It wasn't very long after I installed XP that I was messing around with the registry. I suspect you're probably going to be doing the same thing or else you wouldn't be in this area of the site. Before you make any changes, take the time to read over this section. It's pretty dry reading material, but it might save you from finding yourself with a putty colored box that just sits there doing nothing rather than firing up XP as you would expect.
There are two ways of working with the registry; software based and direct access. The software based method is generally considered to be safe, although a badly behaved piece of software that mangles the registry can make you doubt the wisdom of this statement. Anyone who has used a computer is familiar with the software based method of making changes. Control Panel is an excellent example. Make a change to one of the Control Panel settings and almost assuredly you have initiated a change within the registry. It's just that you are insulated by Control Panel from seeing what went on behind the scenes in the registry.
Directly accessing the registry is far more dangerous. There used to be two versions of Registry Editor, regedit and regedt32, but for XP they have been incorporated in Microsoft Registry Editor Version 5.1. Type either name in the [Run] box and Version 5.1 is what you're going to end up with. The only real disadvantage of not having regedt32 anymore is the lack of read-only mode in Version 5.1, but it just means you need to be careful not to make any unintended changes when browsing through the registry. And make sure you have a valid backup and restore point.
Frequent visitors to The Elder Geek sites are aware that I don't often recommend specific programs in my articles. On the occasions when I do recommend one it is because I personally use it on my system. If you are going to do any work in the registry I urge you to take a look at jv16 Power Tools by Macecraft. Included are the Registry Manager, Registry Cleaner, Registry Finder, Registry Find & Replace, and Registry Monitor as well as a number of other very useful system utilities.
How The Windows XP Registry is Structured
Open the Registry Editor [Fig. 01] using Start > Run and typing regedit in the Open: line and you'll see it's divided into two panes. Understanding Registry Editor is much easier if you think of the left pane as the Keys Pane and the right side as the Values Pane. In the left pane there are five (5) main divisions or root keys as shown below. I've inserted the root key abbreviations in red text behind each key.
Registry Editor uses a hierarchical structure similar to Windows Explorer but with one major difference. In Windows Explorer you have folders in both the left and right hand panes, but in Registry Editor there are never any folder icons in the right hand section. In Registry Editor the yellow folder icon really denotes a separate and distinct key. Since the right hand pane is reserved for values only there are no folders displayed in that pane.
Each of the five main keys can be expanded to reveal additional keys or what some refer to as sub-keys. Many sub-keys have sub-keys below them, in some cases the amount of sub-keys becoming almost unbelievably long, but in the same manner that Windows Explorer works, registry locations are defined by a path. Just remember that any reference to a registry location begins with one of the five root keys.
Notice at the bottom of Registry Editor that My Computer\HKEY_CLASSES_ROOT is displayed. This display will change as you navigate down through the registry structure; very handy for keeping track of where you are rather than having to scroll upward if the mind momentarily goes blank while you are editing.
Types of Registry Backups
It's critical that before you do any editing you make a backup of the current registry. The temptation to make 'one little change' without backing up is great. It can also be deadly. I speak from experience here, and most likely you're going to ignore this warning just like I did, but hopefully you'll be a little bit smarter than I was. That said, there are different ways of backing up so let's look at each one individually.
Backing up is simply exporting information from the registry into a file that is saved on your system. When you invoke the export function you are given a choice of different file types that can be saved.
Each one of the different file types above plays an important role in how the data you export is saved. Choosing the wrong type can give you unexpected results. Understanding each type and when to use it is essential.
Registration Files: The Registration Files option creates a .reg file. This is probably the most well known file format used for backing up the registry. The Registration File can be used in two ways. As a text file it can be read and edited using Notepad outside of Registry Editor. Once the changes have been made and saved, right clicking the file and using the [Merge] command adds the changed file back into the registry. If you make additions to the registry using regedit and then merge the previously saved Registration File, anything that you've added via regedit will not be removed, but changes you make to data using regedit that previously existed in the saved Registration File will be overwritten when it is merged.
Registry Hive Files: Unlike the Registration Files option above, the Registry Hive Files option creates a binary image of the selected registry key. The image file is not editable via Notepad nor can you view its contents using a text editor. However, what the Registry Hive Files format does is create an image perfect view of the selected key and allow you to import it back into the registry to ensure any problematic changes you made are eliminated.
Text Files: This option does just as the name suggests. It creates a text file containing the information in the selected key. It's most useful purpose is creating a record or snapshot of a key at a particular point in time that you can refer back to if necessary. It cannot be merged back into the registry like a Registration File.
Win9x/NT4 Registration Files: This option creates a .reg file in the same manner used by the Registration Files option. It's used by previous Windows versions and serves no purpose in XP unless you want to merge a key from XP into a previous version of Windows.
Considering the four choices above, the most effective and safest method of backing up the registry is to use the Registry Hive Files option. No matter what goes wrong in your editing, importing the image of the key will eliminate all changes, additions, or other things that might have occurred.
If you want to edit outside the confines of regedit, or if you are sure you want your additions to the registry to remain even if you have to merge, use Registration Files for your backup.
If you just want a copy of the key that can be referenced using a text editor, but want to eliminate any chance of the file being accidentally merged back into the registry, use Text Files.
The Actual Backup Process
The actual process of backing up the registry is quite simple once you've decided the file type for the backup and whether you want to back up an individual key or the entire registry. In the left hand pane of regedit, select the key to be backed up, right click and select [Export] to open the Export Registry File Property Sheet. From there, it's merely a matter of assigning the backup a descriptive filename and selecting the type of backup file you want based on the discussion above. To be on the safe side, it certainly wouldn't hurt to make a backup in both Registry Hive Files and Registration Files formats.
There are two notes you should be aware of regarding what can be backed up using specific file types.
If My Computer is selected in the left pane of regedit, you will not be allowed to make a backup using the Registry Hive Files format. This is equivalent to backing up the entire registry. XP requires you to use the System State backup in this instance. (Backing up the System State is discussed further down in this article)
If My Computer is selected in the left pane of regedit, you may select Registration Files as the backup file format but this is not the recommended method for a complete registry backup.
In the following sections I'm going to refer to this screen capture frequently to help illustrate the different methods of backup.
--Backing Up Individual Values--
Take a quick look at Fig. 03 and you'll note it displays the HKEY_CURRENT_USER\Control Panel\Desktop key. In the Values Pane you'll see the WaitToKillAppTimeout value that is currently set to 4000. It will be the subject of backing up individual values.
It's important to remember that the registry is really just a big compilation of data and settings that sits there waiting to be accessed by XP itself or by an installed application. By itself it does nothing. At first glance that may not seem to be of much importance, but it can be useful when you consider that the truly useful information in the registry is stored in the values. Look at the majority of registry edits and you'll see they involve changing values, not adding or removing keys. Combine that knowledge with the fact that XP or an application has to be programmed to access the values or else they are useless and that provides a quick, easy way to back up individual values.
Fig. 04 illustrates how the previous information is applied to backing up values of keys that might be modified. It's important to note that this section applies to values, not keys. For this example I have decided to modify the value of the string WaitToKillAppTimeout. The WaitToKillAppTimeout string value highlighted in red is the original string value with a value of 5000 that I'm going to modify. Once I modify the value I might forget what the original value was (5000) before I decide if the change I make is appropriate. To guard against the original value being forgotten, I've created the string value TEG_WaitToKillAppTimeout that's shown highlighted in green. For this tutorial I've used TEG_ before the real value name but you can use anything convenient. If your dog was named Fido, you might use Fido_ before the real value name.
Now, looking at the screen capture below, I can go back to the original string value (the one highlighted in red) and make the change to the new (4000) value. At this point the question is often asked why having the two values listed in the registry doesn't cause a conflict. Remember what was said previously; XP or an application has to be programmed to access the values or else they are useless. There is no application or part of XP that is programmed to look for a string value named TEG_WaitToKillAppTimeout so it can happily co-exist with WaitToKillAppTimeout, providing a journal or record of what changes have been made to the registry. For a more detailed record you can add a date to the prefix which might look like TEG08252003_WaitToKillAppTimeout that is shown highlighted in blue.
If the change doesn't work out all you have to do is reference the backed up entry (the one highlighted in green or blue) for the original value and change the value that was modified (the one in red) back to the original value. An easier way to revert back to the original value is to delete the modified string (the one in red) and then right click the backup strings (green or blue) and select Rename. Eliminate the prefix that was added to return the string to its original configuration.
If you do a lot of registry tweaking and modification of existing values this is an excellent method because it provides a visual record of any modifications that have been made to the registry values. Two months from now if I want to know if I made a modification to the WaitToKillAppTimeout value, all I have to do is open Registry Editor, navigate to the HKEY_CURRENT_USER\Control Panel\Desktop key and compare the WaitToKillAppTimeout with the backup entries. By using the dated prefix I can not only tell what change was made but what date it was modified. After the value modification has been tested you can go back and remove the new prefixed values that were created if it bothers you having them remain in the registry. I always leave them as a permanent record and have never noticed any problems or system performance penalty.
-- Backing Up Individual Keys --
Prefix Method
One of the first questions that always comes up after reading the previous section --Backing Up Individual Values-- is what happens if the prefix method is used to back up keys rather than just individual values. It's a good question and I'll go through another example to try and explain one possible scenario.
In the previous section we were working in the HKEY_CURRENT_USER\Control Panel\Desktop key so lets apply a prefix to the Desktop key and see what happens.
Open Fig. 06 to see HKEY_CURRENT_USER\Control Panel\Desktop before any changes are made. Note that HKEY_CURRENT_USER\Control Panel\Desktop also has a sub-key WindowMetrics.
Open Fig. 07 to see the change made to HKEY_CURRENT_USER\Control Panel\Desktop. Nothing has been altered other than adding the TEG_ prefix to the Desktop key. No changes were made to the sub-key WindowMetrics.
What do you think happened when the change was made and the user logged off and back on?
Open Fig. 08 and you'll see that XP automatically recreated the HKEY_CURRENT_USER\Control Panel\Desktop key that is shown with the green highlight. However, it's a far cry from what the original HKEY_CURRENT_USER\Control Panel\Desktop key looked like before it was modified to TEG_HKEY_CURRENT_USER\Control Panel\Desktop. There is only one entry in the Values Pane and that is Default, plus there is no sub-key for WindowMetrics. You can also see that the default Bliss background is also missing from the desktop.
Continue...............
No comments:
Post a Comment