لطفا منتظر باشید ...
[Previous] [Next]
Lesson 1: Understanding the Registry
Microsoft Windows 2000 stores hardware and software settings centrally in a
hierarchical database called the registry. The registry replaces many of the .INI, .SYS, and .COM configuration files used in earlier versions of Microsoft Windows. The registry controls the Windows 2000 operating system by providing the appropriate initialization information to start applications and load components, such as device drivers and network protocols.
After this lesson, you will be able to
- Identify the purpose of the registry.
- Define the hierarchical structure of the registry.
Estimated lesson time: 30 minutes
Purpose of the Registry
The registry contains a variety of different types of data, including the following:
- The hardware installed on the computer, including the central processing unit (CPU), bus type, pointing device or mouse, and keyboard.
- Installed device drivers.
- Installed applications.
- Installed network protocols.
- Network adapter card settings. Examples include the IRQ number, memory base address, I/O port base address, I/O channel ready, and transceiver type.
The registry structure provides a secure set of records. The data in the registry is read, updated, or modified by many of the Windows 2000 components. The components that access and store data in the registry include those shown in Figure 5.1 and explained in Table 5.1.
Figure 5.1 The Registry Editor
Table 5.1 Components That Use the Registry
| Component | Description |
|---|---|
| Windows NT kernel | During startup, the Windows 2000 kernel (Ntoskrnl.exe) reads information from the registry, including the device drivers to load and the order in which they should be loaded. The kernel writes information about itself to the registry, such as the version number. |
| Device drivers | Device drivers receive configuration parameters from the registry. They also write information to the registry. A device driver informs the registry of which system resources it is using, such as hardware interrupts or DMA channels. Device drivers also report discovered configuration data. |
| User profiles | Windows 2000 creates and maintains user work environment settings in a user profile. When a user logs on, the system caches the profile in the registry. Windows 2000 first writes user configuration changes to the registry and then to the user profile. |
| Setup programs | During setup of a hardware device or application, a Setup program can add new configuration data to the registry. It can also query the registry to determine whether required components have been installed. |
| Hardware profiles | Computers with two or more hardware configurations use hardware profiles. When Windows 2000 starts, the user selects a hardware profile and Windows 2000 configures the system accordingly. |
| Ntdetect.com | During system startup, on Intel-based computers, Ntdetect.com performs hardware detection. This dynamic hardware configuration data is stored in the registry. Reduced-instruction-set-computing (RISC)-based computers extract the data from the computer firmware. |
The Hierarchical Structure of the Registry
The registry is organized in a hierarchical structure similar to the hierarchical structure of folders and files on a disk. Figure 5.2 shows the hierarchical structure of the registry as displayed by one of the registry editing tools included with Windows 2000.
Figure 5.2 The Registry Editor displaying the hierarchical structure of the registry
Table 5.2 describes the components that make up the hierarchical structure of the registry.Table 5.2 Components That Make Up the Registry
| Component | Description |
|---|---|
| Subtree | A subtree (or subtree key) is analogous to the root folder of a disk. The Windows 2000 registry has two subtrees: HKEY_LOCAL_MACHINE and HKEY_USERS. However, to make the information in the registry easier to find and view, five predefined subtrees appear in the editor: HKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_USERHKEY_CLASSES_ROOTHKEY_CURRENT_CONFIG |
| Keys | Keys are analogous to folders and subfolders. Keys correspond to hardware or software objects and groups of objects. Subkeys are keys within higher-level keys. |
| Entries | Keys contain one or more entries. An entry has three parts: name, data type, and value (or configuration parameter). |
| Hive | A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding registry file and .LOG file located in systemroot\System32\Config. Windows 2000 uses the .LOG file to record changes and ensure the integrity of the registry. |
| Data types | Each entry's value is expressed as one of these data types:
|
Registry Subtrees
Understanding the purpose of each subtree can help you to locate specific keys and values in the registry. The following five subtrees or subtree keys are displayed in Registry Editor (see Figure 5.3).
- HKEY_LOCAL_MACHINE. Contains all configuration data for the local computer, including hardware and operating system data such as bus type, system memory, device drivers, and startup control data. Applications, device drivers, and the operating system use this data to set the computer configuration. The data in this subtree remains constant regardless of the user.
- HKEY_USERS. Contains the system default settings (system default profile) data used to control individual user identities and environments, such as desktop settings, windows environment or interface settings, and custom software settings.
- HKEY_CURRENT_USER. Contains data about the current user. Retrieves a copy of each user account used to log on to the computer and stores it in the systemroot\Documents And Settings\username key.
- HKEY_CLASSES_ROOT. Contains software configuration data: object linking and embedding (OLE) and file-class association data. This subtree points to the Classes subkey under HKEY_LOCAL_MACHINE\ SOFTWARE.
- HKEY_CURRENT_CONFIG. Contains data on the active hardware profile extracted from the SOFTWARE and SYSTEM hives. This information is used to configure settings such as the device drivers to load and the display resolution to use.
Figure 5.3 Registry subtrees
The HKEY_LOCAL_MACHINE Subtree
The HKEY_LOCAL_MACHINE key provides a good example of the subtrees in the registry for two reasons:
- The structure of all subtrees is similar.
- HKEY_LOCAL_MACHINE contains information specific to the local computer and is always the same, regardless of the user who is logged on.
The HKEY_LOCAL_MACHINE root key has five subkeys, which are explained in Table 5.3.Table 5.3 HKEY_LOCAL_MACHINE Subkeys
| Subkey | Description |
|---|---|
| HARDWARE | The type and state of physical devices attached to the computer. This subkey is volatile, meaning that Windows 2000 builds it from information gathered during startup. Because the values for this subkey are volatile, this subkey doesn't map to a file on the disk. Applications query this subkey to determine the type and state of physical devices attached to the computer. |
| SAM | The Directory database for the computer. The SAM hive maps to the SAM and Sam.log files in the systemroot\System32\Config folder. Applications that query SAM must use the appropriate APIs. |
| SECURITY | The security information for the local computer. The SECURITY hive maps to the Security and Security.log files in the systemroot\ System32\Config folder. Applications can't modify the keys contained in the SECURITY subkey. Instead, applications must query security information by using the security APIs. |
| SOFTWARE | Information about the local computer software that is independent of per-user configuration information. This hive maps to the Software, Software.log, and Software.sav files in the systemroot\System32\Config folder. It also contains file associations and OLE information. |
| SYSTEM | Information about system devices and services. When you install or configure device drivers or services, they add or modify information under this hive. The SYSTEM hive maps to the System, System.log, and System.sav files in the systemroot\System32\Config folder. The registry keeps a backup of the data in the SYSTEM hive in the System.alt file. |
Lesson Summary
In this lesson, you learned that the Microsoft Windows 2000 operating system stores hardware and software settings in the registry. The registry is a hierarchical database and replaces many of the .ini, .sys, and .com configuration files used in earlier versions of Microsoft Windows. The registry contains a variety of different types of data, including the hardware installed on the computer, as well as the installed device drivers, applications, and network protocols. The registry also provides the appropriate initialization information to start applications and load components, such as device drivers and network protocols.You also learned that the registry structure provides a secure set of records, and
the data in the registry can be read, updated, or modified by many of the Windows 2000 components. A number of components make up the hierarchical structure of the registry. First, subtrees (or subtree keys) are analogous to the root folder of a disk. The Windows 2000 registry has two subtrees: HKEY_LOCAL_MACHINE and HKEY_USERS. However, to make the information in the registry easier
to find and view, the following five predefined subtrees appear in the editor: HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_USER, HKEY_CLASSES_ROOT, and HKEY_CURRENT_CONFIG. The other components of the registry include keys, entries, hives, and data types.
