Windows Registry Basics: De-Mystifying Windows Registry

The Windows Registry is a directory which stores settings and options for the operating system for Microsoft Windows. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. This post talks of Windows Registry Basics.


Whenever a user makes changes to Control Panel settings, file associations, system policies, or most installed software, the changes are reflected and stored in the registry. The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware.

The Windows registry was introduced to tidy up the profusion of per-program INI files that had previously been used to store configuration settings for Windows programs. These files tended to be scattered all over the system, which made them difficult to track.

Windows Registry Basics

The Registry consists of the following 5 Root Keys:


Root Keys contain SubKeys. Subkeys, may contain subkeys of their own too, and contain at least one value, called as its Default Value. A key with all its subkeys and values is called as a Hive.

The Registry is located on the Disk in the system32/config folder as several separate Hive files. These Hive files are then read into memory every time Windows starts or when the User logs on. To see where the Hives are physically stored, see:


You can read more on the location of Windows registry files.

The Registry uses the following data types:

REG_SZ : The SZ indicates zero-terminated string. This is a variable-length string that can contain Unicode as well as ANSI characters.
REG_BINARY : It contains binary data. 0’s & 1’s.
REG_DWORD : This data type is a Double Word. It is, a 32-bit numeric value and can hold any number from 0 to 232.
REG_QWORD : This data type is a Quadruple Word. It is a 64-bit numeric value.
REG_MULTI_SZ : This data type contains a group of zero-terminated strings assigned to a single value.
REG_EXPAND_SZ : This data type is a zero-terminated string containing an unexpanded reference to an environment variable, like say, %SystemRoot%.



Registry Virtualization in Windows Vista onwards

Starting with Windows Vista, along with File Virtualization, the Registry too has been Virtualized, and hence unlike Windows XP, does not tend to suffer from bloat. The same has been continued in Windows 7.

Virtualization basically means that, applications are prevented from writing to System Folders Windows’ file system and ALSO to the ‘machine wide keys‘ in the registry. However, this does not prevent standard user accounts from installing or running applications.

In Windows Vista and later, the UAC utilizes the Registry Virtualization Feature, to redirect attempts to write to subkeys of


When an application attempts to write to this hive, Vista instead, writes it, to a per-user location,


This is done discreetly. No one gets to know that this is happening !

This is, in short Registry Virtualization, and it is a useful Security feature.

Incidentally, mention must also be made of another new technology underlying Windows Vista and later: The Kernel Transaction Manager, which enables Transactional Registry. This feature enables a sort of a registry rollback. But it’s not implemented in Registry Editor. Instead, this feature is designed for use by developers who need to create robust applications using transactional processing.

Registry Editor

The primary tool in Windows Vista / 7 for working directly with the registry is Registry Editor. To access it, simply type regedit in Vista’s Start Menu Search Bar and hit Enter ! You have to be doubly careful when working with the Registry, as there is no confirmation prompt or a click OK to save prompt. Changes made are directly incorporated.

You can read more about Windows Registry Editor Tips & Features.

Mention must specifically be made of the


hive as the keys in this particular are so essential for Vista to start-up, that its backup is maintained, which you can restore when necessary, simply by booting in Safe Mode and selecting Last Known Good Configuration.

To begin with, you might want to read this post on Start Menu and TaskBar Registry Tweaks. You can check out more articles on Windows Registry and go here to find out how to backup and restore the registry and how to monitor changes to the Registry. Learn how to open multiple instances of the Registry.

Post ported from and updated and posted here.

Posted by on , in Category Windows with Tags
Anand Khanse is the Admin of and a 10-year Microsoft MVP Awardee in Windows for the period 2006-16. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.