windows registry (2)

8/3/2019 Windows Registry (2)

1/62

Windows RegistryReport On Seminar Topic: Windows Registry

Name : Mit B. Suthar

College : L.D. College of Engineering

Branch : Computer EngineeringDivision : A

Batch : B2

Enrollment No : 090280107041

Roll No : 507140

/09/2011


2/62

L.D. College of Engineering Computer Engineering5th Semester (Div. A)

Certificate

This is to certify that Mit B. Suthar studying in L.D. College of

Engineering in Branch Computer Engineering Division A

having Roll No 507140 and Enrollment No 090280107041 has

successfully completed report and presentation on Seminar topic :

Windows Registry

Date of Submission :

Signature :

Mit B. Suthar Roll No. 507140Page No. 2


3/62


Index

No. Description Page No

1An Overview to Windows Registry

3

2What is the Registry?

5

3Using the Registry Editor (regedit.exe)

6

4Isn't it dangerous to do anything with the Registry?

15

5 Editing Registry 18

6 Registry Damage 29

7 Example of REG File 32

8 Full list of data types 33

9 Descriptions of folder names used in Registry Editor 35

10 Some Registry tricks to Optimize your Windows 36

11 Conclusion 60

12References

60



4/62


AnOverview to Windows Registry

My seminar topic is windows registry. The registry is the heart and soul of

Microsoft Windows Operating System. The registry contains the configuration data that

makes the operating system work. The registry enables developers to organize

configuration data in ways that are impossible with other mechanisms, such as INI files.

More importantly, it enables you to customize Windows Operating System (Windows

XP) in ways you can't through the user interface. Every application that runs on

Microsoft's latest desktop operating system does absolutely nothing without consulting

the registry first.

Through this seminar, we will learn how to customize the registry, how to take

care of the registry and how to back up the registry so you can restore it if things go awry.

The registry is an invaluable tool for the IT professional deploying, managing, and

supporting Windows Operating System. Whether you are a desktop engineer, deployment

engineer, or a support technician, you'll learn techniques that will make your job easier. The

registry is the heart and soul of Microsoft Windows Operating System.

The registry contains the configuration data that makes the operating system work. The

registry is everything-it is the brain of the operating system. The registry enables

developers to organize configuration data in ways that are impossible with other

mechanisms, such as INI files. More importantly, it enables you to customize

Windows Operating System in ways you can't through the user interface. Windows

Operating System and every application that runs on Microsoft's latest desktop operating

system do absolutely nothing without consulting the registry first. When you

doubleclick a file, Windows consults the registry to figure out what to do with it. When

you install a device, Windows assigns resources to the device based on information in the

registry and then stores the device's configuration in the registry. When you run an

application such as Microsoft Word, the application looks up your preferences in the

registry. If you were to monitor the registry during a normal session, you'd see the

registry serves up thousands of values within minutes.



5/62


What does the average user need to know about the Registry?

The majority of home PC users probably have either never heard of the Registry or think of it

as something to avoid. It is true that editing or making direct changes to the Registry is not

typically an activity of most users but it is important to at least know how to back up the

Registry and how to restore a damaged or corrupted Registry. A little learning here can save

big headaches with computer problems. The backup and restore process is neither difficult

nor lengthy and is easily mastered by the greenest of neophytes. Also, just a little knowledge

will make the Registry seem less like some cabalistic ritual of Druid priests and will remove

some of the fear and loathing from the subject. The Registry is so essential to the functioning

of a Windows PC that anyone who uses a PC regularly should at least have a general idea of

what the Registry does.



6/62


What is the Registry?

The Windows Registry is a central database containing all the varied assortment of

information needed for the computer to run both the hardware and the software. The Registry

is in constant use and almost anything that you do on a Windows PC will access the Registry

for information. The information is divided among a number of hidden system binary files.

Very few PC users will ever need to access these files directly. If desired, viewing the

contents of the Registry is done with the Registry Editor accessory, which combines the

various components and displays them in a readable unified text form. Using the Registry

Editor (regedit) is described below.

The registry has a subtle but important role in Microsoft Windows Operating

System. On one hand, the registry is passiveit's just a big collection of settings sitting

on your hard disk. On the other hand, it plays a key role in all those activities. The

settings in the registry determine how Windows appears and how it behaves. They even

control applications running on your computer. This gives the registry great potential as a

tool for power users or IT professionals, enabling them to customize settings that aren't

available in the user interface. Windows stores configuration data in the registry. The

registry is a hierarchical database, which you can describe as a central repository for

configuration or a configuration database. A hierarchical database has characteristics that

make it ideally suited to storing configuration data. This allows settings to be referenced

using paths, similar to file paths in Windows Operating System. The registry's

hierarchical organization makes all settings easy to reference.



7/62


Using the Registry Editor (regedit.exe)

I don't expect the average home PC owner to be involved in manual Registry editing but there

is no reason why advanced PC users should shy away from editing the Registry directly,

provided that they follow the iron-clad rule of always backing up first. It is also advisable to

restrict direct Registry editing to small changes. If more extensive changes are involved, a

script or an editing interface like TweakUI or the Group Policy Editor is a preferable method

for making edits. Many useful Registry edits consist of changing one or two values and are

easily reversed.

Accessing the Registry Editor (Regedit)

The Registry Editor (also called regedit) is not listed in the Start menu or in All Programs.

The utility is a single file regedit.exe and is located in the Windows folder on XP systems. It

is accessed by using the Run line. Enter "regedit" and the utility will open. In Vista the utility

is opened by entering "regedit.exe" in the Start Search line The Runline can also be used in

Vista (but is no longer necessarily on the Start menu). As to be expected, an administrator

account is required.

Regedit is a two-pane interface with keys in the left pane (key pane) and value names with

the corresponding data in the right pane (value pane). The setup is not unlike Windows

Explorer with keys analogous to folders and values analogous to files. An example is shown

in the figure below.



8/62


Fig 1 - Registry Editor of Wndows XP



9/62




10/62


Also listed in the right or value pane is the type of data contained in a value. There are a

number of formats that data can take and the usual ones that most PC users will encounter are

given in Table I. I have omitted the more esoteric types. The three listed in the table

constitute the vast majority of all Registry entries

Table I Common registry Data Types

Data type Description

REG_BINARY Binary data . Usually in hexadecimal notation. An example is 0xA8

REG_DWORDDouble word (32 bits). Can be edited in either hexadecimal ordecimal

REG_SZ A string. Figure 1 shows examples in the right pane.



11/62


Menus in Registry Editor

Regedit has some of the same menus that are so familiar throughout Windows. These can be

seen near the top of Figure 1. Shown below are what two commonly used menus look like.

Figure 2 File Menu

The File menu has the functions "Import" and "Export" that involve backup and restore.

Figure 3 Edit Menu



12/62


As you would expect, the "Edit" menu is where commands are located for making changes to

the Registry. Keys and values can be deleted, added, or renamed. (Permission settings on

keys can also be edited but that is an advanced subject beyond our scope.) Another two very

useful functions are "Find..." and "Find Next". The Registry has thousands of keys and these

search functions are very necessary. Unfortunately, the search function cannot find binary

values or REG_DWORD entries. It searches key names, value names, and string data.

The bottom of he window for Regedit shows the path of the currently highlighted key as can

be seen in Figure 1. The Edit menu also contains a useful entry "Copy Key Name" that sends

the path of the key to the clipboard, Since path names can be quite long, this can be very

useful.

Figure 4 Favourite Menu

Another menu that can be quite useful is "Favorites". If you find that there are is a certain key

that you modify often, this key can be added to the "Favorites' list for easy access. The

example of a "Favorites" menu shown on the right contains three favorites. Note the names

have been chosen by this user and can be anything that is a convenient reminder. They

actually refer to specific Registry keys, which can have very long path names.



13/62


Editing Registry Keys and Values

There are many useful adjustments to the Windows configuration or behavior that can be

made by simple editing of the Registry. Unless you are a trained IT professional, you should

probably limit Registry editing to one or two values at a time. I will limit this discussion to

this type of straightforward scenario.

The first step in editing is always to back up the Registry. Also, back up the key you are

working on. If you are a very careful worker, backing up just the key where editing is to be

done may suffice but make a system restore point first anyway. To back up a key,

open Regeditand highlight the key. Open the "file" menu and click "Export". For most cases.

you will choose to export as a registration or REG file. This is a text file with

extension .regthat is a copy of the highlighted Registry key. Save it to someplace safe. To

restore a key with a REG file, right-click it and choose "Merge". On many machines the

default leftdouble-click on a REG file will also create a merge. I prefer to change the double-

click action to "Edit" so that accidental mergers do not happen. Notice that I use the word

"merge". Reg files do not replace keys but add to them, something to keep in mind. Anything

extra that you may have added is not deleted. Some experienced PC users prefer to do any

actual editing in the exported REG file and then to merge the edited file. This prevents

accidentally doing something to the wrong key.Keep in mind that Regedit has no "undo"

function. What's done is done.

If you are editing an entire key, you are very likely deleting it. (Careful! Back it up.) If you

are making a number of changes, I suggest using a REG file and not editing in the Registry

itself. I repeat, even power users should probably stick with editing one or two values. To

delete a highlighted key, choose "Delete" from the "Edit" menu. Note that there is no recycle

bin for deleted Registry keys or values. Deleted means gone to the great bit-bucket in the sky.



14/62


Figure 5 Edit Registry Entry (String)

For the most part, direct Registry editing means changing a value. Highlight the value in

question in the right-pane of Regedit. Then choose "Modify" from the "Edit" menu or right-

click the value and choose "Modify" from the context menu. For strings, a box like the one

shown on the right will open .As a specific example, consider the last value in the right-pane

of Figure 1. The time that the system waits for a service to close at Shutdown is controlled by

the entry for the value, WaitToKillServiceTimeout. The value is in milliseconds and the

default is 20000 ( 20 seconds). To make things close up more quickly, you could change the

value to 10000 (10 seconds). Or you might need to make it longer for certain systems. Enter

the desired string in the line "Value data" and click OK.



15/62


Figure 6 Edit Registry Entry (DWORD)

A great many Registry values are strings but another type of data that is common is the

"dword". A slightly different box will appear if you are editing a REG_DWORD value. The

figure on the left shows the appropriate box. Note that when entering a DWORD value, you

need to specify the base for the number. Be careful to be sure that you have chosen correctly

between hexadecimal and decimal. You can enter either but the number that you enter must

correspond to the correct value for the chosen base. In the example here the decimal number

"96" would have to be "60" if hexadecimal were picked for the base.



16/62


Isn't it dangerous to do anything with the Registry?

Because it is involved in everything, damage to the Registry can stop a PC from functioning.

For that reason Microsoft has gone out of its way to make the Registry mysterious and

fearsome sounding. It is reasonable that Microsoft does not want to have to deal with service

calls from ignorant people who have tried to edit the Registry but I think the constant

warnings about the Registry that you see everywhere on the Internet are overdone. They are a

form of CYA arising in part from our overly litigious society. Yes, you can create a lot of

problems if you mess up the Registry but you can also cause problems if you go around

deleting things from the Windows or Program folders. You can do stupid things with almost

anything. And yes, mistakes do occur. I once misplaced a comma while editing a Windows

95 Registry and found that my computer wouldn't boot. But I had a backup and it took only a

minute or two to fix the problem. Actually, the Windows XP Registry is much more robust

and it's much harder to make it unbootable. If you follow the iron-clad rule to make a backup

first and know how to restore it, informed editing of the Registry is not such a precariousundertaking as it is made out to be.

Although directly editing the Registry is notrecommended for less advanced PC users, there

is no reason for most PC users to forego the nice system tweaks that can be provided by the

many useful scripts that are available. The only caveatis that the user of any script should

back up the Registry first and should know how to undo the action of any script byrestoring

the backup. As already mentioned, this is an easy enough process for anybody. Actually,

some scripts even have an undo function in case you don't like the results of employing the

script.



17/62


Registry Backup

If there is one thing about the Registry that everyone should know, it is how to back it up,

Every time you make a system change- installing software, attaching new hardware, or

whatever- a backup should be made of the Registry. Fortunately, this is not difficult.

System Restore

Backing up is often done for you by System Restore. Depending on how often you turn your

computer off, the default setting is for System Restore to backup certain system components

approximately every 24 hours. However, you can also manually create a restore point

whenever you wish and it's a good idea to do so whenever you make a system change. Put the

script file on the desktop and making a restore point is just a double-click away. One

drawback to System Restore is that it doesn't provide a convenient way to back up just the

Registry or parts of the Registry.

Registration (REG) files

I have previously mentioned REG files in discussing the use of the Registry Editor. Although

the entire Registry could be be backed up as a REG file, this is not practical. However, REG

files provide a convenient method for backing up individual subkeys. REG files have the

advantage that they are easily copied to backup media. Remember that REG files are in text

form and create merges when they are imported back into the Registry proper.

http://www.registryonwindows.com/regedit.htmlhttp://www.registryonwindows.com/regedit.htmlhttp://www.registryonwindows.com/regedit.htmlhttp://www.registryonwindows.com/regedit.html


18/62


Hive files

Here we have to deal with a bit of Microsoft jargon. A key with all its subkeys and values in

binary form is often called a "hive" in Microsoft literature. Why the term? "Because one of

the original developers of Windows NT hated bees. So the developer who was responsible for

the registry snuck in as many bee references as he could." So says Raymond Chen (who

should know).

When using the export function of Regedit, one of the options is to save an exported key as a

hive file. Being binary, a hive file can't be read like the text-containing REG files but it has

an advantage for backup. When imported, it restores a key exactly as it was and does not

simply merge as do REG files. Hive files also are more appropriate for backing up a large key

with many subkeys. For example, I use a hive file to back up the entire

HKEY_CURRENT_USER and store it on another disk.

Backup software

Of course, software that backs up the entire disk such as Microsoft Backup or imaging

programs back up the Registry along with everything else, There are also some programs that

are designed to make Registry backups. One commonly used free utility

is ERUNT (Emergency Recovery Utility NT). Among paid commercial programs,

Macecraft's JV16 Power Tools gets high marks.

http://blogs.msdn.com/oldnewthing/archive/2003/08/08/54618.aspxhttp://blogs.msdn.com/oldnewthing/archive/2003/08/08/54618.aspx


19/62


Registry Cleaners

There are many programs that claim to do wonderful things by "cleaning" the Registry. That

is, they prune out dead or corrupted entries. Some are better than others. Some are even

dangerous. Back in the days of Windows 95, I was an advocate of regular housekeeping for

the Registry. However, the Registry in Windows XP is far more robust and much less prone

to corruption. Those who install and uninstall a lot of software and/or those who tweak the

Registry a lot may find it worthwhile to do regular Registry maintenance, For ordinary PC

users I feel that the Registry needs this type of maintenance only infrequently. The programmentioned above, JV16 Power Tools, is a good choice for this task. Another possibility

isCCleaner. However., ordinary PC users should probably just avoid cleaning the Registry.

It's too easy for the wrong thing to be removed from the Registry

http://www.macecraft.com/http://www.ccleaner.com/http://www.ccleaner.com/http://www.ccleaner.com/http://www.ccleaner.com/http://www.macecraft.com/http://www.ccleaner.com/


20/62


Editing Registry

Manual Editing

Figure 7 - Registry Editor of Windows 7

The Windows registry can be edited manually using programs such as regedit.exe and on

older versions of Windows, regedt32.exe, although these tools do not expose some of

registry's metadata such as the last modified date. They also implement workarounds in code

that allow Registry keys to be renamed, as the underlying APIs do not support this capability.

http://en.wikipedia.org/wiki/File:Registry_Editor_Vista.png


21/62


Figure 8 Registry Editor of Windows 3.11

As a careless change could cause irreversible damage, a backup of the registry before editing

is recommended by Microsoft.

A simple implementation of the current registry tool appeared in Windows 3.x, called the

"Registration Info Editor" or "Registration Editor". This was basically just a database of

applications used to edit embedded OLE objects in documents.

Windows 9x operating systems included REGEDIT.EXE which could be used in Windows

and also in real mode MS-DOS. Windows NT introduced permissions for Registry editing.

Windows NT 4.0 and Windows 2000 were distributed with both the Windows 9x

REGEDIT.EXE program and Windows NT 3.x's REGEDT32.EXE program. There were

several differences between the two editors on these platforms:



22/62


REGEDIT.EXE had a left-side tree view that begins at "My Computer" and lists all

loaded hives. REGEDT32.EXE had a left-side tree view, but each hive had its own

window, so the tree displays only keys.

REGEDIT.EXE represented the three components of a value (its name, type, and data) as

separate columns of a table. REGEDT32.EXE represented them as a list of strings.

REGEDIT.EXE supported right-clicking of entries in a tree view to adjust properties and

other settings. REGEDT32.EXE required all actions to be performed from the top menu

bar.

REGEDIT.EXE supported searching for key names, values, or data throughout the entire

registry, whereas REGEDT32.EXE only supported searching for key names in one hive

at a time.

Earlier versions of REGEDIT.EXE did not support editing permissions. Therefore, on

those early versions, only REGEDT32.EXE could access the full functionality of an NT

registry. REGEDIT.EXE in Windows XP, VISTA, and Windows 7, supported editing

permissions.

REGEDIT.EXE only supported string (REG_SZ), binary (REG_BINARY), and

DWORD (REG_DWORD) values. REGEDT32.EXE supported those, plus expandable

string (REG_EXPAND_SZ) and multi-string (REG_MULTI_SZ). Attempting to edit

unsupported key types with REGEDIT.EXE on Windows 2000 or Windows NT 4.0

would result in irreversible conversion to a supported type.

Windows XP was the first system to integrate these two programs into one, adopting the old

REGEDIT.EXE interface and adding the REGEDT32.EXE functionality. The differences

listed above are not applicable on Windows XP and newer systems; REGEDIT.EXE is the

improved editor, and REGEDT32.EXE is deprecated.



23/62


The Registry Editor allows users to perform the following functions:

Creating, manipulating, renaming and deleting registry keys, subkeys, values and

value data

Importing and exporting .REG files, exporting data in the binary hive format

Loading, manipulating and unloading registry hive format files (Windows NT-based

systems only)

Setting permissions based on ACLs (Windows NT-based systems only)

Bookmarking user-selected registry keys as Favorites

Finding particular strings in key names, value names and value data

Remotely editing the registry on another networked computer

http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Access_control_list


24/62


(2) Reg Files

This step-by-step article describes how to add, modify, or delete registry subkeys and

values by using a Registration Entries (.reg) file. Regedit.exe uses .reg files to

import and export registry subkeys and values. You can use these .reg files to

remotely distribute registry changes to several Windows-based computers. When

you run a .reg file, the file contents merge into the local registry. Therefore, you

must distribute .reg files with caution.

Syntax of .Reg Files

A .reg file has the following syntax:

RegistryEditorVersion

Blank

[RegistryPath1]

"DataItemName1"="DataType1:DataValue1"

DataItemName2"="DataType2:DataValue2"

Blank

[RegistryPath2]

"DataItemName3"="DataType3:DataValue3"

where:

RegistryEditorVersion is either "Windows Registry Editor Version 5.00" for

Windows 2000, Windows XP, and Windows Server 2003, or "REGEDIT4" for

Windows 98 and Windows NT 4.0.

The "REGEDIT4" header also works on Windows 2000-based, Windows XP-based,

and Windows Server 2003-based computers.

Blank line is a blank line. This identifies the start of a new registry path. Each key



25/62


or subkey is a new registry path. If you have several keys in your .reg file, blank

lines can help you to examine and to troubleshoot the contents.

RegistryPathxis the path of the subkey that holds the first value you are

importing. Enclose the path in square brackets, and separate each level of the

hierarchy by a backslash. Forexample:[HKEY_LOCAL_ MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

A .reg file can contain several registry paths. If the bottom of the hierarchy in the path

statement does not exist in the registry, a new subkey is created. The contents of the registryfiles are sent to the registry in the order you enter them. Therefore, if you want to create a

new subkey with another subkey below it, you must enter the lines in the correct order.

DataItemNamex is the name of the data item that you want to import. If a data item in your

file does not exist in the registry, the .reg file adds it (with the value of the data item). If a

data item does exist, the value in your .reg file overwrites the existing value. Quotation marks

enclose the name of the data item. An equal sign immediately follows the name of the data

item.

DataTypex is the data type for the registry value and immediately follows the equal sign. For

all the data types other than REG_SZ (a string value), a colon immediately follows the data

type. If the data type is REG_SZ , do not include the data type value or colon. In this case,

Regedit.exe assumes REG_SZ for the data type. The following table lists the typical registry

data types.



26/62


Table 2 Data types for Reg filess

Data Type DataType in .reg

REG_BINARY hexadecimal

REG_DWORD dword

REG_EXPAND_SZ hexadecimal(2)

REG_MULTI_SZ hexadecimal(7)

DataValueximmediately follows the colon (or the equal sign with REG_SZ) and must be

in the appropriate format (for example, string or hexadecimal). Use hexadecimal

format for binary data items.

Note: You can enter several data item lines for the same registry path.

Note: the registry file should contain a blank line at the bottom of the file.

Adding Registry Subkeys or Adding and Changing Registry Values

To add a registry subkey or add or change a registry value, make the appropriate changes in

the registry, and then export the appropriate subkey or subkeys. Exported registry subkeys are

automatically saved as .reg files. To make changes to the registry and export your changes to

a .reg file, follow these steps:



27/62


1. ClickStart, clickRun, type regedit in the Open box, and then clickOK.

2. Locate and then click the subkey that holds the registry item or items that you want to

change.

3. ClickFile, and then clickExport.

This step backs up the subkey before you make any changes. You can import this file

back into the registry later if your changes cause a problem.

4. In the File name box, type a file name to use to save the .reg file with the original

registry items, and then clickSave.

Note Use a file name that reminds you of the contents, such as a reference to the name

of the subkey.

5. In the right pane, add or modify the registry items you want.

6. Repeat steps 3 and 4 to export the subkey again, but use a different file name for the

.reg file. You can use this .reg file to make your registry changes on anothercomputer.

7. Test your changes on the local computer. If they cause a problem, double-click the

file that holds the backup of the original registry data to return the registry to its

original state. If the changes work as expected, you can distribute the .reg you created

in step 6 to other computers by using the methods in the "Distributing Registry

Changes" section of this article.



28/62


Deleting Registry Keys and Values

To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the.reg file. For example, to delete the Test subkey from the following registry key:

HKEY_LOCAL_MACHINE\Software

put a hyphen in front of the following registry key in the .reg file:

HKEY_LOCAL_MACHINE\Software\Test

The following example has a .reg file that can perform this task.

[-HKEY_LOCAL_MACHINE\Software\Test]

To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following

theDataItemName in the .reg file. For example, to delete the TestValue registry value from

the following registry key:


put a hyphen after the "TestValue"= in the .reg file. The following example has a .reg file that

can perform this task.


"TestValue"=-

To create the .reg file, use Regedit.exe to export the registry key that you want to delete, and

then use Notepad to edit the .reg file and insert the hyphen.

Distributing Registry Changes

You can send a .reg file to users in an e-mail message, put a .reg file on a network share and

direct users to the network share to run it, or you can add a command to the users' logon

scripts to automatically import the .reg file when they log on. When users run the .reg file,

they receive the following messages:

Registry Editor

Are you sure you want to add the information in path of .reg file to the registry?



29/62


If the user clicks Yes, the user receives the following message:

Registry Editor

Information in path of .reg file has been successfully entered into the registry.

Regedit.exe supports a /s command-line switch to not display these messages. For example,

to silently run the .reg file (with the /s switch) from a login script batch file, use the following

syntax:

regedit.exe /spath of .reg file

You can also use Group Policy or System Policy to distribute registry changes across your

network.



30/62


Registry damage

Some registry cleaners make no distinction as to the severity of the errors, and many that do

may erroneously categorize errors as "critical" with little basis to support it.[2] Removing or

changing certain registry data can prevent the system from starting, or cause application

errors and crashes.

It is not always possible for a third party program to know whether any particular key is

invalid or redundant. Obviously, a poorly-designed registry cleaner may not be equipped to

know for sure whether a key is still being used by Windows or what detrimental effects

removing it may have. This may lead to loss of functionality and/or system instability, [3][4]

[5] as well as application compatibility updatesfrom Microsoft to block problematic registry

cleaners.[6] The Windows Installer CleanUp Utility was a Microsoft-supported utility for

addressing Windows Installerrelated issues,[7] however the program has subsequently been

deprecated because of unintended damage that it caused

Of course, many of these caveats apply to any type of software, especially freeware or

shareware, downloaded and installed from obscure or unknown sources; the dangers are by

no means peculiar to registry cleaners. In particular, if an unknown author boasts that the

software has been written in some variant of the C language "for greater efficiency", this

should be interpreted as a danger signal.

The level of skill necessary to use a registry cleaner to actually improve the performance of a

machine is higher than the level of skill necessary to configure an easyincremental

backup solution. With such a solution, the OS can be restored if any recent changes proved to

be bad ones. This is safer than most registry cleaners. While it is true that some registry

cleaners are safe, these cleaners do not improve performance. The rest are a mix of powerful

and dangerous tools unsuited to non-professionals, snake-oil, and actual malware.

http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-Symantec-1http://en.wikipedia.org/wiki/Third-party_developerhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-2http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-3http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-4http://en.wikipedia.org/wiki/Shim_(computing)http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-5http://en.wikipedia.org/wiki/Windows_Installerhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-6http://en.wikipedia.org/wiki/Incremental_backuphttp://en.wikipedia.org/wiki/Incremental_backuphttp://en.wikipedia.org/wiki/Incremental_backuphttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-Symantec-1http://en.wikipedia.org/wiki/Third-party_developerhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-2http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-3http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-4http://en.wikipedia.org/wiki/Shim_(computing)http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-5http://en.wikipedia.org/wiki/Windows_Installerhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-6http://en.wikipedia.org/wiki/Incremental_backuphttp://en.wikipedia.org/wiki/Incremental_backup


31/62


Malware payloads

Registry cleaners have been used as a vehicle by a number oftrojan applications to

installmalware, typically through social engineering attacks that use websitepopups or free

downloads that falsely report problems that can be "rectified" by purchasing or downloading

a registry cleaner.[9]The worst of the breed are products that advertise and encourage a "free"

registry scan; however, the user typically finds the product has to be purchased for a

substantial sum, before it will effect any of the anticipated "repairs." Rogue registry cleaners

"WinFixer" have been ranked as one of the most prevalent pieces of malware currently in

circulation.

Scanners as scareware

Rogue registry cleaners are often marketed with alarmist advertisements that falsely claim to

have pre-analyzed your PC, displaying bogus warnings to take "corrective" action, hence the

reason that they are sometimes called "scareware". In October 2008,Microsoft and

the Washingtonattorney general filed a lawsuit against two Texas firms, Branch Software

and Alpha Red, producers of the "Registry Cleaner XP" scareware. [11] The lawsuit alleges that

the company sent incessant pop-ups resembling system warnings to consumers' personal

computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND

CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP

at a cost of $39.95.

Metrics of performance benefit

On Windows 9xcomputers, it was possible that a very large registry could slow down the

computer's startup time. However this is far less of an issue withNT-based operating systems

(includingWindows XP and Vista) due to a different on-disk structure of the registry,

improved memory management and indexing.[12] Slowdown due to registry bloat is thus far

less of an issue in modern versions of Windows. Defragmenting the registry files (e.g. using a

Microsoft-supported tool such asPageDefrag),[13] has likewise been de-emphasized due to

this increased efficiency, and is largely an automated process under Vista. Other Windows

Performance Tools are specifically designed to troubleshoot performance-related issues under

Windows.

http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Pop-up_adhttp://en.wikipedia.org/wiki/Pop-up_adhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-8http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-8http://en.wikipedia.org/wiki/WinFixerhttp://en.wikipedia.org/wiki/Scarewarehttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Washington_(U.S._state)http://en.wikipedia.org/wiki/Attorney_generalhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-10http://en.wikipedia.org/wiki/Windows_9xhttp://en.wikipedia.org/wiki/Windows_9xhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Index_(database)http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-11http://en.wikipedia.org/wiki/PageDefraghttp://en.wikipedia.org/wiki/PageDefraghttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-12http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Pop-up_adhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-8http://en.wikipedia.org/wiki/WinFixerhttp://en.wikipedia.org/wiki/Scarewarehttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Washington_(U.S._state)http://en.wikipedia.org/wiki/Attorney_generalhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-10http://en.wikipedia.org/wiki/Windows_9xhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Index_(database)http://en.wikipedia.org/wiki/Registry_cleaner#cite_note-11http://en.wikipedia.org/wiki/PageDefraghttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-12


32/62


Undeletable registry keys

Registry cleaners cannot repair scenarios such as undeletable registry keys caused by

embedded null characters in their names; only specialized tools such as the RegDelNull

utility (part of theSysinternals software) are able to do this.[15]

Recovery capability limitations

A Registry cleaner cannot repair a Registry hive that can't be mounted by the system, making

the repair via "slave mounting" of a system disk impossible.

A corrupt registry can be recovered in a number of ways that are supported by Microsoft

(e.g.Automated System Recovery, from a "Last Known Good" boot menu, by re-runningsetup or by usingSystem Restore). "Last Known Good" restores the last System Registry hive

(containing driver and service configuration) that successfully booted the system.

Malware removal

These tools are also difficult to manage in a non-boot situation, or during an infestation,

compared to a full system restore from a backup. In the age of rapidly evolving malware,

even a full system restore may be unable to rid a hard drive of a bootkit.

Registry cleaners are likewise not designed for malware removal, although minor side-effects

can be repaired, such as a turned-offSystem Restore. However, in complex scenarios where

malware such as spyware, adwareand viruses are involved, the removal of system-critical

files may result.

Application virtualization

A registry cleaner is of no use for cleaning registry entries associated with a virtualised

applicationsince all registry entries in this scenario are written to an application-specific

virtual Registry instead of the real one. [17] Complications of detailed interactions of real-mode

with virtual, also leaves the potential for incorrect removal of shortcuts and registry entries

that point to "disappeared" files, and consequent confusion by the user of cleaner products.

There is little competent information about this specific interaction, and no integration. In

general, even if registry cleaners could be arguably considered safe in a normal end-user

environment, they should be avoided in an application virtualization environment

http://en.wikipedia.org/wiki/Winternalshttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-14http://en.wikipedia.org/wiki/Automated_System_Recoveryhttp://en.wikipedia.org/wiki/Automated_System_Recoveryhttp://en.wikipedia.org/wiki/System_Restorehttp://en.wikipedia.org/wiki/Bootkithttp://en.wikipedia.org/wiki/System_Restorehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Application_virtualizationhttp://en.wikipedia.org/wiki/Application_virtualizationhttp://en.wikipedia.org/wiki/Application_virtualizationhttp://en.wikipedia.org/wiki/Application_virtualizationhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-16http://en.wikipedia.org/wiki/Winternalshttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-14http://en.wikipedia.org/wiki/Automated_System_Recoveryhttp://en.wikipedia.org/wiki/System_Restorehttp://en.wikipedia.org/wiki/Bootkithttp://en.wikipedia.org/wiki/System_Restorehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Application_virtualizationhttp://en.wikipedia.org/wiki/Application_virtualizationhttp://en.wikipedia.org/wiki/Registry_cleaner#cite_note-16


33/62


Example of an REG file

Windows Registry Editor Version 5.00 // for windows xp,vista, Windows 7

Or

REGEDIT4 // for windows 95 and 98

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSIO

N\POLICIES\SYSTEM]

"LEGALNOTICECAPTION"="PC1"

"LEGALNOTICETEXT"="You are Logging into PC 1"

---------------END OF FILE-------------------

Note : we need to specify version of registry editor in the file first

: do not include comments in original file

: add a last line as blank (as syntax of .reg file suggests

: save it as .filename.reg and run it!!!

: it will enter desired registry entries in registry.

How to delete a key using a .reg file?

Windows Registry Editor Version 5.00

[~HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSI

ON\POLICIES\SYSTEM]

"LEGALNOTICECAPTION"=~"PC1"

"LEGALNOTICETEXT"=~"You are Logging into PC 1"

Note: if you need to add or remove registry entry else where specify registry entry path again

and enter values for registry entry again.



34/62


Table 3 Full list of Data types

Name Data type Description

BinaryValue

REG_BINARY Raw binary data. Most hardwarecomponent information is storedas binary data and is displayed inRegistry Editor in hexadecimalformat.

DWORDValue

REG_DWORD Data represented by a number that is 4 bytes long (a 32-bitinteger). Many parameters fordevice drivers and services arethis type and are displayed inRegistry Editor in binary,hexadecimal, or decimal format.

Related values areDWORD_LITTLE_ENDIAN(least significant byte is at thelowest address) andREG_DWORD_BIG_ENDIAN(least significant byte is at thehighest address).

ExpandableStringValue

REG_EXPAND_SZ A variable-length data string.This data type includes variablesthat are resolved when a program

or service uses the data.

Multi-StringValue

REG_MULTI_SZ A multiple string. Values thatcontain lists or multiple values ina form that people can read aregenerally this type. Entries areseparated by spaces, commas, orother marks.

StringValue

REG_SZ A fixed-length text string.

BinaryValue

REG_RESOURCE_LIST A series of nested arrays that isdesigned to store a resource listthat is used by a hardware devicedriver or one of the physicaldevices it controls. This data isdetected and written in the\ResourceMap tree by the systemand is displayed in Registry Editorin hexadecimal format as a BinaryValue.

Binary

Value

REG_RESOURCE_REQUIREMENTS_LIST A series of nested arrays that is

designed to store a device driver's



35/62


list of possible hardwareresources the driver or one of the

physical devices it controls canuse. The system writes a subsetof this list in the \ResourceMap

tree. This data is detected by thesystem and is displayed inRegistry Editor in hexadecimalformat as a Binary Value.

BinaryValue

REG_FULL_RESOURCE_DESCRIPTOR A series of nested arrays that isdesigned to store a resource listthat is used by a physicalhardware device. This data isdetected and written in the\HardwareDescription tree by the

system and is displayed inRegistry Editor in hexadecimalformat as a Binary Value.

None REG_NONE Data without any particular type.This data is written to the registry

by the system or applications andis displayed in Registry Editor inhexadecimal format as a BinaryValue

Link REG_LINK A Unicode string naming asymbolic link.

QWORDValue

REG_QWORD Data represented by a number that is a 64-bit integer. This datais displayed in Registry Editor asa Binary Value and wasintroduced in Windows 2000.



36/62


Table 4 Descriptions of folder names used in Registry

Folder/predefined key Description

HKEY_CURRENT_USER Contains the root of the configuration information for the user whois currently logged on. The user's folders, screen colors, andControl Panel settings are stored here. This information isassociated with the user's profile. This key is sometimesabbreviated as "HKCU."

HKEY_USERS Contains all the actively loaded user profiles on the computer.HKEY_CURRENT_USER is a subkey of HKEY_USERS.HKEY_USERS is sometimes abbreviated as "HKU."

HKEY_LOCAL_MACHINE Contains configuration information particular to the computer (forany user). This key is sometimes abbreviated as "HKLM."

HKEY_CLASSES_ROOT Is a subkey of HKEY_LOCAL_MACHINE\Software. Theinformation that is stored here makes sure that the correct programopens when you open a file by using Windows Explorer. This keyis sometimes abbreviated as "HKCR." Starting with Windows2000, this information is stored under both theHKEY_LOCAL_MACHINE and HKEY_CURRENT_USERkeys. The HKEY_LOCAL_MACHINE\Software\Classes keycontains default settings that can apply to all users on the localcomputer. The HKEY_CURRENT_USER\Software\Classes keycontains settings that override the default settings and apply only

to the interactive user. The HKEY_CLASSES_ROOT keyprovides a view of the registry that merges the information fromthese two sources. HKEY_CLASSES_ROOT also provides thismerged view for programs that are designed for earlier versions ofWindows. To change the settings for the interactive user, changesmust be made under HKEY_CURRENT_USER\Software\Classesinstead of under HKEY_CLASSES_ROOT. To change the defaultsettings, changes must be made underHKEY_LOCAL_MACHINE\Software\Classes. If you write keysto a key under HKEY_CLASSES_ROOT, the system stores theinformation under HKEY_LOCAL_MACHINE\Software\Classes.If you write values to a key under HKEY_CLASSES_ROOT, andthe key already exists underHKEY_CURRENT_USER\Software\Classes, the system will storethe information there instead of underHKEY_LOCAL_MACHINE\Software\Classes.

HKEY_CURRENT_CONFIG Contains information about the hardware profile that is used by thelocal computer at system startup.

Some registry tricks to optimize your Windows :



37/62


Add Open With to all files

You can add "Open With..." to the Right click context menu of all files.This is great for when

you have several programs you want to open the same file types with. I use three different

text editors so I added it to the ".txt" key.

1. Open RegEdit

2. Go to HKEY_CLASSES_ROOT\*\Shell

3. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new

4. Set the (Default) to "Op&en With..."

5. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting

new

6. Set the (Default) to "C:\Windows\rundll32.exe shell32.dll,OpenAs_RunDLL %1", C:\

being your Windows drive. You must enter the "OpenAs_RunDLL %1" exactly this way.

Customize the System Tray

You can add your name or anything you like that consists of 8 characters or less. This will

replace the AM or PM next to the system time. But you can corrupt some trial licenses of

software that you may have downloaded.

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\Control Panel\International

3. Add two new String values, "s1159" and "s2359"

4. Right click the new value name and modify. Enter anything you like up to 8 characters.

If you enter two different values when modifying, you can have the system tray display the

two different values in the AM and PM.

Lock Out Unwanted Users



38/62


Want to keep people from accessing Windows, even as the default user? If you do not have a

domain do not attempt this.

1. Open RegEdit

2. Go to HKEY_LOCAL_MACHINE\Network\Logon

3. Create a dword value "MustBeValidated"

4. Set the value to 1

This forced logon can be bypassed in Safe Mode on Windows 9x

Disable the Outlook Express Splash Screen

You can make OutLook Express load quicker by disabling the splash screen:

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express

3. Add a string value "NoSplash"

4. Set the value data to 1 as a Dword value

Multiple Columns For the Start Menu

To make Windows use multiple Start Menu Columns instead of a single scrolling column,

like Windows 9x had, Also if you are using Classic Mode in XP

1. Open RegEdit

2. Go to the key

HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\

Advanced

3. Create a string value "StartMenuScrollPrograms"

4. Right click the new string value and select modify

5. Set the value to "FALSE"

Changing Windows' Icons



39/62


You can change the Icons Windows uses for folders, the Start Menu, opened and closed

folder in the Explorer, and many more.

1. Open RegEdit

2. Go to

HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\

Shell Icons

3. Add a string value for each Icon you wish to change.

Example: "3" ="C:\Windows\Icons\MyIcon.ico,0" This will change the closed folders in the

Explorer to "MyIcon.ico". Here is a complete list for each value.

0= Unknown file type

1= MSN file types

2= Applications Generic

3= Closed Folder

4= Open Folder

5= 5.25" Drive

6= 3.25" Drive

7= Removable Drive

8= Hard Drive

9= NetWork Drive

10= Network Drive Offline

11= CD-ROM Drive

12= RAM Drive

13= Entire Network

14= Network Hub

15= My Computer

16= Printer

17= Network Neighborhood

18= Network Workgroup

19= Start Menu's Program Folders

20= Start Menu's Documents

21= Start Menu's Setting

22= Start Menu's Find

23= Start Menu's Help

24= Start Menu's Run

25= Start Menu's Suspend

26= Start Menu's PC Undock

27= Start Menu's Shutdown

28= Shared

29= Shortcut Arrow

30= (Unknown Overlay)

31= Recycle Bin Empty

32= Recycle Bin Full

33= Dial-up Network

34= DeskTop

35= Control Panel

36= Start Menu's Programs

37= Printer Folder

38= Fonts Folder

39= Taskbar Icon

40= Audio CD

You need to reboot after making changes. You may need to delete the hidden file

ShellIconCache if after rebooting the desired Icons are not displayed.

Change Default Folder Locations



40/62


You can change or delete the Windows mandatory locations of folder like My Documents:

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\

Explorer\ Shell Folders

3. Change the desired folder location, My Documents is normally list as "Personal"

4. Open the Explorer and rename or create the folder you wish.

To change the desired location of the Program Files folder

1. Go to

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

2. Change the value of "ProgramFiles", or "ProgramFilesDir"

Now when you install a new program it will default to the new location you have selected.

Change the Registered Change the User Information

You can change the Registered Owner or Registered Organization to anything you want even

after Windows is installed.

1) Open RegEdit

2) Got to

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion.

3) Change the value of "RegisteredOrganization" or "RegisteredOwner", to what ever you

want



41/62


Opening a DOS Window to either the Drive or Directory in Explorer

Add the following Registry Keys for a Directory:

HKEY_CLASSES_ROOT\Directory\shell\opennew

@="Dos Prompt in that

Directory"HKEY_CLASSES_ROOT\Directory\shell\opennew\command

@="command.com /k cd %1"

Add or Edit the following Registry Keys for a Drive:

HKEY_CLASSES_ROOT\Drive\shell\opennew

@="Dos Prompt in that Drive"

HKEY_CLASSES_ROOT\Drive\shell\opennew\command

@="command.com /k cd %1"

These will allow you to right click on either the drive or the directory and the option of

starting the dos prompt will pop up.

Changing Exchange/Outlook Mailbox Location

To change the location of your mailbox for Exchange:

1. Open RegEdit

2. Go to

HKEY_CURRENT_USER\Software\ Microsoft\Windows Messaging Subsystem\ Profiles

3. Go to the profile you want to change

4. Go to the value name that has the file location for your mailbox (*.PST) file

5. Make the change to file location or name



42/62


To change the location of your mailbox for Outlook

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\Software\Microsoft\Outlook (or Outlook Express if

Outlook Express)

3. Go to the section "Store Root"

4. Make the change to file location

Add/Remove Sound Events from Control Panel

You can Add and delete sounds events in the Control Panel. In order to do that:

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\AppEvents\Schemes\Apps and

HKEY_CURRENT_USER\AppEvents\Schemes\Eventlabels. If this key does not exist you

can create it and add events.

3. You can add/delete any items you want to or delete the ones you no longer want.

Adding an Application to the Right Click on Every Folder

Here is how to add any application to the Context Menu when you right click on any Folder.

This way you do not have to always go to the Start Menu. When you right click on any

folder, you can have access to that application, the same as using Sent To.

1. Open RegEdit

2. Go to HKEY_CLASSES_ROOT\Folder\shell

3. Add a new Key to the "Shell" Key and name it anything you like.

4. Give it a default value that will appear when you right click a folder, i.e. NewKey (use an

"&" without the quotes, in front of any character and it will allow you to use the keyboard)

5. Click on the Key HKEY_CLASSES_ROOT\Folder\shell\NewKey

6. Add a New Key named Command

7. Set the (Default) value of the application you want to run



43/62


8. For example: c:\program files\internet explorer\iexplore.exe (Include the full path and

parameters if you need them)

Adding Explore From Here to Every Folder

When you want to right click on any folder and want to open up an Explorer window of that

folder.

1. Open RegEdit

2. Go to HKEY_CLASSES_ROOT\Folder\shell

3. Add a new Key "RootExplore " under the "Shell" Key

4. Set the (Default) value to "E&xplore From Here "

5. Right Click the "RootExplore " Key and add a new Key "Command"to the RootExplore

6. Set the (Default) value of Explorer.exe /e,/root,/idlist,%i

Changing the Location of Windows' Installation Files

If you need to change the drive and or path where Windows looks for its installation files:

1.Open RegEdit

2.Go to

HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Setup

3.Edit the value next to SourcePath

Creating a Logon Banner

If you want to create a Logon Banner: A message box to appear below your logon on.

1.Open RegEdit

2.Go To

For Windows 9x and ME -

HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon



44/62


For Windows 2000 XP 2003 Vista -

HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon

3.Create a new String value"LegalNoticeCaption "

4. Enter the Title of the window. What is displayed in the Title Bar.

5. Create a new string value "LegalNoticeText"

6. Enter the text for your message box that will appear even before the Logon window.

Creating a Default File Opener

If you have a un-registered file type and want to view it instead of having to select Open

With. Use Explorer's Right-click and add your program to the right-click options by:

1. Open RegEdit

2. Go to HKEY_CLASSES_ROOT\Unknown\Shell

3. Right click on "Shell" and create a New Key and name it "Open "

4. Create a New Key under the "Open" key you just created and name it "Command"

5. Set the (Default) value to the path and filename of the program you want to use to open the

file type

6. For example: C:\Windows\NOTEPAD.EXE %1

You must use the "%1" for this to work.and a space between the exe and the %1

Deleting Registry Keys from the Command Line

There are two ways to delete a key from the Registry from the Command line. At the

Windows Command line:

RegEdit /l location of System.dat /R location of User.dat /D Registry key to delete

You cannot be in Windows at the time you use this switch.



45/62


Or you can create a reg file as such:

REGEDIT4

[-HKEY_LOCAL_MACHINE\the key you want to delete]

Note the negative sign just behind the[

Then at the Command line type:

1. RegEdit C:\Windows\(name of the regfile).

Change/Add Restrictions And Features

If you want to make restrictions to what users can do or use on their computer without having

to run Poledit, you can edit the Registry. You can add and delete Windows features in this

Key shown below.

Zero is Off and the value 1 is On. Example: to Save Windows settings add or modify the

value name NoSaveSettings to 0, if set to1 Windows will not save settings. AndNoDeletePrinter set to 1 will prevent the user from deleting a printer.

The same key shows up at:

HKEY_USERS\(yourprofilename)\ Software\ Microsoft\ Windows\ CurrentVersion\

Policies\ Explorer so change it there also if you are using different profiles.

1.Open RegEdit

2.Go to

HKEY_CURRENT_USER\Software\Microsoft\ CurrentVersion\ Policies

3.Go to the Explorer Key (Additional keys that can be created under Policies are System,

Explorer, Network and WinOldApp )

4.You can then add DWORD or binary values set to 1 in the appropriate keys for ON and 0

for off.

NoDeletePrinter - Disables Deletion of Printers



46/62


NoAddPrinter - Disables Addition of Printers

NoRun - Disables Run Command

NoSetFolders - Removes Folders from Settings on Start Menu

NoSetTaskbar - Removes Taskbar from Settings on Start Menu

NoFind - Removes the Find Command

NoDrives - Hides Drives in My Computers

NoNetHood - Hides the Network Neighborhood

NoDesktop - Hides all icons on the Desktop

NoClose - Disables Shutdown

NoSaveSettings - Don't save settings on exit

DisableRegistryTools - Disable Registry Editing Tools

NoRecentDocsMenu - Hides the Documents shortcut at the Start button

NoRecentDocsHistory- Clears history of Documents

NoFileMenu _ Hides the Files Menu in Explorer

NoActiveDesktop - No Active Desktop

NoActiveDesktopChanges- No changes allowed

NoInternetIcon - No Internet Explorer Icon on the Desktop

NoFavoritesMenu - Hides the Favorites menu

NoChangeStartMenu _ Disables changes to the Start Menu

NoFolderOptions _ Hides the Folder Options in the Explorer

ClearRecentDocsOnExit - Empty the recent Docs folder on reboot

NoLogoff - Hides the Log Off .... in the Start Menu

And here are a few more you can play with

ShowInfoTip

NoTrayContextMenu

NoStartMenuSubFolders

NoWindowsUpdate

NoViewContextMenu



47/62


EnforceShellExtensionSecurity

LinkResolveIgnoreLinkInfo

NoDriveTypeAutoRun

NoStartBanner

NoSetActiveDesktop

EditLevel

NoNetConnectDisconnect

RestrictRun - Disables all exe programs except those listed in the RestrictRun subkey

This key has many other available keys, there is one to even hide the taskbar, one to hide the

control panel and more. I'm not telling you how, as someone may want to play a trick on you.

The policies key has a great deal of control over how and what program can run and how one

can access what feature.

In the System key you can enter:

NoDispCPL - Disable Display Control Panel

NoDispBackgroundPage - Hide Background PageNoDispScrSavPage - Hide Screen Saver Page

NoDispAppearancePage - Hide Appearance Page

NoDispSettingsPage - Hide Settings Page

NoSecCPL - Disable Password Control Panel

NoPwdPage - Hide Password Change Page

NoAdminPage - Hide Remote Administration Page

NoProfilePage - Hide User Profiles Page

NoDevMgrPage - Hide Device Manager Page

NoConfigPage - Hide Hardware Profiles Page

NoFileSysPage - Hide File System Button

NoVirtMemPage - Hide Virtual Memory Button



48/62


In the Network key you can enter:

NoNetSetup - Disable the Network Control Panel

NoNetSetupIDPage - Hide Identification Page

NoNetSetupSecurityPage - Hide Access Control Page

NoFileSharingControl - Disable File Sharing Controls

NoPrintSharing - Disable Print Sharing Controls

In the WinOldApp key you can enter:

Disabled - Disable MS-DOS Prompt

NoRealMode - Disables Single-Mode MS-DOS

Automatic Screen Refresh

When you make changes to your file system and use Explorer, the changes are not usually

displayed until you press the F5 key

To refresh automatically:

1. Open RegEdit

2. Go to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update

3. Set the value name "UpdateMode" to 1

Disable Password Caching

To disable password caching, which allows for the single Network login and eliminates the

secondary Windows logon screen. Either use the same password or:

1. Open RegEdit

2. Go to the key

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\ Windows\ CurrentVersion\ Policies\

Network

3. Add a Dword value "DisablePwdCaching" and set the value to 1



49/62


Changing the MaxMTU for faster Downloads

There are four Internet settings that can be configured, you can get greater throughput (faster

Internet downloads) by modifying a few settings.

They are the MaxMTU, MaxMSS and DefaultRcvWindow, and DefaultTTL

1.Open RegEdit

2.Go to

HKEY_LOCAL_MACHINE\System\CurrentControlset\ Services\ Class\ net\ 000x

(where x is your particular network adapter binding.)

3.Right click on the right panel

4.Select New\String Value and create the value name IPMTU

5.Double click on it and enter then the number you want. The usual change is to 576

6.Similarly, you can add IPMSS and give it a value of 536

(Windows 9X)You can set DefaultRcvWindow, and DefaultTTL by adding these string

values to HKEY_LOCAL_MACHINE\ System\ CurrentControlset\ Services\ VXD\ MSTCP

Set the DefaultRcvWindow to"5840"and the DefaultTTL to "128"

Note: These settings will slow down your network access speed slightly, but you will

probably not even see the difference if you are using a network card. If you are using Direct

Cable you should see a sight difference.

Adding Items to the Start Button

To add items when you right-click on the Start Button:

1.Open RegEdit

2.Go to HKEY_CLASSES_ROOT\Directory\Shell

3.Right-click on Shell and select New Key



50/62


4.Type in the name of the key and press the Enter key

5.In the Default name that shows in the right hand panel, you can add a title with a "&"

character in front of the letter for a shortcut

6.Right-click on the key you just created and create another key under it called command

7.For the value of this command, enter the full path and program you want to execute

8.Now when you right click on the Start Button, your new program will be there.

9.For example, if you want Word to be added, you would add that as the first key, the default

in the right panel would be &Word so when you right click on the Start Button, the W would

be the Hot Key on your keyboard. The value of the key would be C:\Program

Files\Office\Winword\Winword.exe

Remove Open, Explore & Find from Start Button

When you right click on the Start Button, you can select Open, Explore or Find.

Open shows your Programs folder. Explore starts the Explorer and allows access to all

drives.

Find allows you to search and then run programs. In certain situations you might want to

disable this feature.

To remove them:

1.Open RegEdit

2.Go to HKEY_CLASSES_ROOT\Directory\Shell\Find

3.Delete Find

4.Scroll down below Directory to Folder

5.Expand this section under shell

6.Delete Explore and Open

Caution: - When you remove Open, you cannot open any folders.



51/62


Removing Items from NEW Context Menu

When you right-click on the desktop and select New, or use the File Menu item in the

Explore and select New a list of default templates you can open up are listed.

To remove items from that list:

1. Open RegEdit

2. Do a Search for the string ShellNew in the HKEY_CLASSES_ROOT Hive

3. Delete the ShellNew command key for the items you want to remove.

Changing Telnet Window

You can view more data if you increase the line count of Telnet. By Default it has a window

size of 25 lines. To increase this so you can scroll back and look at a larger number on lines:

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\Software\Microsoft\Telnet

3. Modify the value data of "Rows"

Changing the Tips of the Day

You can edit the Tips of the day in the Registry by going to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\ CurrentVersion\ explorer\

Tips

Disabling Drives in My Computer

To turn off the display of local or networked drives when you click on My Computer:

1.Open RegEdit

2.Go to

HKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Policies\

Explorer



52/62


3.Add a New DWORD item and name it NoDrives

4.Give it a value of 3FFFFFF

5.Now when you click on My Computer, none of your drives will show.

Changing the caption on the Title Bar

Change the Caption on the Title Bar for OutLook Express or the Internet Explorer:

For Outlook Express:

1. Open RegEdit

2. Go to

HKEY_CURRENT_USER\Software\Microsoft\OutLook Express

For IE5 and up use:

HKEY_CURRENT_USER\IDENTITIES \{9DDDACCO-38F2-11D6-93CA-

812B1F3493B}\ SOFTWARE\ MICROSOFT\ OUTLOOK EXPRESS\5.0

3. Add a string value "WindowTitle" (no space)

4. Modify the value to what ever you like.

For no splash screen, add a dword value "NoSplash" set to 1

The Key {9DDDACCO-38F2-11D6-93CA-812B1F3493B} can be any key you find here.

Each user has his own Key number.

The Key 5.0 is whatever version of IE you have

For Internet Explorer:

1. Open RegEdit

2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

3. Add a string value "Window Title" (use a space)

4. Modify the value to what ever you like.



53/62


Disabling the Right-Click on the Start Button

Normally, when you right button click on the Start button, it allows you to open your

programs folder, the Explorer and run Find.

In situations where you don't want to allow users to be able to do this in order to secure your

computer.

1.Open RegEdit

2.Search for Desktop

3.This should bring you to HKEY_CLASSES_ROOT\Directory

4.Expand this section

5.Under Shell is Find

6.Delete Find

7.Move down a little in the Registry to Folder

8.Expand this section and remove Explore and Open

Now when you right click on the Start button, nothing should happen.

You can delete only those items that you need.

Note: - On Microsoft keyboards, this also disables the Window-E (for Explorer) and

Window-F

(for Find) keys.

See the section on Installation in the RESKIT to see how to do this automatically during an

install.

Disabling My Computer

In areas where you are trying to restrict what users can do on the computer, it might be

beneficial to disable the ability to click on My Computer and have access to the drives,

control panel etc.

To disable this:



54/62


1.Open RegEdit

2.Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D

3.This should bring you to the HKEY_CLASSES_ROOT\CLSID section

4.Delete the entire section.

Now when you click on My Computer, nothing will happen.

You might want to export this section to a Registry file before deleting it just in case you

want to enable it again. Or you can rename it to 20D0HideMyComputer4FE0-3AEA-1069-

A2D8-08002B30309D. You can also hide all the Desktop Icons, see Change/Add restrictions.

Opening Explorer from My Computer

By default, when you click on the My Computer icon, you get a display of all your drives, the

Control Panel etc. If you would like to have this open the Explorer:

1. Open RegEdit

2. Go to

HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\ Shell

3 . Add a new Key named "Open" if it does not exists by right clicking "Shell" and selecting

new.

4. . Add a new Key named "Command" by right clicking "Open" and selecting new

5. Set the (Default) value for the Command Key to "Explorer.exe" or

"C:\Windows\Explorer.exe"

Recycle Bin Edits

Fooling with the recycle bin. Why not make the icon context menu act like other icon context

menus.

Add rename to the menu:

HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\

ShellFolder

"Attributes"=hex:50,01,00,20



55/62


Add delete to the menu:


ShellFolder


Add rename and delete to the menu:

HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}

\ShellFolder


Restore the recycle bin to Windows defaults including un-deleting the icon after deletion:

Restore the icon.

HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows \CurrentVersion\ explorer\

Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}

@="Recycle Bin"

Reset Windows defaults.

HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}

\ShellFolder


Other edits to the recycle bin icon:


ShellFolder

"Attributes"=hex:40,01,01,20 ... standard shortcut arrow

"Attributes"=hex:40,01,02,20 ... a different shortcut arrow

"Attributes"=hex:40,01,04,20 ... and still another shortcut arrow

"Attributes"=hex:40,01,08,20 ... make it look disabled (like it's been cut)

For Windows XP and 2000 also edit HKEY_CURRENT_USER\ Software\ Microsoft\

Windows\ CurrentVersion\ Explorer\ CLSID\ {645FF040-5081-101B-9F08-

00AA002F954E}



56/62


For Windows ME also edit HKEY_CURRENT_USER \Software\ Classes\ CLSID\

{645FF040-5081-101B-9F08-00AA002F954E}

Setting the Minimum Password Length

1.Open RegEdit

2.Go to

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Policies\

Network

3. Now, choose the Edit/New/Binary value command and call the new value MinPwdLen.

Press Enter twice and Assign it a value equal to your minimum password length.

Add\delete programs to run every time Windows starts

You can start or stop programs from executing at boot up by adding or deleting them to/from

the run Keys in the Registry. Windows loads programs to start in the following order;

Program listed in the Local Machine hive, then the Current User hive, then theWin.ini Run=

and Load = lines. then finally programs in your Start Up folder.

To add or remove programs in the Registry

1.Open RegEdit

2.Go to the desired Key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion

\RunServices

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServices

3. Add a new String Value and name it anything you like

4. For the value data, enter the path and executable for the program you want to run.



57/62


By adding the value to the HKEY_CURRENT_USER hive instead allows the program to

start only when that user is logged on.

If you add the value to the RunOnce key the program will run once and be removed from the

key by Windows.

Removing the Shortcut Icon Arrows

1.Open RegEdit

2.Open the Key HKEY_CLASSES_ROOT

3.Open the Key LNKFILE

4.Delete the value IsShortcut

5.Open the next Key PIFFILE

6.Delete the value IsShortcut

7.Restart the Windows

Turn Off Window Animation

You can shut off the animation displayed when you minimize and maximize Windows.

1. Open RegEdit

2. Go to HKEY_CURRENT_USER\Control panel \Desktop\ WindowMetrics

3. Create a new string value "MinAnimate".

4. Set the value data of 0 for Off or 1 for On

Changing your Modem's Initialization String

1.Open RegEdit

2.Go to

HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services \Class \Modem \0000

\Init

3.Change the settings to the new values



58/62


Increasing the Modem Timeout

If your modem it is timing out during file transfers or loading Web Pages, you might try

increasing the timeout period. To change the Time Out::

1.Open RegEdit

2.Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\ Class\ Modem\

XXXX\ Settings Where XXXX is the number of your modem

3. In the right panel and double click on Inactivity Timeout

4.The number of minutes for a timeout should be entered between the brackets.

5.For example, a setting could have S19= to set it to 10 minutes.

Removing Programs from Control Panel's Add/Remove Programs Section

If you uninstalled a program by deleting the files, it may still show up in the Add/Remove

programs list in the Control Panel.

In order to remove it from the list.

1.Open RegEdit

2.Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\

Uninstall

3.Delete any programs here.

If you have a problem locating the desired program open each key and view the

DisplayName value

The Fix for Grayed Out Boxes

The File Types tab in Explorer's View / Options menu lets you edit most of your file types,

but certain settings cannot be changed. The default action for a batch file, for instance, runs

the batch file instead of opening it via Notepad or Wordpad. Thus, when you double-click on

AUTOEXEC.BAT, a DOS window opens, and the file executes. If you want to change this



59/62


default action and edit a batch file when you double-click on it, however, the File Types tab

does not let you do so; the Set Default button for the file type called MS-DOS Batch File is

always grayed out.

The button is grayed out because HKEY_CLASSES_ROOT's batfile key contains an

EditFlag value entry. Such entries are used throughout the Registry to prevent novice users

from altering certain system settings. The binary data in batfile's EditFlag reads d0 04 00 00.

If you change this value to 00 00 00 00, you can then change any of the batch file settings. Do

not, however, indiscriminately zero out EditFlag; if you do so in a system ProgID such as

Drive or AudioCD, it completely disappears from the File Types list. For ProgIDs that are

linked to extensions, set all EditFlags to 00 00 00 00. For system ProgIDs, replace EditFlag

data with 02 00 00 00.

If you wish to have access to some buttons while leaving others grayed out, you must know

the function of each EditFlag bit. The last two bytes of data are always zero, but most bits

within the first two bytes have a specific effect:

Byte 1, bit 1: Removes the file type from the master list in the File Types tab (select

View / Options under Explorer) if it has an associated extension.

Byte 1, bit 2: Adds the file type to the File Types tab if it does not have an associated

extension.

Byte 1, bit 3: Iden