O'Reilly logo

Windows Vista Pocket Reference by Preston Gralla

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Registry Tweaks

The Windows Registry is a database of settings used by Windows Vista and the individual applications that run on it. Knowing how to access and modify the Registry effectively is important for troubleshooting, customizing, and unlocking hidden features in Windows Vista.

Registry Editor Crash Course

Although the Registry is stored in multiple files on your hard disk, it is represented by a single, logical, hierarchical structure, similar to the folders on your hard disk. The Registry Editor (Regedit.exe) is included with Windows Vista to enable you to view and manually edit the contents of the Registry.

When you open the Registry Editor, you’ll see a window divided into two panes: the left side shows a tree with keys (represented as folders), and the right side shows the contents (values) stored in the currently selected key.

Editing the Registry generally involves navigating down through branches to a particular key and then modifying an existing value or creating a new key or value. You can modify the contents of any value by double-clicking it.

To add a new key or value, select New from the Edit menu, select what you want to add, and then type a name. You can delete a key or value by clicking on it and pressing the Del key or by right-clicking on it and selecting Delete. You can also rename any existing value and almost any key with the same methods used to rename files in Explorer: right-click on an object and click Rename, click on it twice (slowly), or just highlight it and press the F2 key. Renaming a key or value is a safe alternative to deleting.


Although most Registry settings are entirely benign, you can irrevocably disable certain components of Windows Vista—or even prevent Windows from starting—if you don’t exercise some caution. You can limit the risk by creating Registry patches (backups) of keys before you modify their contents by going to File Export. Better yet, a complete system backup will ensure that even the most severe mistakes are recoverable.

Similar to Explorer, though, is the notion of a path. A Registry path is a location in the Registry described by the series of nested keys in which a setting is located. For example, if a particular value is in the Microsoft key under SOFTWARE, which is under HKEY_LOCAL_MACHINE, the Registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.

Registry Structure

The Registry is enormous and complex; a full Registry might easily contain 15,000 keys and 35,000 values. Entire books have been written about it, and I can’t do it justice here. The purpose of this section is to arm you with a basic understanding of how the Registry is organized, not to document individual values in detail or suggest changes you might want to make with the Registry Editor.

The top level of the Registry is organized into five main root branches. By convention, the built-in top-level keys are always shown in all caps, even though the keys in the Registry are not case-sensitive. (For example, HKEY_CURRENT_USER\ SOFTWARE\MICROSOFT\Windows is identical to HKEY_CURRENT_USER\Software\Microsoft\Windows.) Their purposes and contents are listed in the following summaries. Note that the root keys are sometimes abbreviated for convenience in documentation (although never in practice); these abbreviations are shown in parentheses. Subsequent sections discuss the contents of the root keys in more detail.


Contains file types, filename extensions, URL protocol prefixes, and registered classes. You can think of the information in this branch as the “glue” that binds Windows with the applications and documents that run on it. It is critical to drag-and-drop operations, context menus, double-clicking, and many other familiar user interface semantics. The actions defined here tell Windows how to react to every file type available on the system.

This entire branch is a mirror (or symbolic link) of HKEY_LOCAL_MACHINE\SOFTWARE\Classes, provided as a root key purely for convenience.


Contains user-specific settings for the currently logged-in user. This entire branch is a mirror (or symbolic link) of one of the subkeys of HKEY_USERS (discussed shortly). This allows Windows and all applications to access and store information for the current user without having to determine which user is currently logged in.

An application that keeps information on a per-user basis should store its data in HKEY_CURRENT_USER\Software and put information that applies to all users of the application in HKEY_LOCAL_MACHINE\SOFTWARE. However, what Windows applications consider user-specific and what applies for all users on the machine is somewhat arbitrary. Like many aspects of Windows, the Registry provides a mechanism for applications to store configuration data, but it does little to enforce any policies about how and where that data will actually be stored.


Contains information about hardware and software on the machine that is not specific to the current user.


Stores underlying user data from which HKEY_CURRENT_USER is drawn. Although several keys will often appear here, only one of them will ever be the active branch. See the discussion of HKEY_USERS, later in this chapter, for details.


Contains hardware configuration settings for the currently loaded hardware profile. This branch works similarly to HKEY_CURRENT_USER in that it is merely a mirror (or symbolic link) of another key. In this case, the source is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\ XXXX, in which XXXX is a key representing the numeric value of the hardware profile currently in use. On a system with only a single hardware profile, its value will most likely be 0001.

Value Types

Values are where Registry data is actually stored (as opposed to keys, which are simply used to organize values). The Registry contains several types of values, each appropriate to the type of data it is intended to hold. There are six primary types of values that are displayed and modified in the Registry Editor:

String values ( REG_SZ )

String values contain strings of characters, more commonly known as text. Most values discussed in this book are string values; they’re the easiest to edit and are usually in plain English. In addition to standard strings, there are two far less common string variants, used for special purposes:

Multistring values ( REG_MULTI_SZ )

Contain several strings (usually representing a list of some sort), concatenated (glued) together and separated by null characters (ASCII code 00). The dialog used to modify these values is the same as for binary values. Note that the individual characters in REG_MULTI_SZ keys are also separated by null characters, so you’ll actually see three null characters in a row between multiple strings.

Expandable string values ( REG_EXPAND_SZ )

Contain special variables into which Windows substitutes information before delivering to the owning application. For example, an expanded string value intended to point to a sound file may contain %SystemRoot%\media\startup.wav. When Windows reads this value from the Registry, it substitutes the full Windows path for the variable, %SystemRoot%; the resulting data then becomes (depending on where Windows is installed) c:\windows\media\startup.wav. This way, the value data is correct regardless of the location of the Windows folder.

Binary values ( REG_BINARY )

Similarly to string values, binary values hold strings of characters. The difference is the way the data is entered. Instead of a standard text box, binary data is entered with hexadecimal codes in an interface commonly known as a hex editor. Each individual character is specified by a two-digit number in base 16 (e.g., 6E is 110 in base 10), which allows characters not found on the keyboard to be entered. Note that you can type hex codes on the left or normal ASCII characters on the right, depending on where you click with the mouse.

Note that hex values stored in binary Registry values are displayed in a somewhat unconventional format, in which the lowest-order digits appear first, followed by the next-higher pair of digits, and so on. In other words, the digits in a binary value are paired and their order reversed: the hex value 1B3 thus needs to be entered as B3 01. If you want to convert a binary value shown in the Registry Editor to decimal, you’ll have to reverse this notation. For example, to find the decimal equivalent of 47 00 65 6e, set the Windows Calculator to hexadecimal mode and enter 6e650047, and then switch to decimal mode to display the decimal equivalent, 1,852,112,967.

Binary values are often not represented by plain English and, therefore, should be left unchanged unless you either understand the contents or are instructed to change them by a solution in this book.

DWORD values ( REG_DWORD )

Essentially, a DWORD is a number. Often, the contents of a DWORD value are easily understood, such as 0 for no and 1 for yes, or 60 for the number of seconds in some timeout setting. A DWORD value is used only where numerical digits are allowed; string and binary types allow anything.


In some circumstances, the particular number entered into a DWORD value is actually made up of several components, called bytes. The REG_DWORD_BIGENDIAN type is a variant of the DWORD type, where the bytes are in a different order. Unless you’re a programmer, you’ll want to stay away from these types of DWORD values.

The DWORD format, like the binary type, is a hexadecimal number, but this time in a more conventional representation. The leading 0x is a standard programmer’s notation for a hex value, and the number is properly read from left to right. The equivalent decimal value is shown in parentheses following the hex value. What’s more, when you edit a DWORD value, the edit dialog box gives you a choice of entering the new value in decimal or hex notation.

Even if you’re not a programmer, you can figure out hexadecimal values pretty easily with the Windows Calculator (calc.exe). Just enter the number you want to convert and click the Hex radio button to see the hexadecimal equivalent; 435 decimal is equal to 1B3 hex.


If you aren’t sure about the meaning of a specific Registry value, don’t be afraid to experiment. Experimenting might include editing a value with the Registry Editor, but it might be easier or safer to work from the other end: open the application whose data is stored there (e.g., a Control Panel applet), change a setting, and watch how the Registry data changes. In this way, you can derive the meaning of many binary-encoded values. Note that although the Registry data will often change immediately, you may need to press F5 (Refresh) to force the Registry Editor to display the newly affected data. It’s a good idea, though, to make a backup copy of a Registry key before making any changes.

QWORD values ( REG_QWORD )

This is much like a DWORD value, with one difference: it is a 64-bit value, rather than a 32-bit value like DWORD.

Registry Protection in Windows Vista

Many of the changes made in Windows Vista have to do with safety and security, and with ensuring that the operating system doesn’t accidentally become damaged. Toward that end, in Windows Vista, only accounts with administrator privileges can make changes to the Registry. This affects not just editing the Registry directly, but also taking an action that will change the Registry, such as installing software.

So, what happens when a standard user wants to edit the Registry or make a change that affects the Registry? Windows Vista handles that in several ways:

  • When a standard user tries to run the Registry Editor, User Account Control (UAC) springs into action, asking for an administrator password. If one is provided, the Registry Editor can be used and changes made. If none is provided, the Registry Editor will not be allowed to run, and no changes will be made.

  • When a standard user installs software, UAC will ask for an administrator password. If the user provides one, the software will make the appropriate changes to the %SystemRoot% and %ProgramFiles% folders and to the Registry.

If a legacy application fails to work correctly with UAC, Vista will use a new feature called file and Registry virtualization. This will create virtual %SystemRoot% and %ProgramFiles% folders, and a virtual HKEY_LOCAL_MACHINE Registry entry. These virtual folders and entry are stored with the user’s files. So the Registry itself—as well as the %SystemRoot% and %ProgramFiles% folders—are not altered in any way, so system files and the Registry are protected.

Registry Tweaks

Armed with your new understanding of the Windows Vista Registry, you’re no doubt ready to get in there and start exploring. Hopefully, this chapter has provided the “lay of the land” you need to get and keep your bearings in the otherwise confusing wilderness of the Registry. Although I don’t have the kind of room in this book that it takes to make you an expert, I would like to send you on your way by pointing out some interesting landmarks—in other words, five cool changes you can make in your own Registry.

Open a Command Prompt from the Right-Click Menu

The command prompt is useful for a variety of down-and-dirty tasks, such as mass-deleting or renaming files. But if you find yourself frequently switching back and forth between Windows Explorer and the command prompt, there’s help—you can easily open a command prompt using the right-click menu.

For example, let’s say you want to open the command prompt at the folder that’s your current location. Normally, that takes two steps: first open a command prompt, and then navigate to your current folder. However, there’s a quicker way: add an option to the right-click context menu that will open a command prompt at your current folder. For example, if you were to right-click on the C:\My Stuff folder, you could then choose to open a command prompt at C:\My Stuff.

In the Registry Editor, go to HKEY_LOCAL_MACHINE/Software/Classes/Folder/Shell. Create a new key called Command Prompt. For the default value, enter whatever text you want to appear when you right-click on a folder—for example, Open Command Prompt. Create a new key beneath the Command Prompt key called Command. Set the default value to Cmd.exe /k pushd %L. That value will launch Cmd.exe, which is the Windows Vista command prompt. The /k switch puts the prompt into interactive mode—that is, it lets you issue commands from the command prompt; the command prompt isn’t being used to issue only a single command and then exit. The pushd command stores the name of the current directory, and the %L uses the name of that stored directory to start the command prompt at it. Exit the Registry. The new menu option will show up immediately. Note that it won’t appear when you right-click on a file—it shows up only when you right-click on a folder.

Change the Ribbons Screensaver

Inexplicably, Windows Vista screensavers such as the Ribbon screensaver don’t allow you to change how they work—for example, to change the number or width of the ribbons. But you can change their options, using the Registry. Here’s how to change the Ribbons screensaver to make it use a larger number of ribbons, and make each ribbon much thinner.

In the Registry Editor, go to:


Create a new DWORD called NumRibbons and give it the hexadecimal value of 00000100. Next, create a new DWORD called RibbonWidth and give it the hexadecimal value of 3c23d70a0. Exit the Registry. The Ribbons screensaver will now have the new settings. To restore the old settings, delete the DWORDs.

Registry Editor Remembers Where You Were

Each time you open the Registry Editor, it automatically expands the branch you had open the last time the Registry Editor was used, but no others. So, if you find yourself repeatedly adjusting a particular setting and then closing the Registry Editor (such as when implementing the preceding tip), make sure the relevant key is highlighted just before the Registry Editor is closed, and that key will be opened next time as well.

Note also the Favorites menu, which works very much like the one in Internet Explorer, allowing you to bookmark frequently accessed Registry keys. Although it’s useful, I find the existence of such a feature in a troubleshooting tool like the Registry Editor to be more than a little eerie.

Change the Registered Users and Company Names for Windows Vista

When Windows Vista is installed, a user and company name are entered. Unfortunately, there is no convenient way to change this information after installation. Surprise—you can do it in the Registry! Just go to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\

RegisteredOwner and RegisteredOrganization are the values you need, and you can change both to whatever you’d like. You may notice that the Registry key containing these values is in the Windows NT branch, rather than the more commonly used Windows branch. Don’t worry, both branches are used in Windows Vista. The less-used Windows NT branch contains more advanced settings, mostly those that differentiate the Windows 9x and Windows NT lines of operating systems.

Some Handy Registry Navigation Shortcuts

The Registry has thousands of keys and values, which makes finding a single key or value rather laborious. Luckily, there are a few alternatives that will greatly simplify this task.

First, you can simply search the Registry. Start by highlighting the key at the top of the tree through which you want to search, which instructs the Registry Editor to begin searching at the beginning of that key. (To search the entire Registry, highlight “Computer.”) Then, use Edit → Find, type in what you’re searching for, make sure that all the “Look at” options are checked, and click Find Next.

Another shortcut is to use the keyboard. Like Explorer, when you press a letter or number key, the Registry Editor will jump to the first entry that starts with that character. Furthermore, if you press several keys in succession, all of them will be used to spell the target item. For example, to navigate to:


start by expanding the HKEY_CLASSES_ROOT key. Then, press C + L + S quickly in succession, and the Registry Editor will jump to the CLSID key. Next, expand that key by pressing the right-facing arrow, or by pressing the right arrow key, and press { + 2 + 0 (the first three characters of the key name, including the curly brace), and you’ll be in the neighborhood of the target key in seconds.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required