Registry Tips And Tricks

The Registry

DEFINITION: The Windows 9x/NT/2000/ME/XP Registry is a complex, unified, system wide,

continually referenced during operation database, used for centrally storing, locating, editing and
administering system, hardware, software and user configuration information, following a hierarchical
structure.

It was introduced to replace the text/ASCII based MS -DOS configuration (.BAT, .SYS) and MS
Windows initialization (.INI) files.

Structure of Registry in windows 9X is Different from that of Windows NT,2000 and XP.

Windows 95/98/ME :In these operating systems Registry is stored in these 5 files, with the Hidden,
Read-only attributes for write-protection purposes, usually located in the %WinDir% folder (default is
C:\Windows) .

 SYSTEM.DAT = stores persistent hardware and software settings related to the system it
resides on, contained in the (HKEY_CLASSES_ROOT = Windows 95 and 98 only) and
HKEY_LOCAL_MACHINE Hive keys.
 USER.DAT = stores user specific and software settings contained in the
HKEY_CURRENT_USER Hive key. If more than one user, then multiple user profiles enable
each user to have their own separate USER.DAT file, located in %WinDir%\Profiles\
%UserName%. When a user logs on, Windows OS (down)loads both USER.DAT files: the
one from the local machine %WinDir% (global user settings), and the most recent one from
the local machine %WinDir%\Profiles\%UserName%, or from the central (host) server if user
profiles reside on a network (local user settings).
 CLASSES.DAT = stores persistent data contained in the HKEY_CLASSES_ROOT Hive key,
found only on Windows ME.
 SYSTEM.DA0 and USER.DA0 = automatically created backups of SYSTEM.DAT and
USER.DAT from the last successful Windows GUI startup, and found only on Windows 95

Windows NT/2000/XP :Registration Database is contained in these 5 files located in the

%SystemRoot%\System32\Config folder (default is C:\Winnt\System32\Config for Windows NT/2000
or C:\Windows\System32\Config for Windows XP):

 DEFAULT = stores the HKEY_USERS\.Default key.

 SAM = stores the HKEY_LOCAL_MACHINE\Sam key.
 SECURITY = stores the HKEY_LOCAL_MACHINE\Security key.
 SOFTWARE = stores the HKEY_LOCAL_MACHINE\Software key.
 SYSTEM = stores the HKEY_LOCAL_MACHINE\System key and the
HKEY_CURRENT_CONFIG Hive key,

these files located in the %SystemRoot%\Profiles\%UserName% folder:

 NTUSER.DAT and USRCLASS.DAT (Windows XP only) = store the

HKEY_CURRENT_USER Hive key,

Editing Registry

Always make sure that you know what you are doing when changing the registry or else just one little
mistake can crash the whole system. That's why it's always good to back it up!

To view the registry (or to back it up), you need to use the Registry Editor tool. There are two versions
of Registry Editor:
:To modify the Registry, you need to use a Registry Editor:

 Regedit.exe (Windows 95/98/ME/NT/2000/XP) = located in %WinBootDir% (%SystemRoot

%) has the most menu items and more choices for the menu items. You can search for keys
and subkeys in the registry.
 Regedt32.exe (Windows NT/2000/XP) = located in %SystemRoot%\System32,enables you
to search for strings, values, keys, and subkeys. This feature is useful if you want to find
specific data.

Registry Structure

For ease of use, the Registry is divided into five separate structures that represent the Registry
database in its entirety. These five groups are known as Keys, and are discussed below:

HKEY_CURRENT_USER
This registry key contains the configuration information for the user that is currently logged in. The
users folders, screen colors, and control panel settings are stored here. This information is known as
a User Profile.

HKEY_USERS
In windowsNT 3.5x, user profiles were stored locally (by default) in the systemroot\system32\config
directory. In NT4.0, they are stored in the systemroot\profiles directory. User-Specific information is
kept there, as well as common, system wide user information.

HKEY_LOCAL_MACHINE
This key contains configuration information particular to the computer. This information is stored in the
systemroot\system32\config directory as persistent operating system files, with the exception of the
volatile hardware key.

HKEY_CLASSES_ROOT
The information stored here is used to open the correct application when a file is opened by using
Explorer and for Object Linking and Embedding. It is actually a window that reflects information from
the HKEY_LOCAL_MACHINE\Software subkey.

HKEY_CURRENT_CONFIG
The information contained in this key is to configure settings such as the software and device drivers
to load or the display resolution to use. This key has a software and system subkeys, which keep
track of configuration information.

REG Files

.REG file, which can be in:

 plain text/ASCII format in Windows 95/98/ME and NT/2000/XP or

 binary format in Windows 2000/XP.

Text .REG files can be easily viewed/created/edited by hand using any text/ASCII editor, like
Notepad

Their purpose is to add, modify or delete Registry (Sub)Keys and/or Values.

Writing .Reg Files

1.) Header line: this FIRST line is mandatory. MUST contain only these exact words (case sensitive =
character capitalization required!):
  REGEDIT4 = for Windows 95/98/ME and NT 4.0 or
 Windows Registry Editor Version 5.00 = for Windows 2000/XP.
This is the only way Windows OS can recognize, validate and run a .REG file.

2.) Empty (blank) line: this second line is optional. Similar to inserting a carriage return (CR).

3.) Remarked (comment) line(s): optional. MUST begin with a semicolon (;) which may be followed
by a space (optional). May be inserted anywhere in the .REG file, but NOT before the header, which
MUST be present as FIRST line.

4.)(Sub)Key line: MUST be preceded and terminated by square parenthesis ([]). (Sub)Key name
MUST start with the Hive Key name (left end) and MUST contain entire Subkey pathway leading to
the current Subkey name (right end). Consecutive (Sub)Key names MUST be separated by SINGLE
backslash marks (\).
(Sub)Key names not present in the Registry will be automatically created when the REG file is
merged into the Registry. Exception: new Hive (Root) Keys can be created ONLY in Windows
NT4/2000/XP, but NOT in Windows 95/98/ME.

5.) Value line: MUST contain these elements in this exact order:

 Value name: MUST be preceded and terminated by quotation marks ("").

 Equal mark (=): separates Value name from Value type.
 Value type: MUST be specified (Dword [REG_DWORD], Binary [REG_BINARY], etc) if Value
type other than String [REG_SZ].
 Colon mark (:): MUST exist if Value type other than String.
 Value data: MUST be in the same format as defined by Value type: text/ASCII,
Unicode/ANSI, (alpha)numeric (decimal, hexadecimal or binary) etc. MUST be preceded and
terminated by quotation marks ("") ONLY IF Value type is String.
Value Data syntax

 String Value [REG_SZ] (API Code 1):

"ValueName"="ValueData"
Value Data is expressed here in Unicode or ANSI formats: simple text/ASCII,
expanded or extended.

 Dword Value [REG_DWORD] (API Code 4):

"ValueName"=ValueType:ValueData
Value Data is expressed here in Double WORD (4 bytes = 32 bits) formats: decimal,
hexadecimal or binary.

o Large Binary (hex) Value (any Binary Value API Code):

"ValueName"=ValueType(API Code):ValueData,ValueData,\
ValueData,ValueData

Large Values can span onto more than one line. Each line (except the last one) is
terminated by a comma (,) followed by a SINGLE backslash mark (\). Consecutive
lines are separated by carriage returns (CR).

Separators and delimiters used in REG files on path name lines to separate drive letters, directory
(folder) names and file names, or used on command line parameters lines etc... MUST be typed as
DOUBLE backslash marks (\\).

6.) Empty (blank) line: this LAST line is mandatory for proper operation. Similar to inserting a
carriage return (CR) at the end of file.

This is how a generic text/ASCII .REG file looks like:

-----Begin cut ∓ paste here-----

REGEDIT4
; Comment line:
[HKEY_KEY_NAME\SubkeyName1\SubKeyName2]
; String Value format:
"ValueName"="ValueData"
; Dword or Binary Value format:
"ValueName"=ValueType:ValueData

------End cut ∓ paste here------

Example of actual .REG file:

-----Begin cut ∓ paste here-----

REGEDIT4
; First Value below displays MS Windows version:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
; String Value format:
"Version"="Windows ME"
; Dword Value format:
"CacheWriteDelay"=dword:00000320
; Binary Value format:
"OldWinVer"=hex:00

------End cut ∓ paste here------

Backup / Restore the Registry

To Backup/Restore the Windows Registry: Windows 9x

1. If you are in MSDOS, at the C:\Windows prompt type

2. Attrib -s -r -h C:\Windows\System.dat (press Enter)
3. Attrib -s -r -h C:\Windows\User.dat (press Enter)

To make the backup copies type:

1. copy C:\Windows\System.dat C:\Windows\System.000 (press Enter)

2. copy C:\Windows\User.dat C:\Windows\user.000 (press Enter)

To Restore the Registry

1. copy C:\Windows\System.000 C:\Windows\System.dat (press Enter)

2. copy C:\Windows\User.000 C:\Windows\user.dat (press Enter)

Add Open With to all files

You can add "Open With..." to the Right click context menu of all files.This is great for when you have
several programs you want to open the same file types with. I use three different text editors so I
added it to the ".txt" key.

1. Open RegEdit
2. Go to HKEY_CLASSES_ROOT\*\Shell
3. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new
4. Set the (Default) to "Op&en With..."
5. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting new
6. Set the (Default) to "C:\Windows\rundll32.exe shell32.dll,OpenAs_RunDLL %1", C:\ being your
Windows drive. You must enter the "OpenAs_RunDLL %1" exactly this way.

Customize the System Tray

You can add your name or anything you like that consists of 8 characters or less. This will replace the
AM or PM next to the system time. But you can corrupt some trial licenses of software that you may
have downloaded.

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Control Panel\International
3. Add two new String values, "s1159" and "s2359"
4. Right click the new value name and modify. Enter anything you like up to 8 characters.

If you enter two different values when modifying, you can have the system tray display the two
different values in the AM and PM.

Lock Out Unwanted Users

Want to keep people from accessing Windows, even as the default user? If you do not have a domain
do not attempt this.

1. Open RegEdit
2. Go to HKEY_LOCAL_MACHINE\Network\Logon
3. Create a dword value "MustBeValidated"
4. Set the value to 1
This forced logon can be bypassed in Safe Mode on Windows 9x

Disable the Outlook Express Splash Screen

You can make OutLook Express load quicker by disabling the splash screen:

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express
3. Add a string value "NoSplash"
4. Set the value data to 1 as a Dword value

Multiple Columns For the Start Menu

To make Windows use multiple Start Menu Columns instead of a single scrolling column, like
Windows 9x had, Also if you are using Classic Mode in XP

1. Open RegEdit
2. Go to the key
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
3. Create a string value "StartMenuScrollPrograms"
4. Right click the new string value and select modify
5. Set the value to "FALSE"

Changing Windows' Icons

You can change the Icons Windows uses for folders, the Start Menu, opened and closed folder in the
Explorer, and many more.

1. Open RegEdit
2. Go to
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Icons
3. Add a string value for each Icon you wish to change.
Example: "3" ="C:\Windows\Icons\MyIcon.ico,0" This will change the closed folders in the Explorer to
"MyIcon.ico". Here is a complete list for each value.

14= Network Hub 28= Shared

0= Unknown file type 15= My Computer 29= Shortcut Arrow
1= MSN file types 16= Printer 30= (Unknown Overlay)
2= Applications Generic 17= Network Neighborhood 31= Recycle Bin Empty
3= Closed Folder 18= Network Workgroup 32= Recycle Bin Full
4= Open Folder 19= Start Menu's Program Folders 33= Dial-up Network
5= 5.25" Drive 34= DeskTop
6= 3.25" Drive 20= Start Menu's Documents 35= Control Panel
7= Removable Drive 21= Start Menu's Setting 36= Start Menu's Programs
8= Hard Drive 22= Start Menu's Find
9= NetWork Drive 23= Start Menu's Help 37= Printer Folder
10= Network Drive Offline 24= Start Menu's Run 38= Fonts Folder
25= Start Menu's Suspend 39= Taskbar Icon
11= CD-ROM Drive 26= Start Menu's PC Undock 40= Audio CD
12= RAM Drive 27= Start Menu's Shutdown
13= Entire Network
You need to reboot after making changes. You may need to delete the hidden file ShellIconCache if
after rebooting the desired Icons are not displayed.

Change Default Folder Locations

You can change or delete the Windows mandatory locations of folder like My Documents:

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell
Folders
3. Change the desired folder location, My Documents is normally list as "Personal"
4. Open the Explorer and rename or create the folder you wish.

To change the desired location of the Program Files folder

1. Go to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
2. Change the value of "ProgramFiles", or "ProgramFilesDir"
Now when you install a new program it will default to the new location you have selected.

Change the Registered Change the User Information

You can change the Registered Owner or Registered Organization to anything you want even after
Windows is installed.

1) Open RegEdit
2) Got to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion.
3) Change the value of "RegisteredOrganization" or "RegisteredOwner", to what ever you want

Opening a DOS Window to either the Drive or Directory in Explorer

Add the following Registry Keys for a Directory:

HKEY_CLASSES_ROOT\Directory\shell\opennew
@="Dos Prompt in that Directory"

Disabling Drives in My Computer

This modification will remove all drives, local and network, from Explorer's view.

1. Go to run and type regedit and click ok.

2. You have reached registry editor.

3. Now navigate the following entries in the registry

HKey_Current_User \
Software \
Microsoft \
Windows \
Current Version \
Policies \
Explorer

4. Create a DWORD item and name it "NoDrives" (without the quotes)

5. Modify it's value to "3FFFFFF".

changing the tips of the day trick

Changing the Tips of the Day

1. Go to run and type regedit and click ok.

2. You have reached registry editor.

3. Now navigate the following entries in the registry

HKEY_LOCAL_MACHINE \
SOFTWARE \
Microsoft \
Windows \
CurrentVersion \
Explorer \
Tips

4. Now enter the tips you want to add or edit.

5. Restart the system for changes to take place.

changing registered owners name trick
Changing the Registered Owner and Organization

1. Go to run and type regedit and click ok.

2. You have reached registry editor.

3. Now navigate the following entries in the registry

HKEY_LOCAL_MACHINE /
SOFTWARE /
Microsoft /
Windows /
CurrentVersion

4. Modify the data for the 'Registered Owner' key or for 'Registered Organization.

5. Restart the system for changes to take place.

Enabling NumLock on by Default

To have numlock turned on for each user:

Start Regedit
Go to HKEY_CURRENT_USER\Control Panel\Keyboard\InitialKeyboardIndicators
Change the value from 0 to 2
Turn Numlock on manually
Log off and back on again.
For all users, make the same change to HKEY_USERS\.DEFAULT\Control Panel\Keyboard\
InitialKeyboardIndicators

Increasing File System Caching

To increase the amount of memory Windows will locked for I/O operations:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\Memory
Management
Edit the key IoPageLockLimit
4096 - 32megs of memory or less
8192 - 32+ megs of memory
16384 - 64+ megs of memory
32768 - 128+ megs of memory
65536 - 256+ megs of memory

Adding / Removing Additional Programs

By default, WindowsXP does not display all the programs you can add or remove.

To show this list:

Edit the \Windows\Inf\sysoc.inf file

In the Components section, simply remove the word hide.

This will leave two commas together (like on the rest of the items).
Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows
Components and the new items will be displayed.

[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp4 0ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7

Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7

Changing the Internet Explorer Title

Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
Enter what you want appear in the title bar

Automatically Ending Non-Responsive Tasks

Start Regedit
Go to HKEY_CURRENT_USER\Control Panel\Desktop\AutoEndTasks
Set the value to be 1
In the same section, change the WaitToKillAppTimeout to the number of milliseconds you want.

Increasing System Performance

If you have 512 megs or more of memory, you can increase system performance
by having the core system kept in memory.
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\Memory
Management\DisablePagingExecutive
Set the value to be 1
Reboot the computer

To turn off balloon tips in applications that support XP

Themes:
Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\
Create a DWORD value of EnableBalloonTips
Give it a value of 0
Disable the Remote Desktop Sharing (RDS) icon's menu
Disable the Remote Desktop Sharing (RDS) icon's menu

To Disable the Remote Desktop Sharing (RDS) icon's

menu:
Start Regedit
Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Conferencing \Mcpt
Create a new string value (Click on Edit > New > String Value).
Name the value Nx
Double-click on it and set it's value to 1
Close the registry
Now the menu options will be grayed out.

Disable Shared Documents

To disable the Shared Documents folder that shows up on

the network
Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \
Explorer \
Create a new DWORD Value
Give it the name NoSharedDocuments
Give it a value of 1
Log off or reboot

Show Hidden Devices

You can show hidden devices in the Device Manager. One way is by making a simple registry
change. The other is through a batch file.

Start Regedit
Go to HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Session Manager \
Environment
Create a string DEVMGR_SHOW_NONPRESENT_DEVICES
Give it a value of 1
Disable Passport Pop-Up
Normally, WindowsXP will prompt you 10 times that You Need a Passport to use WindowsXP Internet
communication features...

To disable this

Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ MessengerService
Edit the binary key PassportBalloon
Give it a value of 0A (0A 00 00 00)

Preventing Applications from Stealing the Focus

To prevent applications from stealing the focus from the window you are working

Start Regedit
Go to HKEY_CURRENT_USER \ Control Panel \ Desktop
Edit the key ForegroundLockTimeout
Give it a value of 00030d40

Creating a Password Recovery Disk

In case you forget your password, you can create a password recovery floppy disk beforehand to help
you out of this problem.

Single-click Start menu

Go to the Control Panel / User Accounts
Click the User Account
On the left hand side, click on Prevent forgotten password
You will need to know your password to create the disk.
If you don't remember your password sometime in the future, click on the green arrow like normal at
the login and you will be prompted to insert the password recover disk.

Renaming the Start Button

To rename the start button, you will need a hex editor.
My preference is UltraEdit

Copy the \windows\explore.exe file to a new name (e.g. explorer_1.exe)

With the hex editor, open that file and go to offset 412b6
You will see the word start with blanks between each letter
Edit it be any 5 characters or less
Save the file
Boot to DOS
Copy the existing c:\windows\explorer.exe to explorer.org
Copy explorer_1.exe to explorer.exe
You will also need to replace the explorer.exe in the c:\windows\system32\dllcache file as well with
the new one.
Note: If the partition is NTFS and you can't access the files from DOS:

Start Regedit
Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \
Winlogon.
Change the value of Shell from Explorer.exe to explorer_1.exe

Changing the Registered Owner

Start Regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
From there you can edit the name in the Registered Owner key

Enable / Disable the Task Manager

Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
Create the Dword value DisableTaskMgr
Give it a value of 0 to enable it
Give it a vaule of 1 to disable it