advanced Options menu will appear. There select ‘Boot into safe mode.’

If you cannot boot into ‘Safe mode’ you could still press F8 and select restore to the last good configuration which will restore windows to the last system restore point.

Restoring a system state backup

If you made a system state backup with the XP backup utility, restoring this will revert your registry back to its state at the time of the backup. To do this, start the backup utility and select restore wizard (advanced).Now double click your backup file in the left hand pane,then place a check next to ‘system state data.’ Then hit next and finish.

Safe Registry Procedures

The windows registry is one of the most targeted component for malicious software. If access to the registry is gained this programs can do almost anything from reinstalling themselves to making your system unbootable.

Here are a few steps to protecting your computer. The easiest way to get infected is through the internet. First let?s make your internet browser more secure.

Open Internet Explorer and go to ‘tools\Internet options.’ Click on the ‘security’ tab. On the top select ‘internet zone’ and select to medium.

Click now in the bottom ‘custom level’ and change the navigate sub-frames for different domains to Prompt. Now hit ‘ok’ to activate the changes.

Now click the ‘content’ tab. If there are any entries here that you do not recognize, remove them. In fact, it’s a good idea to remove all entries here. Anyone or any company with an entry here will be able to install software onto your system without requiring permission from a user.

Starter Registry Hacks

Select now ‘Advanced’ tab , scroll until you reach ?enable install on demand?.

Uncheck this and disable registry remote access. This will prevent malicious user with a valid administrator account to modify the registry remotely.

Now right click on ‘my computer’ the select manage , after that select services and applications and highlight ‘services.’ In the right hand pane locate the ‘remote registry’ service. Right click and hit properties. Shut down and disable the service. Remove the .reg file.

Malicious .reg files gain direct access to your registry, via mail or websites, when you open them. To avoid this remove the association between .reg and the registry so that the only way to use .reg is with Regedit.

You achive this by : going to Start\control panel\ appearances and themes\ folder options. Select the ‘file types’ tab. Scroll until you find the REG entry ,then select and hit ‘change.’ Click the option and it will select a program from the list and locate Notepad. Now all your reg files will be opened by Notepad.

Speeding up the Start Menu

Using the registry, you can reduce the time it takes the start menu to reveal its submenus: Open REGEDIT and go to HKEY_CURRENT_USER\Control Panel\Desktop\

Edit the MenuShowDelay value. The default is 400; lower values will speed up the start menu. Do not use the ’0′ value. experiment to see which one suits better your computer

Posted in The Registry

If you enjoyed this post Subscribe to our feed