The Registry: Backups, Repairs, and Protection

The Windows registry is one of the most important aspects of any Windows PC. Although it has a complex structure, its main aim is to give the operating system’s code a somewhat easier user interface where changes can be made easily. The entries in the registry are in simple English, and all functions can be changed with software built in Windows XP.

The registry gives the user infinite possibilities for changing the look, feel and operation of Windows, but improper editing can result in damaging the system. If malicious software is installed, it can be difficult to remove.

This article will reveal the structure of the registry as well as how to backup, protect and restore it. By the end, you will discover what you can achieve by editing the registry.

What is the registry?

The registry contains all the configuration data of Windows XP, and the programs that are installed. All the information the system handles is here and can be accessed by opening a single menu.

The registry shows all the variables of the system such as: what font the text should have, what size, how many icons are on the desktop, what is the default browser, mail client etc. Here you can access the hidden areas of Windows.

 Viewing the registry with REGEDIT 

Viewing and editing the registry in done with the help of a simple tool called Regedit.

Before you start editing make sure you make a backup of the registry because improper edit can result in damaging the operating system.

 To start REGEDIT, go to the start menu, hit 'run' and type 'Regedit'

 

This is the main Regedit screen, with all the sub trees.

 A closer look at the XP registry

The Windows registry has five main areas. Each holds different information about the system.

HKEY_CLASSES_ROOT: this is the most difficult branch to edit. It contains internal functions like OLE (Object linking and embedding) and drag and drop. It also features the database for the file associations which determines what programs are opened by the system.

HKEY_CURRENT_USER: contains several configuration settings for the user that is currently logged. The applications that are custom to a certain user are stored here such as example if you change the default system font.

HKEY_LOCAL_MACHINE: It contains configuration settings and the software installed on the computer, independent of the users. Any change will be made for all the computers users. The SOFTWARE submenu of this branch contains configuration settings on all the installed software. Look into SOFTWARE \ Microsoft \ Windows \ CurrentVersion for other configuration options.

HKEY_USERS: it is similar to the CURRENT_USER. It contains information for all the users crated. Each user is identified by the SID number which is assigned to all the created users.

HKEY_CURRENT_CONFIG: this is responsible for hardware and software settings that apply for all the users, for a hardware profile. It is connected to HKEY_LOCAL_MACHINE

Inside each branch there are folders that represent keys, that hold sub keys and the values that make up the registry data.

 

Other Registry Values

REG_DWORD: the values used are a 4 byte number as data and represented in a hexadecimal format with the decimal part placed in brackets. The format is used to enter DWORD values which are usually used for “switch” values. The value is “0” for off and “1” for on. The DWORD is used with the “new” command.

REG_SZ: represents data as a string of characters. It is another of the most edited type of value and it can represent a word, a number, or the location of a file on the HDD.

REG_EXPAND_SZ: An application or a user input can place a value. A string that acts like a variable.

REG_MULTI_SZ: A string value that contains several values or lists.

REG_BINARY: Contains hardware information that is not to be usually changed by a user. Values are represented by binary data.

Editing the registry with REGEDIT

Here is a simple edit that will place the version of Windows XP on your desktop. Open the HKEY_CURRENT_USER, Then the CONTROL PANEL and after that open the sub key DESKTOP. You will see now a number of values in the right-hand pane. Scroll down and select PaintDesktopVesion Dword value. Double click and open the edit box.

Select the decimal option and in the value data write “1” and the OK. Any changes made here don’t need to be saved. Some will apply immediately, others after you reboot. After you restart the system the version number should appear on the desktop.

Often registry editing requires adding new keys, sub keys and values. To do this right click the location where you wish to make a change and select “new“  followed by the type of value or the key name.

Backing up Windows Registry Manually

Initial precautions: registry editing offers great possibilities that are not given by the user interface, but it can if done improperly cripple the operating system.

Thanks to Windows XP system restore features, restoring registry problems on your computer is now easier, but caution is advised and should only be done by expert users. Making a backup of the registry before you start editing is essential.

A manual backup creates a file of the registry information. If editing the registry damage the operating system, it can be rolled back to repair the system info file can now be stored on a removable disk such as floppy CD etc.

To back up the registry highlight “My computer” then open Regedit the file / export.

In this window you will have to enter the location where you want your export registry saved and select the file type. In the end check on the bottom the “all” button to backup the entire registry.

 

To backup the registry with “.reg” select the type and hit “save.”

Restoring with a “.reg” is very easy. You just have to find the location of the saved file right click it and hit “merge.” You can also save parts of the registry before you start editing by selecting the key and hitting “export.”

Another helpful file format is “hive.” It restores the registry to its state at the time of the backup, all changes made after the backup will be lost. Caution!! This may cause functioning problems to programs installed after the registry was altered.

Using Windows XP Backup           

Another method to backup the registry is use software built into Windows. By making a “system state” backup with the utility, a copy of the registry is made and can be restored using a backup utility. If you have Windows XP professional you can access the utility right away, while home edition users need the CD and go to  \Valueadd\msft\ntbackup and click : “NTBACKUP.MSI” file. This will install the wizard program.

Using Windows backup to backup the system state: open backup utility ('start\all programs\accessories\system tools\backup')

Select “backup wizard (advanced).” Skip to the welcome screen and select “only back up the system state data.”

The next step is to select the name and location for the backup file you want to create. The file will have the extension “.bkf.”

Verify the settings in the final screen and then select “finish” (this will begin the backup process.)

Backing up the system state data saves more then the registry; it also preserves crucial system configuration data.

Enabling System Restore

The system restore tool that is integrated in Windows XP can be used to roll back the system registry and system configuration to a previous point in time. It works by “capturing” your systems status at regular intervals. In order for it to work you need to be sure it is enabled. By default it is turned on by Windows, but some users may switch it off to save hard disc space.

To see if system restore is activated on your computer: right click on “My computer,” select “properties,” then the “system restore tab.”

Make sure that the “Turn off system restore on all drives “box is not checked and that the status is listed as “Monitoring.”

Repairing the registry

If an error was made while editing the registry, you will need to repair the registry. Usually you can restore a previous registry backup or use Windows XP’s built in system restore utility. You can still access the REGEDIT. Restoring a backup of your registry should solve the problems. Open REGEDIT, select file, and then import. Locate your registry backup (.reg or .hive you will need to change the “type of file” box) and open it. You will be asked for permission and then you will have to reboot.

However, problems can occur if malicious software has changed the registry to the point where the computer will no longer boot. In this case you will have to restore windows registry from outside the familiar Windows interface.

Restoring the Registry

If problems seem to be caused by entries in the registry by newly installed program or the improper removal of an application, restoring an earlier registry backup will not necessarily solve your issue, because this type of file will not overwrite newer registry entries. Therefore it is good to keep both .reg and .hive file backups.

Your next option will be to use the system restore utility. When enabled this hold general configuration information at regular intervals. Using this you will be able to chose from different “snapshots” and restore the registry to a certain point in time.

To use system restore:

Go to “start\all programs\accessories\system tools\system restore to begin. If you wish to make restore point manually, select “create restore point.”

If you select “restore my computer to an earlier time,” you will restore your PC to a specific point. With the help of the calendar, you can choose your desired restore point.

If your computer will not fully boot Windows XP you will be able to use system restore to a degree. You can use system restore in safe mode to restore saved points normally. To boot into safe mode press F8 quickly after you reboot and the Windows Advanced Options menu will appear. There select “Boot into safe mode.”

If you cannot boot into “Safe mode” you could still press F8 and select “restore to the last good configuration” which will restore windows to the last system restore point.

Restoring a system state backup

If you made a system backup with the XP backup utility, restoring this will revert your registry back to its state at the time of the backup. To do this, start the backup utility and select “restore wizard (advanced).” Now double click your backup file in the left hand pane, and then place a check next to “system state data.” Then hit next and finish.

Safe Registry Procedures

The windows registry is the key target for malicious software. If access to the registry is gained, programs can do almost anything from reinstalling themselves to making your system unbootable.

Here are a few steps to protecting your computer. The easiest way to get infected is through the internet. First let’s make your internet browser more secure.

Open Internet Explorer and go to 'tools\Internet options.' Click on the 'security' tab. On the top select “internet” zone and select to medium.

 

Click now in the bottom “custom level” and change the “navigate sub-frames for different domains” to “Prompt.” Now hit “ok” to activate the changes.

Now click the “content” tab. If there are any entries that you do not recognize, remove them. In fact, it's a good idea to remove all entries here. Anyone or any company with an entry here will be able to install software onto your system without requiring permission from a user.

Starter Registry Hacks

Select the “Advanced” tab scroll until you reach “enable install on demand.”

Uncheck this and disable registry remote access. This will prevent malicious user with a valid administrator account to modify the registry remotely.

Now right click on “my computer” the select manage, after that select services and applications and highlight “services.” In the right hand pane locate the “remote registry” service. Right click and hit properties. Shut down and disable the service. Remove the .reg file.

Malicious .reg files can gain direct access to your registry, via mail or websites, when you open them. To avoid this remove the association between .reg and the registry so that the only way to use .reg is with Regedit.

You can archive this by: going to Start\control panel\ appearances and themes\ folder options. Select the “file types” tab. Scroll until you find the REG entry, then select and hit “change.” Click the option “I will select a program from the list” and locate Notepad. Now all your reg files will be opened by Notepad.

Speeding up the Start Menu

Using the registry, you can reduce the time it takes the start menu to reveal its submenus:  Open REGEDIT and go to HKEY_CURRENT_USER\Control Panel\Desktop\

Edit the MenuShowDelay value. The default is 400; lower values will speed up the start menu. Do not use the “0” value. Experiment to judge which one suits your computer.

 

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

 

 

PcDocPro, 5715 Will Clayton, Suite #4611, Humble TX 77338
Copyright © 2008. All Rights Reserved.