Home / Windows 10

Editing the Windows Registry

The Windows registry is the central storage location that contains configuration details for hardware, system settings, services, user customizations, applications, and every detail-large and small-that makes Windows work.

Although it's convenient to think of the registry as a monolithic database, its contents are actually stored in multiple locations as separate hive files, alongside logs and other support files. Some of those hive files are read into memory when the operating system starts; hive files that contain user-specific settings are stored in the user profile and are loaded when a new user signs in.

The Boot Configuration Data (BCD) store has its own file on the boot drive. The core hives for Windows-the Security Account Manager (SAM), Security, Software, and System-are securely stored in %SystemRoot%\System32\Config. Two hives that contain settings for local and network services are located in %SystemRoot%\ServiceProfiles\LocalService and %SystemRoot%\ServiceProfiles\NetworkService, respectively. User-specific hives are stored as part of the user profile folder.

The Hardware hive is unique in that it has no associated disk file. This hive, which contains details about your hardware configuration, is completely volatile; that is, Windows 10 creates it anew each time you turn your system on.

Note
You can see where the hives of your system physically live by examining the values associated with HKLM\System\CurrentControlSet\Control\HiveList. Windows assigns drive letters after assembling the registry, so these paths do not specify drive letters.

You can't work with hive files directly. Windows 10 is designed in such a way that direct registry edits by end users are generally unnecessary. When you change your configuration by using the Settings app or Control Panel, for example, Windows writes the necessary updates to the registry for you. Likewise, when you install a new piece of hardware or a new program, the setup program makes the required registry changes; you don't need to know the details.

On the other hand, because the designers of Windows couldn't provide a user interface for every conceivable customization you might want to make, sometimes working directly with the registry is the only way to make a change. Even when it's not the only way, it might be the fastest way. Removing or modifying registry entries is occasionally a crucial part of troubleshooting and repair as well. Windows includes a registry editor you should know how to use-safely. This section tells you how.

Caution
Most Microsoft support articles contain a dire warning about the risks associated with editing the registry. We echo those warnings here. An incorrect registry modification can render your system unbootable and, in some cases, might require a complete reinstall of the operating system. Use Registry Editor at your own risk.

Understanding the Registry Editor hierarchy

Registry Editor (Regedit.exe) offers a unified view of the registry's contents as well as tools for modifying those contents. You'll find this important utility on the All Apps list, under the Windows Administrative Tools category. It also shows up when you use the search box. Alternatively, you can type regedit at a command prompt or in the Run dialog box. Registry Editor has been virtually unchanged since the last century. However, beginning in version 1703, you might have noticed some small but long-needed improvements: an address bar, new keyboard shortcuts for traversing the registry, and the addition of a View-menu command with which you can select the font for displaying the registry.

The Computer node appears at the top of the Registry Editor tree listing. Beneath it, as shown here, are five root keys: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, and HKEY_CURRENT_CONFIG. For simplicity's sake and typographical convenience, this book, like many others, abbreviates the root key names as HKCR, HKCU, HKLM, HKU, and HKCC, respectively.

Root keys, sometimes called predefined keys, contain subkeys. Registry Editor displays this structure in a hierarchical tree in the left pane. For example, HKLM is open, showing its top-level subkeys.

HKLM

The registry consists of five root keys, each of which contains many subkeys.

Subkeys, which we call keys for short, can contain subkeys of their own, which in turn can be expanded as necessary to display additional subkeys. The address bar near the top of the Registry Editor window shows the full path of the currently selected key: Computer\HKLM\HARDWARE\DESCRIPTION\System\BIOS.

Note:
One of the Registry Editor changes introduced in version 1703 is the address bar. In it, you can type a registry path and press Enter to jump directly to that key, much as you can for jumping to a folder in File Explorer. For the root keys, you can type the full name or the commonly used abbreviations described earlier.
To go to the address bar and select its current content, press Alt+D or Ctrl+L, the same keyboard shortcuts that work in File Explorer as well as most web browsers. Previous versions of Registry Editor displayed the path in a status bar at the bottom of the screen, but you couldn't edit it or select it for copying.

The contents of HKEY_LOCAL_MACHINE define the workings of Windows itself, and its subkeys map neatly to several hives we mentioned at the start of this section. HKEY_USERS contains an entry for every existing user account (including system accounts), each of which uses the security identifier, or SID, for that account.

The remaining three predefined keys don't exist, technically. Like the file system in Windows-which uses junctions, symlinks, and other trickery to display a virtual namespace-the registry uses a bit of misdirection (implemented with the REG_LINK data type) to create these convenient representations of keys that are actually stored within HKEY_LOCAL_MACHINE and HKEY_USERS:

  • HKEY_CLASSES_ROOT is merged from keys within HKLM\Software\Classes and HKEY_USERS\sid_Classes (where sid is the security identifier of the currently signed-in user).
  • HKEY_CURRENT_USER is a view into the settings for the currently signed-in user account, as stored in HKEY_USERS\sid (where sid is the security identifier of the currently signed-in user).
  • HKEY_CURRENT_CONFIG displays the contents of the Hardware Profiles\Current subkey in HKLM\SYSTEM\CurrentControlSet\Hardware Profiles.

Any changes you make to keys and values in these virtual keys have the same effect as if you had edited the actual locations. The HKCR and HKCU keys are generally more convenient to use.

Registry values and data types

Every key contains at least one value. In Registry Editor, that obligatory value is known as the default value. Many keys have additional values. The names, data types, and data associated with values appear in the right pane.

The default value for many keys is not defined. You can think of an empty default value as a placeholder-a slot that could hold data but currently does not.

All values other than the default always include the following three components: name, data type, and data.

The SlideshowEnabled value (near the bottom of the list) is of data type REG_DWORD. The data associated with this value is 0x00000000. The prefix 0x denotes a hexadecimal value. Registry Editor displays the decimal equivalent of hexadecimal values in parentheses after the value.

The registry uses the following data types:

  • REG_SZ The SZ indicates a zero-terminated string. This variable-length string can contain Unicode as well as ANSI characters. When you enter or edit a REG_SZ value, Registry Editor terminates the value with a 00 byte for you.
  • REG_BINARY The REG_BINARY type contains binary data-0s and 1s.
  • REG_DWORD This data type is a "double word"-that is, a 32-bit numeric value. Although it can hold any integer from 0 to 232, the registry often uses it for simple Boolean values (0 or 1) because the registry lacks a Boolean data type.
  • REG_QWORD This data type is a "quadruple word"-a 64-bit numeric value.
  • REG_MULTI_SZ This data type contains a group of zero-terminated strings assigned to a single value.
  • REG_EXPAND_SZ This data type is a zero-terminated string containing an unexpanded reference to an environment variable, such as %SystemRoot%. If you need to create a key containing a variable name, use this data type, not REG_SZ.

Internally, the registry also uses REG_LINK, REG_FULL_RESOURCE_DESCRIPTOR, REG_RESOURCE_LIST, REG_RESOURCE_REQUIREMENTS_LIST, and REG_NONE data types. Although you might occasionally see references in technical documentation to these data types, they're not visible or accessible in Registry Editor.

Browsing and editing with Registry Editor

Because of the registry's size, looking for a particular key, value, or data item can be daunting. In Registry Editor, the Find command (on the Edit menu and also available by pressing Ctrl+F) works in the forward direction only and does not wrap around when it gets to the end of the registry. If you're not sure where the item you need is located, select the highest level in the left pane before issuing the command. If you have an approximate idea where the item you want is located, you can save time by starting at a node closer to (but still above) the target.

After you locate an item of interest, you can put it on the Favorites list to simplify a return visit. Open the Favorites menu, click Add To Favorites, and supply a friendly name (or accept the default). If you're about to close Registry Editor and know you'll be returning to the same key the next time you open the editor, you can skip the Favorites step because Registry Editor always remembers your last position and returns to that position in the next session.

Registry Editor includes a number of time-saving keyboard shortcuts for navigating the registry:

  • To move to the next subkey that starts with a particular letter, simply type that letter when the focus is in the left pane; in the right pane, use the same trick to jump to the next value that begins with that letter.
  • To open a key (revealing its subkeys), press Right Arrow or Alt+Right Arrow.
  • To collapse the subkeys of the current key, press Left Arrow or Alt+Left Arrow. With all subkeys collapsed, either action moves up one level in the subkey hierarchy. To move up a level without closing the subkeys as you move up, press Alt+Up Arrow.
  • To move to the top of the hierarchy, press Home.
  • To quickly move between the left and right panes, use the Tab key.
  • In the right pane, press F2 to rename a value, and press Enter to open that value and edit its data.

Some of these shortcuts, added in version 1703, match the behavior of File Explorer shortcuts, allowing you to apply your knowledge of that program to Registry Editor.

Once you are comfortable using these keyboard shortcuts, you'll find it's usually easier to zip through the subkey hierarchy with a combination of arrow keys and letter keys than it is to open outline controls with the mouse.

Changing data

You can change the data associated with a value by selecting a value in the right pane and pressing Enter or by double-clicking the value. Registry Editor pops up an edit window appropriate for the value's data type.

Adding or deleting keys and values

To add a key, select the new key's parent in the left pane, open the Edit menu, point to New, and click Key. The new key arrives as a generically named outline entry, exactly the way a new folder does in File Explorer. Type a new name.

To add a value, select the parent key, open the Edit menu, and point to New. On the submenu that appears, click the type of value you want to add. A value of the type you select appears in the right pane with a generic name. Type over the generic name, press Enter twice, enter your data, and press Enter once more.

To delete a key or value, select it and then press Delete. Note that deleting a key also deletes every value and subkey associated with it.

Using the Reg command

One expert-level option is to use the Reg command in a Command Prompt window or in a batch file or script. Type reg /? to see the full list of eligible arguments for the reg command (query, add, export, import, and so on). Each of those variants has its own syntax help. Try reg add /? to see the correct syntax for adding a value.

Backing up and restoring parts of the registry

Before you make any changes to the registry, consider using System Restore to set a restore point, which includes a snapshot of the registry as it currently exists. Taking this precaution allows you to roll back any ill-advised changes.

In addition, or as an alternative, you can use the Export command in Registry Editor to back up the portion of the registry where you plan to work. Registry Editor can save all or portions of your registry in any of four different formats, but only one is relevant in the modern era.

The Registration Files option creates a .reg file, which is a text file that can be read and edited in Notepad or a similar program. A .reg file can be merged into the registry of a system running any version of Windows. When you merge a .reg file, its keys and values replace the corresponding keys and values in the registry. By using .reg files, you can edit your registry "offline" and add your changes to the registry without even opening Registry Editor. You can also use .reg files as an easy way to share registry settings and copy them to other computers.

To export a portion of the registry before you work on it, select a key in the left pane, and then click File → Export. (Easier still, right-click a key and click Export.) In the Save As Type list in the Export Registry File dialog box, select Registration Files (*.reg). Under Export Range, choose Selected Branch and then click Save. The resulting file includes the selected key and all its subkeys and values.

Caution
Exporting a registry hive file using the Registry Hive Files format saves the entire hive; importing the saved file replaces the entire contents of the selected key with the contents of the file-regardless of its original source. That is, it wipes out everything in the selected key and then adds the keys and values from the file. The potential for chaos is obvious, and the benefits are not worth the risk, in our estimation.

If you saved your backup as a .reg file, you use the same process to import it. (As an alternative, you can double-click the .reg file in File Explorer without opening Registry Editor.) The complete path to each key and value is stored as part of the file, and it always restores to the same location. This approach for recovering from registry editing mishaps is fine if you did not add new values or subkeys to the section of the registry you're working with; it returns existing data to its former state but doesn't alter the data you added.

Troubleshooting

You used a registry cleaner and your system is no longer working properly

The registry is often inscrutable and can appear messy. Misguided attempts at cleanup can cause unexpected problems that are nearly impossible to troubleshoot, which explains why Microsoft is so insistent with its warnings that improper changes to the registry can prevent your computer from operating properly or even booting. We've never found a so-called registry cleaner that justifies the risk it inevitably entails. If you find yourself with a misbehaving system after using a registry cleaner, use the Reset option to recover your system and start over. And this time, don't bother to install that unnecessary utility.