Understanding the registry

[Andy]

Not a question, just a Little Information.

Understandably, many people shy away from even looking at the Windows registry.

Here is a very small intro into the registry - and if you would like some more Information, I will be happy to continue.



The are five main keys (folders if you like to think of them that way)

HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG


HKEY_CLASSES_ROOT
Contains information used by programs for file associations and for sharing information.

HKEY_CURRENT_USER
Contains the settings and configuration for the current user.

HKEY_LOCAL_MACHINE
Contains the settings and configuration for all users.

HKEY_USERS
Contains the settings and configuration for all users on the computer,
the information in HKEY_CURRENT_USER is copied from this hive when the user logs in.

There is a sub key for each user account on your computer, these sub keys are called Hives.

HKEY_CURRENT_CONFIG
Contains the hardware information about the PC’s resources and configuration.


I will concentrate on two keys:
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER - sometimes abbreviated to HKCU.
You are safe to add / edit / delete your own made keys and values.
It is not safe to add / edit / delete keys and values not made by you (unless you know what they are there for, and
what values you can use).
You should have access to all keys / sub keys and values in HKEY_CURRENT_USER.

HKEY_LOCAL_MACHINE - sometimes abbreviated to HKLM.
You should take great care in here - as these keys and values have an effect on all users.
You will not be able to add / edit / delete keys and values unless you are an administrator.
You are safe to add / edit / delete your own made keys and values.
It is not safe to add / edit / delete keys and values not made by you (unless you know what they are there for, and
what values you can use).

I use the fact that HKEY_LOCAL_MACHINE is restricted to administratirs to check if the user running one of my
programs is actually an administrator by trying to write a test key and a value to
HKEY_LOCAL_MACHINE\SOFTWARE and then I try to read that test value back.

If it fails to read this new test value then the user is not an administrator as the key and value could not be created, if it is successful I know they are an administrator and I then delete this test key to tidy up.


My Golden Rules:
Do not change a key or any values (you did not create) unless you know what they are for and what are valid values.
You can always add / edit / delete your own made keys and values.
If you are going to change pre-existing keys / values not made by you, you should always backup the registry first
and do some research before making changes.
You can always just browse through the registry, you could be suprised at what you can find in there.