Configuring the local registry

The Windows registry is the heart of the Windows 10 Operating System (OS). All of the settings are stored in the registry. The registry is a database that contains all of the Windows settings, installed software, device drivers, and many more settings. Without this registry, Windows 10 would not work.

You should take care when working with or editing the registry. An incorrect change in the registry can result in an unreliable OS, with a reinstallation of the OS as a solution. You should always create a backup of the registry before editing the registry.

To better handle the registry, we must understand the registry structure first.

Understanding the registry structure

The registry is organized hierarchically. At the top level, there are five registry hives. These five hives are DEFAULT, SAM, SECURITY, SOFTWARE, and SYSTEM. These five hives are a distinct collection of related settings that are structured as a series of keys, subkeys, and values. You can find the registry in C:\Windows\System32\Config. Inside this system folder, you will find several binary files that the registry uses.

The following screenshot will show you the binary files, as mentioned earlier, in the corresponding C:\Windows\System32\config folder:

Figure 6.1 - The binary files from the registry

The preceding screenshot shows the binary files and the hives they relate to in the registry, given as follows:

• The SAM binary file belongs to the HKEY_LOCAL_MACHINE\SAM hive.
• The SECURITY binary file belongs to the HKEY_LOCAL_MACINE\SECURITY hive.
• The SOFTWARE binary file belongs to the HKEY_LOCAL_MACINE\SOFTWARE hive.
• The SYSTEM binary file belongs to the HKEY_LOCAL_MACINE\SYSTEM hive.
• The DEFAULT binary file belongs to the HKEY_USERS\.DEFAULT hive.

  Important Note

  The SAM file is used to store the users' passwords. There is also the USERDIFF binary file. This file is used only for Windows upgrades and will not be visible on some Windows 10 installations.

The vast majority of changes to the registry are made automatically by Windows whenever you install an application or change a setting inside an application, by using the Settings app or the Control Panel.

Now that we have understood the registry structure, let's move on to understanding the Registry Editor.

Understanding the Registry Editor

With the built-in Registry Editor, you can view, search, and modify the registry. Some common tasks that you can perform using the Registry Editor are as follows:

• Search the registry for keys and values.
• Create, delete, and modify keys and values.
• Import registry entries from the .REG files.
• Export registry entries into the .REG files.
• Back up the registry.

To open the Registry Editor, follow the next steps:

1. Click on the Start button.
2. Type registry.
3. Click on Registry Editor, as seen in the following screenshot:

Figure 6.2 - The Registry Editor

We are now going to learn about the previously mentioned five registry hives.

Registry hives

When the Registry Editor is open, you will see five top-level hives. The five top-level hives are given as follows:

• HKEY_CLASSES_ROOT: This registry hive contains file association information and defines which application opens when the user double-clicks a file type on the file system.
• HKEY_CURRENT_USER: This registry hive contains configuration information for the currently signed-in user. Items such as the users' Windows color scheme and font settings are stored in relevant values in this hive.
• HKEY_LOCAL_MACHINE: This registry hive is probably the most important and the one that you likely will make the most edits to. It stores all computer-related configuration settings.
• HKEY_USERS: This registry hive contains a collection of all of the configuration information for all users that have signed in locally to the computer, including the currently signed-in user.
• HKEY_CURRENT_CONFIG: This registry hive contains information about the current hardware profile that the local computer used during system startup.

Most likely, you will make direct changes only to the values that stored are in the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives.

Registry keys and subkeys

To maintain structure within the database, similar settings are stored in folders and subfolders known as keys and subkeys. This makes it easier to reference a registry value. An example of a key is as follows:

HKEY_CURRENT_USER\Control Panel\Desktop

Let's now understand registry values.

Registry values

Values define the behavior of the OS, and they are stored in keys and subkeys. There are many types of values, depending on the type of data that each store.

In the previous registry path, you can find a value called Wallpaper. This value stores the name and location of a user's desktop wallpaper. In the following screenshot, you will see the key, value, and path to the Wallpaper:

Figure 6.3 - The value of a registry key

In a registry value, you can store text values, numerical data, variables, and similar data. The following table lists the more common types of registry values:

Table 6.1 - Common types of registry values

At this stage, you know what the registry is, how it is built, how it works, and how you can change keys. In the next section, we will look at configuring local policies and especially various security policies.