Windows Secrets - Registry

When you install any software, how many of us click ‘NEXT’ button without a glance? Similarly, how many computer games have we cracked and enjoyed our victory without even knowing what we really did to achieve this? (Google really can help us with everything! Isn’t it? ). In our little mischief, there is a small two-step process of opening the registry and editing few values of it that we generally tend to overlook. 
 
Windows Registry is the database with information about both hardware and software of the system. Every time we install/uninstall any software or connect/disconnect a hardware device, it will result in alterations of Windows registry. It is in constant use and your system cannot function without using the information stored in the registry. Registry comprises of hidden hives which can be opened using specified tools. Registry editor “REGEDIT”, a default feature which is used to display some of these hives in readable format. 
 
Why should a normal user know anything about the registry?
 
Microsoft has done a really good job in hiding the registry files from the common users. It is not surprising if there are people who have been using the Windows system all their life without even knowing something like this exists in the background. Microsoft has a very good reason to do this. Any small change to the registry will have extreme effects on your computer. Therefore, you should be very careful when you’re trying to edit the registry or using the tools which claim to clean your registry. Any small mishap can lock you out of your computer itself! It is a good habit to back up your registry before altering any hives of the registry and restore it when needed.
 
What is the critical information present in the registry?
 
Information in registry is distributed in hives. The hives and the data stored in them are as follows:
HKEY_CURRENT_USER: Contains configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is associated with the user's profile.
HKEY_USERS: Contains all the actively loaded user profiles on the computer. 
HKEY_LOCAL_MACHINE: Contains configuration information particular to the computer (for any user). 
This hive contains four sub keys, "SAM", "SECURITY", "SYSTEM", and "SOFTWARE" which are loaded at boot time within their respective files located in the “%SystemRoot%\System32\config” folder. A fifth sub key, "HARDWARE", is volatile and is created dynamically, and as such is not stored in a file.
HKEY_CLASSES_ROOT: Is a sub key of HKEY_LOCAL_MACHINE\Software. The information stored here is to make sure that the correct program opens when you open a file by using Windows Explorer. The HKEY_CURRENT_USER\Software\Classes key contains settings that override the default settings and apply only to the interactive user.
HKEY_CURRENT_CONFIG: Contains information about the hardware profile that is used by the local computer at system startup.
 
Now we know the importance of registry, but what is so interesting about it?  
 
Open the Registry Editor by clicking on "Start" and then "Run." Input "regedit" into the "Run" text box and press "Enter."
Internet History: Navigate to “HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\TypedURLs” to see all the URLs browsed through Internet Explorer.
USB devices: Navigate to “HKEY_CURRENT_USER\System\ControlSet00x\Enum\USBSTOR” to view all the USB devices connected to the systems along including mobile phones, iPods, hard drives, cam recorders etc.
Recently Opened Files: Navigate to “HKEY_CURRENT_USER\Software\Microsoft\ Windows\ Current Version\Explorer\ RecentDocs” to view all the recent documents opened.
Uninstalled applications: Navigate to “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall” to view all the uninstalled applications. The application along with the folder in with they were installed previously can be seen in the description.
 
There are many more interesting details about our activities on windows system, captured in the registry. So, next time if you delete something (like your internet search history) and think that you are done, think again! There are many places that it can be retrieved from.
Rate this article: 
Average: 1 (84 votes)
Article category: