Windows Registry
Report On Seminar Topic: Windows Registry
Name : Mit B. Suthar College : L.D. College of Engineering Branch : Computer Engineering Division : A Batch : B2 Enrollment No : 090280107041 Roll No : 507140

L.D. College of Engineering 5th Semester (Div. A)

Computer Engineering

This is to certify that “Mit B. Suthar” studying in L.D. College of Engineering in Branch “Computer Engineering – Division A” having Roll No “507140” and Enrollment No “090280107041” has successfully completed report and presentation on Seminar topic : “Windows Registry”

Date of Submission Signature

: :

Mit B. Suthar Page No. 2

Roll No. 507140

L.D. College of Engineering 5th Semester (Div. A)

Computer Engineering

No. 1 2 3 4 5 6 7 8 9 10 11 12 Description An Overview to Windows Registry What is the Registry? Using the Registry Editor (regedit.exe) Isn't it dangerous to do anything with the Registry? Editing Registry Registry Damage Example of REG File Full list of data types Descriptions of folder names used in Registry Editor Some Registry tricks to Optimize your Windows Conclusion References Page No 3 5 6 15 18 29 32 33 35 36 60 60

Mit B. Suthar Page No. 3

Roll No. 507140

or a support technician. Windows consults the registry to figure out what to do with it. The registry is the heart and soul of Microsoft Windows Operating System. 4 Roll No. Suthar Page No. The registry contains the configuration data that makes the operating system work. deployment engineer. Windows assigns resources to the device based on information in the registry and then stores the device's configuration in the registry. College of Engineering 5th Semester (Div. Mit B. The registry is everything-it is the brain of the operating system. Windows Operating System and every application that runs on Microsoft's latest desktop operating system do absolutely nothing without consulting the registry first. you'd see the registry serves up thousands of values within minutes. When you install a device.L. how to take care of the registry and how to back up the registry so you can restore it if things go awry. Whether you are a desktop engineer. 507140 .D. When you run an application such as Microsoft Word. If you were to monitor the registry during a normal session. it enables you to customize Windows Operating System (Windows XP) in ways you can't through the user interface. Every application that runs on Microsoft's latest desktop operating system does absolutely nothing without consulting the registry first. such as INI files. The registry enables developers to organize configuration data in ways that are impossible with other mechanisms. managing. and supporting Windows Operating System. Through this seminar. When you double−click a file. The registry is the heart and soul of Microsoft Windows Operating System. you'll learn techniques that will make your job easier. More importantly. it enables you to customize Windows Operating System in ways you can't through the user interface. the application looks up your preferences in the registry. we will learn how to customize the registry. The registry contains the configuration data that makes the operating system work. such as INI files. A) Computer Engineering An Overview to Windows Registry My seminar topic is windows registry. The registry is an invaluable tool for the IT professional deploying. The registry enables developers to organize configuration data in ways that are impossible with other mechanisms. More importantly.

The backup and restore process is neither difficult nor lengthy and is easily mastered by the greenest of neophytes. College of Engineering 5th Semester (Div. Also. 507140 . It is true that editing or making direct changes to the Registry is not typically an activity of most users but it is important to at least know how to back up the Registry and how to restore a damaged or corrupted Registry. A little learning here can save big headaches with computer problems. The Registry is so essential to the functioning of a Windows PC that anyone who uses a PC regularly should at least have a general idea of what the Registry does. just a little knowledge will make the Registry seem less like some cabalistic ritual of Druid priests and will remove some of the fear and loathing from the subject.D.L. Suthar Page No. Mit B. A) Computer Engineering What does the average user need to know about the Registry? The majority of home PC users probably have either never heard of the Registry or think of it as something to avoid. 5 Roll No.

The information is divided among a number of hidden system binary files.D. On the other hand. it plays a key role in all those activities. 6 Roll No.L. They even control applications running on your computer. If desired. The registry has a subtle but important role in Microsoft Windows Operating System. The Registry is in constant use and almost anything that you do on a Windows PC will access the Registry for information. Mit B. The registry's hierarchical organization makes all settings easy to reference. On one hand. A hierarchical database has characteristics that make it ideally suited to storing configuration data. The settings in the registry determine how Windows appears and how it behaves. which combines the various components and displays them in a readable unified text form. viewing the contents of the Registry is done with the Registry Editor accessory. Suthar Page No. This gives the registry great potential as a tool for power users or IT professionals. Windows stores configuration data in the registry. Using the Registry Editor (regedit) is described below. enabling them to customize settings that aren't available in the user interface. similar to file paths in Windows Operating System. A) Computer Engineering What is the Registry? The Windows Registry is a central database containing all the varied assortment of information needed for the computer to run both the hardware and the software. College of Engineering 5th Semester (Div. The registry is a hierarchical database. This allows settings to be referenced using paths. 507140 . which you can describe as a central repository for configuration or a configuration database. the registry is passive—it's just a big collection of settings sitting on your hard disk. Very few PC users will ever need to access these files directly.

L. Many useful Registry edits consist of changing one or two values and are easily reversed. Suthar Page No. An example is shown in the figure below. It is accessed by using the Run line. 7 Roll No. It is also advisable to restrict direct Registry editing to small changes. provided that they follow the iron-clad rule of always backing up first. 507140 . The utility is a single file regedit. As to be expected. College of Engineering 5th Semester (Div.D. Regedit is a two-pane interface with keys in the left pane (key pane) and value names with the corresponding data in the right pane (value pane). The setup is not unlike Windows Explorer with keys analogous to folders and values analogous to files. In Vista the utility is opened by entering "regedit. Mit B.exe" in the Start Search line The Runline can also be used in Vista (but is no longer necessarily on the Start menu). A) Computer Engineering Using the Registry Editor (regedit.exe and is located in the Windows folder on XP systems. Enter "regedit" and the utility will open. Accessing the Registry Editor (Regedit) The Registry Editor (also called regedit) is not listed in the Start menu or in All Programs.exe) I don't expect the average home PC owner to be involved in manual Registry editing but there is no reason why advanced PC users should shy away from editing the Registry directly. a script or an editing interface like TweakUI or the Group Policy Editor is a preferable method for making edits. If more extensive changes are involved. an administrator account is required.

College of Engineering 5th Semester (Div. Suthar Page No. 8 Roll No.Registry Editor of Wndows XP Mit B. 507140 .L.D. A) Computer Engineering Fig 1 .

D. College of Engineering 5th Semester (Div. A) Computer Engineering Mit B. 9 Roll No.L. 507140 . Suthar Page No.

507140 . I have omitted the more esoteric types.D. The three listed in the table constitute the vast majority of all Registry entries Table I – Common registry Data Types Data type REG_BINARY Description Binary data .L. Figure 1 shows examples in the right pane. Suthar Page No. Usually in hexadecimal notation. An example is 0xA8 Double word (32 bits). There are a number of formats that data can take and the usual ones that most PC users will encounter are given in Table I. Can be edited in either hexadecimal or decimal A string. 10 Roll No. REG_DWORD REG_SZ Mit B. College of Engineering 5th Semester (Div. A) Computer Engineering Also listed in the right or value pane is the type of data contained in a value.

Shown below are what two commonly used menus look like. Figure 2 – File Menu The File menu has the functions "Import" and "Export" that involve backup and restore. These can be seen near the top of Figure 1. A) Computer Engineering Menus in Registry Editor Regedit has some of the same menus that are so familiar throughout Windows. Figure 3 – Edit Menu Mit B.L. 507140 . 11 Roll No.D. Suthar Page No. College of Engineering 5th Semester (Div.

or renamed." and "Find Next".L. 507140 . Suthar Page No. this can be very useful.D. Note the names have been chosen by this user and can be anything that is a convenient reminder. this key can be added to the "Favorites' list for easy access. The example of a "Favorites" menu shown on the right contains three favorites. (Permission settings on keys can also be edited but that is an advanced subject beyond our scope.) Another two very useful functions are "Find. Mit B. If you find that there are is a certain key that you modify often. The Registry has thousands of keys and these search functions are very necessary. A) Computer Engineering As you would expect.. The bottom of he window for Regedit shows the path of the currently highlighted key as can be seen in Figure 1. College of Engineering 5th Semester (Div.. added. and string data. the search function cannot find binary values or REG_DWORD entries. Unfortunately. It searches key names. Figure 4 – Favourite Menu Another menu that can be quite useful is "Favorites". value names. Keys and values can be deleted. the "Edit" menu is where commands are located for making changes to the Registry. Since path names can be quite long. The Edit menu also contains a useful entry "Copy Key Name" that sends the path of the key to the clipboard. 12 Roll No. They actually refer to specific Registry keys. which can have very long path names.

something to keep in mind. (Careful! Back it up. right-click it and choose "Merge".reg that is a copy of the highlighted Registry key. 507140 . Anything extra that you may have added is not deleted.L. What's done is done. Keep in mind that Regedit has no "undo" function. Note that there is no recycle bin for deleted Registry keys or values.D. On many machines the default left double-click on a REG file will also create a merge. Save it to someplace safe. College of Engineering 5th Semester (Div. To restore a key with a REG file. choose "Delete" from the "Edit" menu. I will limit this discussion to this type of straightforward scenario. This prevents accidentally doing something to the wrong key. open Regedit and highlight the key. I repeat. If you are editing an entire key. To back up a key. Mit B. If you are a very careful worker. you should probably limit Registry editing to one or two values at a time. backing up just the key where editing is to be done may suffice but make a system restore point first anyway.) If you are making a number of changes. Notice that I use the word "merge". Some experienced PC users prefer to do any actual editing in the exported REG file and then to merge the edited file. Reg files do not replace keys but add to them. 13 Roll No. you are very likely deleting it. Also. back up the key you are working on. For most cases. I prefer to change the doubleclick action to "Edit" so that accidental mergers do not happen. I suggest using a REG file and not editing in the Registry itself. Unless you are a trained IT professional. Suthar Page No. you will choose to export as a registration or REG file. A) Computer Engineering Editing Registry Keys and Values There are many useful adjustments to the Windows configuration or behavior that can be made by simple editing of the Registry. Open the "file" menu and click "Export". This is a text file with extension . even power users should probably stick with editing one or two values. To delete a highlighted key. The first step in editing is always to back up the Registry. Deleted means gone to the great bit-bucket in the sky.

a box like the one shown on the right will open . Or you might need to make it longer for certain systems. College of Engineering 5th Semester (Div. Suthar Page No. WaitToKillServiceTimeout. The time that the system waits for a service to close at Shutdown is controlled by the entry for the value. A) Computer Engineering Figure 5 – Edit Registry Entry (String) For the most part.L. Enter the desired string in the line "Value data" and click OK. Highlight the value in question in the right-pane of Regedit. consider the last value in the right-pane of Figure 1. To make things close up more quickly.As a specific example. you could change the value to 10000 (10 seconds). For strings. The value is in milliseconds and the default is 20000 ( 20 seconds). Then choose "Modify" from the "Edit" menu or rightclick the value and choose "Modify" from the context menu. 14 Roll No. direct Registry editing means changing a value. Mit B.D. 507140 .

In the example here the decimal number "96" would have to be "60" if hexadecimal were picked for the base. A slightly different box will appear if you are editing a REG_DWORD value. you need to specify the base for the number. Note that when entering a DWORD value. Be careful to be sure that you have chosen correctly between hexadecimal and decimal.D. 15 Roll No. 507140 . Mit B.L. Suthar Page No. You can enter either but the number that you enter must correspond to the correct value for the chosen base. A) Computer Engineering Figure 6 – Edit Registry Entry (DWORD) A great many Registry values are strings but another type of data that is common is the "dword". College of Engineering 5th Semester (Div. The figure on the left shows the appropriate box.

For that reason Microsoft has gone out of its way to make the Registry mysterious and fearsome sounding. you can create a lot of problems if you mess up the Registry but you can also cause problems if you go around deleting things from the Windows or Program folders. there is no reason for most PC users to forego the nice system tweaks that can be provided by the many useful scripts that are available. informed editing of the Registry is not such a precarious undertaking as it is made out to be. Suthar Page No. A) Computer Engineering Isn't it dangerous to do anything with the Registry? Because it is involved in everything. They are a form of CYA arising in part from our overly litigious society.L. some scripts even have an undo function in case you don't like the results of employing the script. But I had a backup and it took only a minute or two to fix the problem. mistakes do occur. College of Engineering 5th Semester (Div. Although directly editing the Registry is not recommended for less advanced PC users. You can do stupid things with almost anything. this is an easy enough process for anybody. the Windows XP Registry is much more robust and it's much harder to make it unbootable. As already mentioned. damage to the Registry can stop a PC from functioning. Actually.D. 507140 . 16 Roll No. If you follow the iron-clad rule to make a backup first and know how to restore it. Actually. Mit B. Yes. It is reasonable that Microsoft does not want to have to deal with service calls from ignorant people who have tried to edit the Registry but I think the constant warnings about the Registry that you see everywhere on the Internet are overdone. The only caveat is that the user of any script should back up the Registry first and should know how to undo the action of any script byrestoring the backup. I once misplaced a comma while editing a Windows 95 Registry and found that my computer wouldn't boot. And yes.

REG files provide a convenient method for backing up individual subkeys. Suthar Page No. 17 Roll No. this is not difficult. College of Engineering 5th Semester (Div. Registration (REG) files I have previously mentioned REG files in discussing the use of the Registry Editor. you can also manually create a restore point whenever you wish and it's a good idea to do so whenever you make a system change.L. Fortunately. Mit B.D. Every time you make a system change. Put the script file on the desktop and making a restore point is just a double-click away. attaching new hardware. System Restore Backing up is often done for you by System Restore. Depending on how often you turn your computer off. or whatever.a backup should be made of the Registry. 507140 .installing software. However. it is how to back it up. Although the entire Registry could be be backed up as a REG file. the default setting is for System Restore to backup certain system components approximately every 24 hours. One drawback to System Restore is that it doesn't provide a convenient way to back up just the Registry or parts of the Registry. A) Computer Engineering Registry Backup If there is one thing about the Registry that everyone should know. However. Remember that REG files are in text form and create merges when they are imported back into the Registry proper. REG files have the advantage that they are easily copied to backup media. this is not practical.

When imported. it restores a key exactly as it was and does not simply merge as do REG files. A) Computer Engineering Hive files Here we have to deal with a bit of Microsoft jargon. a hive file can't be read like the text-containing REG files but it has an advantage for backup. A key with all its subkeys and values in binary form is often called a "hive" in Microsoft literature. Macecraft's JV16 Power Tools gets high marks.D. 18 Roll No. Suthar Page No. Why the term? "Because one of the original developers of Windows NT hated bees. Among paid commercial programs.L. When using the export function of Regedit. Backup software Of course. College of Engineering 5th Semester (Div. one of the options is to save an exported key as a hive file. I use a hive file to back up the entire HKEY_CURRENT_USER and store it on another disk. There are also some programs that are designed to make Registry backups. 507140 ." So saysRaymond Chen (who should know). Mit B. For example. Hive files also are more appropriate for backing up a large key with many subkeys. So the developer who was responsible for the registry snuck in as many bee references as he could. Being binary. One commonly used free utility is ERUNT (Emergency Recovery Utility NT). software that backs up the entire disk such as Microsoft Backup or imaging programs back up the Registry along with everything else.

Some are better than others. It's too easy for the wrong thing to be removed from the Registry Mit B. College of Engineering 5th Semester (Div.D.L. A) Computer Engineering Registry Cleaners There are many programs that claim to do wonderful things by "cleaning" the Registry. For ordinary PC users I feel that the Registry needs this type of maintenance only infrequently. ordinary PC users should probably just avoid cleaning the Registry. Some are even dangerous. Those who install and uninstall a lot of software and/or those who tweak the Registry a lot may find it worthwhile to do regular Registry maintenance. Suthar Page No. JV16 Power Tools.. the Registry in Windows XP is far more robust and much less prone to corruption. Back in the days of Windows 95. they prune out dead or corrupted entries. I was an advocate of regular housekeeping for the Registry. 507140 . is a good choice for this task. 19 Roll No. That is. The program mentioned above. However. Another possibility is CCleaner. However.

regedt32.D. although these tools do not expose some of registry's metadata such as the last modified date. They also implement workarounds in code that allow Registry keys to be renamed. 20 Roll No. College of Engineering 5th Semester (Div. A) Computer Engineering Editing Registry Manual Editing Figure 7 . Mit B. 507140 .L. as the underlying APIs do not support this capability.exe and on older versions of Windows.Registry Editor of Windows 7 The Windows registry can be edited manually using programs such as regedit.exe. Suthar Page No.

a backup of the registry before editing is recommended by Microsoft.EXE program and Windows NT 3.EXE program. 507140 .0 and Windows 2000 were distributed with both the Windows 9x REGEDIT. College of Engineering 5th Semester (Div. There were several differences between the two editors on these platforms: Mit B. 21 Roll No.x.EXE which could be used in Windows and also in real mode MS-DOS. Windows 9x operating systems included REGEDIT. Suthar Page No. This was basically just a database of applications used to edit embedded OLE objects in documents.L. called the "Registration Info Editor" or "Registration Editor". Windows NT 4.11 As a careless change could cause irreversible damage. A) Computer Engineering Figure 8 – Registry Editor of Windows 3. A simple implementation of the current registry tool appeared in Windows 3.D. Windows NT introduced permissions for Registry editing.x's REGEDT32.

L.D. College of Engineering 5th Semester (Div. A)

Computer Engineering

REGEDIT.EXE had a left-side tree view that begins at "My Computer" and lists all loaded hives. REGEDT32.EXE had a left-side tree view, but each hive had its own window, so the tree displays only keys. REGEDIT.EXE represented the three components of a value (its name, type, and data) as separate columns of a table. REGEDT32.EXE represented them as a list of strings. REGEDIT.EXE supported right-clicking of entries in a tree view to adjust properties and other settings. REGEDT32.EXE required all actions to be performed from the top menu bar. REGEDIT.EXE supported searching for key names, values, or data throughout the entire registry, whereas REGEDT32.EXE only supported searching for key names in one hive at a time. Earlier versions of REGEDIT.EXE did not support editing permissions. Therefore, on those early versions, only REGEDT32.EXE could access the full functionality of an NT registry. REGEDIT.EXE in Windows XP, VISTA, and Windows 7, supported editing permissions. REGEDIT.EXE only supported string (REG_SZ), binary (REG_BINARY), and DWORD (REG_DWORD) values. REGEDT32.EXE supported those, plus expandable string (REG_EXPAND_SZ) and multi-string (REG_MULTI_SZ). Attempting to edit unsupported key types with REGEDIT.EXE on Windows 2000 or Windows NT 4.0 would result in irreversible conversion to a supported type.

Windows XP was the first system to integrate these two programs into one, adopting the old REGEDIT.EXE interface and adding the REGEDT32.EXE functionality. The differences listed above are not applicable on Windows XP and newer systems; REGEDIT.EXE is the improved editor, and REGEDT32.EXE is deprecated.
Mit B. Suthar Page No. 22 Roll No. 507140

L.D. College of Engineering 5th Semester (Div. A)

Computer Engineering

The Registry Editor allows users to perform the following functions:

Creating, manipulating, renaming and deleting registry keys, subkeys, values and

value data
 

Importing and exporting .REG files, exporting data in the binary hive format Loading, manipulating and unloading registry hive format files (Windows NT-based

systems only)
   

Setting permissions based on ACLs (Windows NT-based systems only) Bookmarking user-selected registry keys as Favorites Finding particular strings in key names, value names and value data Remotely editing the registry on another networked computer

Mit B. Suthar Page No. 23

Roll No. 507140

L.D. College of Engineering 5th Semester (Div. A)

Computer Engineering

(2) Reg Files
This step-by-step article describes how to add, modify, or delete registry subkeys and values by using a Registration Entries (.reg) file. Regedit.exe uses .reg files to import and export registry subkeys and values. You can use these .reg files to remotely distribute registry changes to several Windows-based computers. When you run a .reg file, the file contents merge into the local registry. Therefore, you must distribute .reg files with caution.

Syntax of .Reg Files
A .reg file has the following syntax: RegistryEditorVersion Blank [RegistryPath1] "DataItemName1"="DataType1:DataValue1" DataItemName2"="DataType2:DataValue2" Blank [RegistryPath2] "DataItemName3"="DataType3:DataValue3" line line

where: RegistryEditorVersion is either "Windows Registry Editor Version 5.00" for Windows 2000, Windows XP, and Windows Server 2003, or "REGEDIT4" for Windows 98 and Windows NT 4.0. The "REGEDIT4" header also works on Windows 2000-based, Windows XP-based, and Windows Server 2003-based computers. Blank line is a blank line. This identifies the start of a new registry path. Each key
Mit B. Suthar Page No. 24 Roll No. 507140

College of Engineering 5th Semester (Div. A) Computer Engineering or subkey is a new registry path. Quotation marks enclose the name of the data item. If you have several keys in your . DataTypex is the data type for the registry value and immediately follows the equal sign.L. The contents of the registry files are sent to the registry in the order you enter them. If the bottom of the hierarchy in the path statement does not exist in the registry. do not include the data type value or colon.reg file overwrites the existing value. If the data type is REG_SZ . 25 Roll No. if you want to create a new subkey with another subkey below it. Therefore.exe assumes REG_SZ for the data type. DataItemNamex is the name of the data item that you want to import. blank lines can help you to examine and to troubleshoot the contents.reg file can contain several registry paths.reg file adds it (with the value of the data item). the value in your . a new subkey is created. the . For all the data types other than REG_SZ (a string value). RegistryPathx is the path of the subkey that holds the first value you are importing. If a data item does exist. In this case. you must enter the lines in the correct order. Enclose the path in square brackets. and separate each level of the hierarchy by a backslash. Suthar Page No. Mit B.D. If a data item in your file does not exist in the registry. Regedit. 507140 . a colon immediately follows the data type. An equal sign immediately follows the name of the data item.reg file. For example: [HKEY_LOCAL_ MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] A . The following table lists the typical registry data types.

Adding Registry Subkeys or Adding and Changing Registry Values To add a registry subkey or add or change a registry value. Note: You can enter several data item lines for the same registry path.D.reg file. Exported registry subkeys are automatically saved as .reg files.reg hexadecimal dword REG_EXPAND_SZ hexadecimal(2) REG_MULTI_SZ hexadecimal(7) DataValuex immediately follows the colon (or the equal sign with REG_SZ) and must be in the appropriate format (for example. make the appropriate changes in the registry. Suthar Page No. 507140 . 26 Roll No. and then export the appropriate subkey or subkeys. College of Engineering 5th Semester (Div. Use hexadecimal format for binary data items. string or hexadecimal).L. Note: the registry file should contain a blank line at the bottom of the file. A) Computer Engineering Table 2 – Data types for Reg filess Data Type REG_BINARY REG_DWORD DataType in . To make changes to the registry and export your changes to a . follow these steps: Mit B.

Click Start. type a file name to use to save the . College of Engineering 5th Semester (Div. This step backs up the subkey before you make any changes. Locate and then click the subkey that holds the registry item or items that you want to change.D.reg file to make your registry changes on another computer. A) Computer Engineering 1. If they cause a problem. Mit B. Suthar Page No. 3. If the changes work as expected. add or modify the registry items you want. and then click Save. 6. and then click OK. 5. click Run. double-click the file that holds the backup of the original registry data to return the registry to its original state. 7. 27 Roll No. but use a different file name for the . such as a reference to the name of the subkey.reg file. type regedit in the Open box. you can distribute the .reg file with the original registry items. Click File. You can import this file back into the registry later if your changes cause a problem. 4. Repeat steps 3 and 4 to export the subkey again. You can use this . Test your changes on the local computer. In the right pane. and then click Export. Note Use a file name that reminds you of the contents. 2. 507140 .reg you created in step 6 to other computers by using the methods in the "Distributing Registry Changes" section of this article.L. In the File name box.

to delete the Test subkey from the following registry key: HKEY_LOCAL_MACHINE\Software put a hyphen in front of the following registry key in the . For example.reg file.reg file that can perform this task.reg file when they log on.reg file and insert the hyphen.reg file. For example. put a .reg file. College of Engineering 5th Semester (Div. they receive the following messages: Registry Editor Are you sure you want to add the information in path of . put a hyphen (-) in front of the RegistryPath in the .reg file. 507140 . put a hyphen (-) after the equals sign following theDataItemName in the . A) Computer Engineering Deleting Registry Keys and Values To delete a registry key with a . The following example has a .reg file.reg file to users in an e-mail message. to delete the TestValue registry value from the following registry key: HKEY_LOCAL_MACHINE\Software\Test put a hyphen after the "TestValue"= in the .reg file to the registry? Mit B.reg file.reg file. When users run the .exe to export the registry key that you want to delete. 28 Roll No.reg file: HKEY_LOCAL_MACHINE\Software\Test The following example has a .reg file that can perform this task.L. use Regedit.reg file on a network share and direct users to the network share to run it. [-HKEY_LOCAL_MACHINE\Software\Test] To delete a registry value with a .D. and then use Notepad to edit the . Distributing Registry Changes You can send a . HKEY_LOCAL_MACHINE\Software\Test "TestValue"=To create the . Suthar Page No. or you can add a command to the users' logon scripts to automatically import the .

D. 507140 .exe /s path of . the user receives the following message: Registry Editor Information in path of . Regedit.reg file has been successfully entered into the registry. Suthar Page No. use the following syntax: regedit. 29 Roll No.exe supports a /s command-line switch to not display these messages. to silently run the . A) Computer Engineering If the user clicks Yes.reg file (with the /s switch) from a login script batch file. Mit B. For example.reg file You can also use Group Policy or System Policy to distribute registry changes across your network.L. College of Engineering 5th Semester (Div.

L. the dangers are by no means peculiar to registry cleaners. downloaded and installed from obscure or unknown sources. many of these caveats apply to any type of software.[7] however the program has subsequently been deprecated because of unintended damage that it caused Of course. and actual malware. 507140 . these cleaners do not improve performance. snake-oil. With such a solution. the OS can be restored if any recent changes proved to be bad ones. This is safer than most registry cleaners. Suthar Page No. or cause application errors and crashes.D. [2] Removing or changing certain registry data can prevent the system from starting. The rest are a mix of powerful and dangerous tools unsuited to non-professionals. and many that do may erroneously categorize errors as "critical" with little basis to support it. Mit B.[6] The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer related issues. While it is true that some registry cleaners are safe. a poorly-designed registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. if an unknown author boasts that the software has been written in some variant of the C language "for greater efficiency".[3][4] [5] as well as application compatibility updatesfrom Microsoft to block problematic registry cleaners. This may lead to loss of functionality and/or system instability. Obviously. especially freeware or shareware. A) Computer Engineering Registry damage Some registry cleaners make no distinction as to the severity of the errors. this should be interpreted as a danger signal. College of Engineering 5th Semester (Div. It is not always possible for a third party program to know whether any particular key is invalid or redundant. In particular. 30 Roll No. The level of skill necessary to use a registry cleaner to actually improve the performance of a machine is higher than the level of skill necessary to configure an easy incremental backup solution.

[11] The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! ." Rogue registry cleaners "WinFixer" have been ranked as one of the most prevalent pieces of malware currently in circulation.REGISTRY DAMAGED AND CORRUPTED". displaying bogus warnings to take "corrective" action. College of Engineering 5th Semester (Div. Microsoft and the Washington attorney general filed a lawsuit against two Texas firms. 507140 . In October 2008. improved memory management and indexing. it was possible that a very large registry could slow down the computer's startup time. using a Microsoft-supported tool such as PageDefrag). producers of the "Registry Cleaner XP" scareware. before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39. Mit B. Other Windows Performance Tools are specifically designed to troubleshoot performance-related issues under Windows. and is largely an automated process under Vista. typically through social engineering attacks that use website popups or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a registry cleaner. Metrics of performance benefit On Windows 9x computers.L. 31 Roll No.[12] Slowdown due to registry bloat is thus far less of an issue in modern versions of Windows. A) Computer Engineering Malware payloads Registry cleaners have been used as a vehicle by a number of trojan applications to install malware.[9] The worst of the breed are products that advertise and encourage a "free" registry scan. before it will effect any of the anticipated "repairs.D. However this is far less of an issue with NT-based operating systems (includingWindows XP and Vista) due to a different on-disk structure of the registry. Suthar Page No. however.[13] has likewise been de-emphasized due to this increased efficiency.g. Defragmenting the registry files (e. hence the reason that they are sometimes called "scareware". the user typically finds the product has to be purchased for a substantial sum.95. Scanners as scareware Rogue registry cleaners are often marketed with alarmist advertisements that falsely claim to have pre-analyzed your PC. Branch Software and Alpha Red.

Suthar Page No. Automated System Recovery. Malware removal These tools are also difficult to manage in a non-boot situation. the removal of system-critical files may result. "Last Known Good" restores the last System Registry hive (containing driver and service configuration) that successfully booted the system. they should be avoided in an application virtualization environment Mit B.D. in complex scenarios where malware such as spyware. A corrupt registry can be recovered in a number of ways that are supported by Microsoft (e. In the age of rapidly evolving malware. Registry cleaners are likewise not designed for malware removal. making the repair via "slave mounting" of a system disk impossible. only specialized tools such as the RegDelNull utility (part of theSysinternals software) are able to do this. and consequent confusion by the user of cleaner products. even a full system restore may be unable to rid a hard drive of a bootkit. In general. from a "Last Known Good" boot menu. adware and viruses are involved. A) Computer Engineering Undeletable registry keys Registry cleaners cannot repair scenarios such as undeletable registry keys caused by embedded null characters in their names. 507140 . compared to a full system restore from a backup. 32 Roll No. There is little competent information about this specific interaction.[17] Complications of detailed interactions of real-mode with virtual.[15] Recovery capability limitations A Registry cleaner cannot repair a Registry hive that can't be mounted by the system. such as a turned-off System Restore.L. or during an infestation. by re-running setup or by usingSystem Restore). even if registry cleaners could be arguably considered safe in a normal end-user environment. Application virtualization A registry cleaner is of no use for cleaning registry entries associated with a virtualised application since all registry entries in this scenario are written to an application-specific virtual Registry instead of the real one. College of Engineering 5th Semester (Div. also leaves the potential for incorrect removal of shortcuts and registry entries that point to "disappeared" files. and no integration. However. although minor side-effects can be repaired.g.

D.vista. Suthar Page No. How to delete a key using a .reg file? Windows Registry Editor Version 5. Windows 7 Or REGEDIT4 // for windows 95 and 98 [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSIO N\POLICIES\SYSTEM] "LEGALNOTICECAPTION"="PC1" "LEGALNOTICETEXT"="You are Logging into PC 1" ---------------END OF FILE------------------Note : we need to specify version of registry editor in the file first : do not include comments in original file : add a last line as blank (as syntax of .00 // for windows xp. 507140 . Mit B. 33 Roll No.reg” and run it!!! : it will enter desired registry entries in registry.”filename.reg file suggests : save it as .00 [~HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSI ON\POLICIES\SYSTEM] "LEGALNOTICECAPTION"=~"PC1" "LEGALNOTICETEXT"=~"You are Logging into PC 1" Note: if you need to add or remove registry entry else where specify registry entry path again and enter values for registry entry again. College of Engineering 5th Semester (Div. A) Computer Engineering Example of an REG file Windows Registry Editor Version 5.L.

or decimal format.L. A multiple string. hexadecimal. College of Engineering 5th Semester (Div. DWORD Value REG_DWORD Expandable REG_EXPAND_SZ String Value MultiString Value REG_MULTI_SZ String Value Binary Value REG_SZ REG_RESOURCE_LIST Binary Value REG_RESOURCE_REQUIREMENTS_LIST A series of nested arrays that is designed to store a device driver's Roll No. This data type includes variables that are resolved when a program or service uses the data. Values that contain lists or multiple values in a form that people can read are generally this type. Related values are DWORD_LITTLE_ENDIAN (least significant byte is at the lowest address) and REG_DWORD_BIG_ENDIAN (least significant byte is at the highest address). A series of nested arrays that is designed to store a resource list that is used by a hardware device driver or one of the physical devices it controls. Most hardware component information is stored as binary data and is displayed in Registry Editor in hexadecimal format. 507140 Mit B. Many parameters for device drivers and services are this type and are displayed in Registry Editor in binary. or other marks. A fixed-length text string.D. This data is detected and written in the \ResourceMap tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value. A) Computer Engineering Table 3 – Full list of Data types Name Binary Value Data type REG_BINARY Description Raw binary data. 34 . Data represented by a number that is 4 bytes long (a 32-bit integer). A variable-length data string. commas. Suthar Page No. Entries are separated by spaces.

This data is displayed in Registry Editor as a Binary Value and was introduced in Windows 2000. College of Engineering 5th Semester (Div.L. 507140 . Suthar Page No. This data is detected by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value. None REG_NONE Link QWORD Value REG_LINK REG_QWORD Mit B. Binary Value REG_FULL_RESOURCE_DESCRIPTOR A series of nested arrays that is designed to store a resource list that is used by a physical hardware device. 35 Roll No. This data is written to the registry by the system or applications and is displayed in Registry Editor in hexadecimal format as a Binary Value A Unicode string naming a symbolic link. Data represented by a number that is a 64-bit integer. This data is detected and written in the \HardwareDescription tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value. A) Computer Engineering list of possible hardware resources the driver or one of the physical devices it controls can use.D. The system writes a subset of this list in the \ResourceMap tree. Data without any particular type.

" HKEY_CLASSES_ROOT Is a subkey of HKEY_LOCAL_MACHINE\Software. the system stores the information under HKEY_LOCAL_MACHINE\Software\Classes. If you write keys to a key under HKEY_CLASSES_ROOT. 36 Roll No. this information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. If you write values to a key under HKEY_CLASSES_ROOT. 507140 . Suthar Page No. changes must be made under HKEY_CURRENT_USER\Software\Classes instead of under HKEY_CLASSES_ROOT. screen colors. This information is associated with the user's profile. the system will store the information there instead of under HKEY_LOCAL_MACHINE\Software\Classes. A) Computer Engineering Table 4 – Descriptions of folder names used in Registry Folder/predefined key HKEY_CURRENT_USER Description Contains the root of the configuration information for the user who is currently logged on. The user's folders. This key is sometimes abbreviated as "HKCR. HKEY_CLASSES_ROOT also provides this merged view for programs that are designed for earlier versions of Windows.L. College of Engineering 5th Semester (Div. and the key already exists under HKEY_CURRENT_USER\Software\Classes." Contains all the actively loaded user profiles on the computer.D. This key is sometimes abbreviated as "HKLM. The HKEY_LOCAL_MACHINE\Software\Classes key contains default settings that can apply to all users on the local computer. Some registry tricks to optimize your Windows : Mit B." HKEY_USERS HKEY_LOCAL_MACHINE Contains configuration information particular to the computer (for any user). HKEY_USERS is sometimes abbreviated as "HKU. The HKEY_CURRENT_USER\Software\Classes key contains settings that override the default settings and apply only to the interactive user. HKEY_CURRENT_CONFIG Contains information about the hardware profile that is used by the local computer at system startup." Starting with Windows 2000. To change the default settings. The information that is stored here makes sure that the correct program opens when you open a file by using Windows Explorer. The HKEY_CLASSES_ROOT key provides a view of the registry that merges the information from these two sources. and Control Panel settings are stored here. changes must be made under HKEY_LOCAL_MACHINE\Software\Classes. HKEY_CURRENT_USER is a subkey of HKEY_USERS. To change the settings for the interactive user. This key is sometimes abbreviated as "HKCU.

Set the (Default) to "Op&en With. Enter anything you like up to 8 characters.OpenAs_RunDLL %1".This is great for when you have several programs you want to open the same file types with. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting new 6. 1...dll.exe shell32. 507140 . Lock Out Unwanted Users Mit B. You must enter the "OpenAs_RunDLL %1" exactly this way. Right click the new value name and modify. Set the (Default) to "C:\Windows\rundll32.. Add two new String values. 1. Customize the System Tray You can add your name or anything you like that consists of 8 characters or less. I use three different text editors so I added it to the ". you can have the system tray display the two different values in the AM and PM.. Open RegEdit 2." 5. A) Computer Engineering Add Open With to all files You can add "Open With.D. College of Engineering 5th Semester (Div.L. Suthar Page No. 37 Roll No. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new 4. Go to HKEY_CURRENT_USER\Control Panel\International 3.txt" key." to the Right click context menu of all files. C:\ being your Windows drive. This will replace the AM or PM next to the system time. But you can corrupt some trial licenses of software that you may have downloaded. "s1159" and "s2359" 4. If you enter two different values when modifying. Go to HKEY_CLASSES_ROOT\*\Shell 3. Open RegEdit 2.

Set the value to 1 This forced logon can be bypassed in Safe Mode on Windows 9x Disable the Outlook Express Splash Screen You can make OutLook Express load quicker by disabling the splash screen: 1. 1. Go to HKEY_LOCAL_MACHINE\Network\Logon 3. Add a string value "NoSplash" 4. Set the value to "FALSE" Changing Windows' Icons Mit B. Create a string value "StartMenuScrollPrograms" 4. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express 3.L. Set the value data to 1 as a Dword value Multiple Columns For the Start Menu To make Windows use multiple Start Menu Columns instead of a single scrolling column.D. A) Computer Engineering Want to keep people from accessing Windows. 507140 . College of Engineering 5th Semester (Div. Open RegEdit 2. Create a dword value "MustBeValidated" 4. Also if you are using Classic Mode in XP 1. 38 Roll No. Go to the key HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced 3. like Windows 9x had. Suthar Page No. Open RegEdit 2. Open RegEdit 2. Right click the new string value and select modify 5. even as the default user? If you do not have a domain do not attempt this.

ico. A) Computer Engineering You can change the Icons Windows uses for folders. College of Engineering 5th Semester (Div.L. Go to HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Icons 3. 0= Unknown file type 1= MSN file types 2= Applications Generic 3= Closed Folder 4= Open Folder 5= 5. Example: "3" ="C:\Windows\Icons\MyIcon. Change Default Folder Locations Mit B.25" Drive 6= 3. the Start Menu.ico". 39 Roll No. Add a string value for each Icon you wish to change. 1.0" This will change the closed folders in the Explorer to "MyIcon. Suthar Page No. 507140 . opened and closed folder in the Explorer. and many more. Here is a complete list for each value.D. Open RegEdit 2. You may need to delete the hidden file ShellIconCache if after rebooting the desired Icons are not displayed.25" Drive 7= Removable Drive 8= Hard Drive 9= NetWork Drive 14= Network Hub 15= My Computer 16= Printer 17= Network Neighborhood 18= Network Workgroup 19= Start Menu's Program Folders 20= Start Menu's Documents 21= Start Menu's Setting 22= Start Menu's Find 23= Start Menu's Help 28= Shared 29= Shortcut Arrow 30= (Unknown Overlay) 31= Recycle Bin Empty 32= Recycle Bin Full 33= Dial-up Network 34= DeskTop 35= Control Panel 36= Start Menu's Programs 37= Printer Folder 38= Fonts Folder 39= Taskbar Icon 40= Audio CD 10= Network Drive Offline 24= Start Menu's Run 11= CD-ROM Drive 12= RAM Drive 13= Entire Network 25= Start Menu's Suspend 26= Start Menu's PC Undock 27= Start Menu's Shutdown You need to reboot after making changes.

3) Change the value of "RegisteredOrganization" or "RegisteredOwner".D. A) Computer Engineering You can change or delete the Windows mandatory locations of folder like My Documents: 1. 40 Roll No. Suthar Page No. To change the desired location of the Program Files folder 1.L. Open the Explorer and rename or create the folder you wish. Change the desired folder location. or "ProgramFilesDir" Now when you install a new program it will default to the new location you have selected. My Documents is normally list as "Personal" 4. 1) Open RegEdit 2) Got to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion. College of Engineering 5th Semester (Div. to what ever you want Mit B. Go to HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Folders 3. Change the Registered Change the User Information You can change the Registered Owner or Registered Organization to anything you want even after Windows is installed. Change the value of "ProgramFiles". 507140 . Open RegEdit 2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion 2.

Go to HKEY_CURRENT_USER\Software\ Microsoft\Windows Messaging Subsystem\ Profiles 3. Changing Exchange/Outlook Mailbox Location To change the location of your mailbox for Exchange: 1.L. College of Engineering 5th Semester (Div. 41 Roll No. Go to the profile you want to change 4.com /k cd %1" Add or Edit the following Registry Keys for a Drive: HKEY_CLASSES_ROOT\Drive\shell\opennew @="Dos Prompt in that Drive" HKEY_CLASSES_ROOT\Drive\shell\opennew\command @="command.D. Suthar Page No. Open RegEdit 2.PST) file 5. Go to the value name that has the file location for your mailbox (*. 507140 .com /k cd %1" These will allow you to right click on either the drive or the directory and the option of starting the dos prompt will pop up. A) Computer Engineering Opening a DOS Window to either the Drive or Directory in Explorer Add the following Registry Keys for a Directory: HKEY_CLASSES_ROOT\Directory\shell\opennew @="Dos Prompt in that Directory"HKEY_CLASSES_ROOT\Directory\shell\opennew\command @="command. Make the change to file location or name Mit B.

Set the (Default) value of the application you want to run Mit B. Open RegEdit 2. A) Computer Engineering To change the location of your mailbox for Outlook 1. you can have access to that application. Make the change to file location Add/Remove Sound Events from Control Panel You can Add and delete sounds events in the Control Panel. In order to do that: 1. in front of any character and it will allow you to use the keyboard) 5.L. 507140 . Go to HKEY_CURRENT_USER\Software\Microsoft\Outlook (or Outlook Express if Outlook Express) 3. Give it a default value that will appear when you right click a folder. Adding an Application to the Right Click on Every Folder Here is how to add any application to the Context Menu when you right click on any Folder. 4.e. 3. When you right click on any folder. Add a new Key to the "Shell" Key and name it anything you like. the same as using Sent To. 42 Roll No. Go to the section "Store Root" 4. You can add/delete any items you want to or delete the ones you no longer want.D. Add a New Key named Command 7. Open RegEdit 2. NewKey (use an "&" without the quotes. Go to HKEY_CLASSES_ROOT\Folder\shell 3. Suthar Page No. College of Engineering 5th Semester (Div. This way you do not have to always go to the Start Menu. 1. Open RegEdit 2. Click on the Key HKEY_CLASSES_ROOT\Folder\shell\NewKey 6. If this key does not exist you can create it and add events. i. Go to HKEY_CURRENT_USER\AppEvents\Schemes\Apps and HKEY_CURRENT_USER\AppEvents\Schemes\Eventlabels.

Edit the value next to SourcePath Creating a Logon Banner If you want to create a Logon Banner: A message box to appear below your logon on. Go to HKEY_CLASSES_ROOT\Folder\shell 3. Set the (Default) value of Explorer. 43 Roll No.exe (Include the full path and parameters if you need them) Adding Explore From Here to Every Folder When you want to right click on any folder and want to open up an Explorer window of that folder.L.Open RegEdit 2.exe /e. Right Click the "RootExplore " Key and add a new Key "Command"to the RootExplore 6. For example: c:\program files\internet explorer\iexplore./idlist.%i Changing the Location of Windows' Installation Files If you need to change the drive and or path where Windows looks for its installation files: 1.Open RegEdit 2. 1. Set the (Default) value to "E&xplore From Here " 5.Go To For Windows 9x and ME HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon Mit B. 1. 507140 . Add a new Key "RootExplore " under the "Shell" Key 4./root. A) Computer Engineering 8. Open RegEdit 2.Go to HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Setup 3. Suthar Page No.D. College of Engineering 5th Semester (Div.

dat /D Registry key to delete You cannot be in Windows at the time you use this switch. 507140 . What is displayed in the Title Bar. Go to HKEY_CLASSES_ROOT\Unknown\Shell 3. Enter the text for your message box that will appear even before the Logon window. A) Computer Engineering For Windows 2000 XP 2003 Vista HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon 3.dat /R location of User. 5.L. Enter the Title of the window. Suthar Page No. 44 Roll No.EXE %1 You must use the "%1" for this to work. College of Engineering 5th Semester (Div. Open RegEdit 2.D. Set the (Default) value to the path and filename of the program you want to use to open the file type 6. Mit B. Create a new string value "LegalNoticeText" 6. Creating a Default File Opener If you have a un-registered file type and want to view it instead of having to select Open With. Create a New Key under the "Open" key you just created and name it "Command" 5. Use Explorer's Right-click and add your program to the right-click options by: 1.and a space between the exe and the %1 Deleting Registry Keys from the Command Line There are two ways to delete a key from the Registry from the Command line. Right click on "Shell" and create a New Key and name it "Open " 4.Create a new String value"LegalNoticeCaption " 4. At the Windows Command line: RegEdit /l location of System. For example: C:\Windows\NOTEPAD.

Example: to Save Windows settings add or modify the value name NoSaveSettings to 0. you can edit the Registry. College of Engineering 5th Semester (Div.Disables Deletion of Printers Mit B.You can then add DWORD or binary values set to 1 in the appropriate keys for ON and 0 for off. And NoDeletePrinter set to 1 will prevent the user from deleting a printer. RegEdit C:\Windows\(name of the regfile). NoDeletePrinter . You can add and delete Windows features in this Key shown below. if set to1 Windows will not save settings.Go to the Explorer Key (Additional keys that can be created under Policies are System.Open RegEdit 2.Go to HKEY_CURRENT_USER\Software\Microsoft\ CurrentVersion\ Policies 3. Suthar Page No.D. Explorer. Network and WinOldApp ) 4. A) Computer Engineering Or you can create a reg file as such: REGEDIT4 [-HKEY_LOCAL_MACHINE\the key you want to delete] Note the negative sign just behind the[ Then at the Command line type: 1. 45 Roll No.L. 507140 . 1. The same key shows up at: HKEY_USERS\(yourprofilename)\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer so change it there also if you are using different profiles. Change/Add Restrictions And Features If you want to make restrictions to what users can do or use on their computer without having to run Poledit. Zero is Off and the value 1 is On.

Removes Folders from Settings on Start Menu NoSetTaskbar . 46 Roll No.Hides all icons on the Desktop NoClose .Disables Addition of Printers NoRun .No changes allowed NoInternetIcon .. College of Engineering 5th Semester (Div. Suthar Page No.Don't save settings on exit DisableRegistryTools .Disables Run Command NoSetFolders ..Empty the recent Docs folder on reboot NoLogoff .Hides the Documents shortcut at the Start button NoRecentDocsHistory.Removes the Find Command NoDrives . 507140 .Hides the Network Neighborhood NoDesktop .Hides the Favorites menu NoChangeStartMenu _ Disables changes to the Start Menu NoFolderOptions _ Hides the Folder Options in the Explorer ClearRecentDocsOnExit .L.D. in the Start Menu And here are a few more you can play with ShowInfoTip NoTrayContextMenu NoStartMenuSubFolders NoWindowsUpdate NoViewContextMenu Mit B.Disable Registry Editing Tools NoRecentDocsMenu .No Internet Explorer Icon on the Desktop NoFavoritesMenu .Hides Drives in My Computers NoNetHood .Hides the Log Off .Clears history of Documents NoFileMenu _ Hides the Files Menu in Explorer NoActiveDesktop .No Active Desktop NoActiveDesktopChanges.Removes Taskbar from Settings on Start Menu NoFind .Disables Shutdown NoSaveSettings .. A) Computer Engineering NoAddPrinter .

D. 507140 .Hide Hardware Profiles Page NoFileSysPage . one to hide the control panel and more. A) Computer Engineering EnforceShellExtensionSecurity LinkResolveIgnoreLinkInfo NoDriveTypeAutoRun NoStartBanner NoSetActiveDesktop EditLevel NoNetConnectDisconnect RestrictRun . The policies key has a great deal of control over how and what program can run and how one can access what feature. I'm not telling you how. Suthar Page No.Hide Remote Administration Page NoProfilePage .L. there is one to even hide the taskbar.Disables all exe programs except those listed in the RestrictRun subkey This key has many other available keys.Hide User Profiles Page NoDevMgrPage .Hide Virtual Memory Button Mit B. as someone may want to play a trick on you. 47 Roll No.Hide Screen Saver Page NoDispAppearancePage .Hide File System Button NoVirtMemPage .Disable Password Control Panel NoPwdPage . College of Engineering 5th Semester (Div.Disable Display Control Panel NoDispBackgroundPage .Hide Background Page NoDispScrSavPage .Hide Settings Page NoSecCPL . In the System key you can enter: NoDispCPL .Hide Password Change Page NoAdminPage .Hide Device Manager Page NoConfigPage .Hide Appearance Page NoDispSettingsPage .

D. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update 3. Go to the key HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\ Windows\ CurrentVersion\ Policies\ Network 3. College of Engineering 5th Semester (Div.Hide Access Control Page NoFileSharingControl .Hide Identification Page NoNetSetupSecurityPage . Set the value name "UpdateMode" to 1 Disable Password Caching To disable password caching. which allows for the single Network login and eliminates the secondary Windows logon screen. Open RegEdit 2.Disable MS-DOS Prompt NoRealMode . Suthar Page No.Disable File Sharing Controls NoPrintSharing .Disable Print Sharing Controls In the WinOldApp key you can enter: Disabled . Either use the same password or: 1.Disables Single-Mode MS-DOS Automatic Screen Refresh When you make changes to your file system and use Explorer. 48 Roll No. Add a Dword value "DisablePwdCaching" and set the value to 1 Mit B.Disable the Network Control Panel NoNetSetupIDPage . the changes are not usually displayed until you press the F5 key To refresh automatically: 1.L. 507140 . Open RegEdit 2. A) Computer Engineering In the Network key you can enter: NoNetSetup .

D.Select New\String Value and create the value name IPMTU 5.Similarly.L. and DefaultTTL by adding these string values to HKEY_LOCAL_MACHINE\ System\ CurrentControlset\ Services\ VXD\ MSTCP Set the DefaultRcvWindow to"5840"and the DefaultTTL to "128" Note: These settings will slow down your network access speed slightly.Go to HKEY_CLASSES_ROOT\Directory\Shell 3.Go to HKEY_LOCAL_MACHINE\System\CurrentControlset\ Services\ Class\ net\ 000x (where x is your particular network adapter binding.Right-click on Shell and select New Key Mit B. The usual change is to 576 6.Double click on it and enter then the number you want.Right click on the right panel 4.Open RegEdit 2. Suthar Page No. 507140 . but you will probably not even see the difference if you are using a network card. A) Computer Engineering Changing the MaxMTU for faster Downloads There are four Internet settings that can be configured.Open RegEdit 2. Adding Items to the Start Button To add items when you right-click on the Start Button: 1. College of Engineering 5th Semester (Div. you can get greater throughput (faster Internet downloads) by modifying a few settings.) 3. you can add IPMSS and give it a value of 536 (Windows 9X)You can set DefaultRcvWindow. 49 Roll No. MaxMSS and DefaultRcvWindow. and DefaultTTL 1. They are the MaxMTU. If you are using Direct Cable you should see a sight difference.

In certain situations you might want to disable this feature. you would add that as the first key.For example. 9. Explore or Find. Suthar Page No.Type in the name of the key and press the Enter key 5. enter the full path and program you want to execute 8.Delete Explore and Open Caution: . 507140 . you can select Open. the W would be the Hot Key on your keyboard.Open RegEdit 2.L. Open shows your Programs folder.Delete Find 4. The value of the key would be C:\Program Files\Office\Winword\Winword.Now when you right click on the Start Button. 50 Roll No.Go to HKEY_CLASSES_ROOT\Directory\Shell\Find 3.In the Default name that shows in the right hand panel. you can add a title with a "&" character in front of the letter for a shortcut 6.For the value of this command.exe Remove Open. Explore starts the Explorer and allows access to all drives. Find allows you to search and then run programs.Scroll down below Directory to Folder 5. Mit B. College of Engineering 5th Semester (Div.Expand this section under shell 6.Right-click on the key you just created and create another key under it called command 7. To remove them: 1. Explore & Find from Start Button When you right click on the Start Button. you cannot open any folders.D. if you want Word to be added. your new program will be there.When you remove Open. the default in the right panel would be &Word so when you right click on the Start Button. A) Computer Engineering 4.

Go to HKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer Mit B. Suthar Page No.Open RegEdit 2. Changing Telnet Window You can view more data if you increase the line count of Telnet. Modify the value data of "Rows" Changing the Tips of the Day You can edit the Tips of the day in the Registry by going to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\ CurrentVersion\ explorer\ Tips Disabling Drives in My Computer To turn off the display of local or networked drives when you click on My Computer: 1. To increase this so you can scroll back and look at a larger number on lines: 1. or use the File Menu item in the Explore and select New a list of default templates you can open up are listed. 51 Roll No. By Default it has a window size of 25 lines. College of Engineering 5th Semester (Div. Do a Search for the string ShellNew in the HKEY_CLASSES_ROOT Hive 3. To remove items from that list: 1.D. A) Computer Engineering Removing Items from NEW Context Menu When you right-click on the desktop and select New. Delete the ShellNew command key for the items you want to remove. Go to HKEY_CURRENT_USER\Software\Microsoft\Telnet 3.L. 507140 . Open RegEdit 2. Open RegEdit 2.

Add a New DWORD item and name it NoDrives 4. Add a string value "Window Title" (use a space) 4. Mit B.0 is whatever version of IE you have For Internet Explorer: 1. Suthar Page No. Open RegEdit 2. 507140 . none of your drives will show. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main 3. College of Engineering 5th Semester (Div.D.L. Modify the value to what ever you like. 52 Roll No. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express For IE5 and up use: HKEY_CURRENT_USER\IDENTITIES \{9DDDACCO-38F2-11D6-93CA812B1F3493B}\ SOFTWARE\ MICROSOFT\ OUTLOOK EXPRESS\5.Give it a value of 3FFFFFF 5. Modify the value to what ever you like.0 3.Now when you click on My Computer. Changing the caption on the Title Bar Change the Caption on the Title Bar for OutLook Express or the Internet Explorer: For Outlook Express: 1. add a dword value "NoSplash" set to 1 The Key {9DDDACCO-38F2-11D6-93CA-812B1F3493B} can be any key you find here. Add a string value "WindowTitle" (no space) 4. Each user has his own Key number. For no splash screen. The Key 5. Open RegEdit 2. A) Computer Engineering 3.

Disabling My Computer In areas where you are trying to restrict what users can do on the computer.Under Shell is Find 6. it allows you to open your programs folder. this also disables the Window-E (for Explorer) and Window-F (for Find) keys. A) Computer Engineering Disabling the Right-Click on the Start Button Normally.L.Move down a little in the Registry to Folder 8. To disable this: Mit B. 507140 .Search for Desktop 3. the Explorer and run Find.Expand this section and remove Explore and Open Now when you right click on the Start button. You can delete only those items that you need.Delete Find 7.Open RegEdit 2. In situations where you don't want to allow users to be able to do this in order to secure your computer. 1. nothing should happen. College of Engineering 5th Semester (Div. Note: .Expand this section 5. See the section on Installation in the RESKIT to see how to do this automatically during an install. control panel etc. Suthar Page No.This should bring you to HKEY_CLASSES_ROOT\Directory 4. 53 Roll No. it might be beneficial to disable the ability to click on My Computer and have access to the drives. when you right button click on the Start button.On Microsoft keyboards.D.

Why not make the icon context menu act like other icon context menus.D.01. nothing will happen. 507140 .Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D 3. 4. You might want to export this section to a Registry file before deleting it just in case you want to enable it again.00.Open RegEdit 2.Delete the entire section. Add rename to the menu: HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder "Attributes"=hex:50. when you click on the My Computer icon. Suthar Page No. 54 Roll No. A) Computer Engineering 1. Add a new Key named "Command" by right clicking "Open" and selecting new 5. see Change/Add restrictions. .exe" Recycle Bin Edits Fooling with the recycle bin.This should bring you to the HKEY_CLASSES_ROOT\CLSID section 4. Add a new Key named "Open" if it does not exists by right clicking "Shell" and selecting new.20 Mit B. College of Engineering 5th Semester (Div.exe" or "C:\Windows\Explorer. Open RegEdit 2. You can also hide all the Desktop Icons.L. you get a display of all your drives. Opening Explorer from My Computer By default. Go to HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\ Shell 3 . Set the (Default) value for the Command Key to "Explorer. Now when you click on My Computer. Or you can rename it to 20D0HideMyComputer4FE0-3AEA-1069A2D8-08002B30309D. If you would like to have this open the Explorer: 1. the Control Panel etc.

00.02. College of Engineering 5th Semester (Div..20 .00.. A) Computer Engineering Add delete to the menu: HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder "Attributes"=hex:60. 55 Roll No...01.01. HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} \ShellFolder "Attributes"=hex:40.00.. HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows \CurrentVersion\ explorer\ Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} @="Recycle Bin" Reset Windows defaults.20 Restore the recycle bin to Windows defaults including un-deleting the icon after deletion: Restore the icon.01. 507140 ..08.04. standard shortcut arrow "Attributes"=hex:40.20 Other edits to the recycle bin icon: HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder "Attributes"=hex:40. make it look disabled (like it's been cut) For Windows XP and 2000 also edit HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ CLSID\ {645FF040-5081-101B-9F0800AA002F954E} Mit B. a different shortcut arrow "Attributes"=hex:40.01.20 .01.01. and still another shortcut arrow "Attributes"=hex:40. Suthar Page No.L.01.20 Add rename and delete to the menu: HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} \ShellFolder "Attributes"=hex:70.20 .20 ...01.D.

Now.ini Run= and Load = lines. Add a new String Value and name it anything you like 4. To add or remove programs in the Registry 1.D. Mit B. A) Computer Engineering For Windows ME also edit HKEY_CURRENT_USER \Software\ Classes\ CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} Setting the Minimum Password Length 1.Open RegEdit 2. College of Engineering 5th Semester (Div. For the value data. choose the Edit/New/Binary value command and call the new value MinPwdLen. Suthar Page No.Open RegEdit 2. enter the path and executable for the program you want to run. 507140 .Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Policies\ Network 3. Program listed in the Local Machine hive. Press Enter twice and Assign it a value equal to your minimum password length. then finally programs in your Start Up folder. 56 Roll No.Go to the desired Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServices HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServices 3.L. then theWin. Add\delete programs to run every time Windows starts You can start or stop programs from executing at boot up by adding or deleting them to/from the run Keys in the Registry. Windows loads programs to start in the following order. then the Current User hive.

Open RegEdit 2.Open the Key HKEY_CLASSES_ROOT 3. College of Engineering 5th Semester (Div.Restart the Windows Turn Off Window Animation You can shut off the animation displayed when you minimize and maximize Windows. If you add the value to the RunOnce key the program will run once and be removed from the key by Windows.Open the Key LNKFILE 4. A) Computer Engineering By adding the value to the HKEY_CURRENT_USER hive instead allows the program to start only when that user is logged on.Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services \Class \Modem \0000 \Init 3.Change the settings to the new values Mit B. Removing the Shortcut Icon Arrows 1. Set the value data of 0 for Off or 1 for On Changing your Modem's Initialization String 1. 507140 . 1.Open the next Key PIFFILE 6. 57 Roll No.Open RegEdit 2. 4.L. Suthar Page No.D.Delete the value IsShortcut 5. Go to HKEY_CURRENT_USER\Control panel \Desktop\ WindowMetrics 3. Create a new string value "MinAnimate".Delete the value IsShortcut 7.Open RegEdit 2.

In the right panel and double click on Inactivity Timeout 4. it may still show up in the Add/Remove programs list in the Control Panel. Removing Programs from Control Panel's Add/Remove Programs Section If you uninstalled a program by deleting the files.Open RegEdit 2.Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\ Class\ Modem\ XXXX\ Settings Where XXXX is the number of your modem 3. a setting could have S19=<10> to set it to 10 minutes. The default action for a batch file.The number of minutes for a timeout should be entered between the brackets. If you want to change this Mit B. 5. when you double-click on AUTOEXEC. If you have a problem locating the desired program open each key and view the DisplayName value The Fix for Grayed Out Boxes The File Types tab in Explorer's View / Options menu lets you edit most of your file types. 58 Roll No. 1. but certain settings cannot be changed. 507140 . for instance. To change the Time Out:: 1. College of Engineering 5th Semester (Div.BAT.Delete any programs here. In order to remove it from the list.For example.Open RegEdit 2. runs the batch file instead of opening it via Notepad or Wordpad. A) Computer Engineering Increasing the Modem Timeout If your modem it is timing out during file transfers or loading Web Pages.L. Suthar Page No.Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall 3.D. Thus. you might try increasing the timeout period. a DOS window opens. and the file executes.

bit 2: Adds the file type to the File Types tab if it does not have an associated extension. bit 1: Prevents you from editing a file type's description in the Edit File Type dialog. indiscriminately zero out EditFlag. The last two bytes of data are always zero. If you change this value to 00 00 00 00.     Byte 1.D. you must know the function of each EditFlag bit. bit 1: Removes the file type from the master list in the File Types tab (select View / Options under Explorer) if it has an associated extension. For system ProgIDs. however. set all EditFlags to 00 00 00 00. The button is grayed out because HKEY_CLASSES_ROOT's batfile key contains an EditFlag value entry. Byte 1. bit 5: Grays out the Remove button in the File Types tab. replace EditFlag data with 02 00 00 00. it completely disappears from the File Types list. Byte 2. Mit B. For ProgIDs that are linked to extensions. if you do so in a system ProgID such as Drive or AudioCD. Such entries are used throughout the Registry to prevent novice users from altering certain system settings. 507140 . 59 Roll No. Do not. however. you can then change any of the batch file settings. If you wish to have access to some buttons while leaving others grayed out. the Set Default button for the file type called MS-DOS Batch File is always grayed out. bit 7: Grays out the Edit button in the Edit File Type dialog. Byte 1.  Byte 1. Suthar Page No. bit 8: Grays out the Remove button in the Edit File Type dialog. bit 6: Grays out the New button in the Edit File Type dialog (select the Edit button in the File Types tab). A) Computer Engineering default action and edit a batch file when you double-click on it. Byte 1. the File Types tab does not let you do so. Byte 1. but most bits within the first two bytes have a specific effect:  Byte 1. The binary data in batfile's EditFlag reads d0 04 00 00. bit 4: Grays out the Edit button in the File Types tab. bit 3: Identifies a type with no associated extension. College of Engineering 5th Semester (Div.    Byte 1.L.

Open RegEdit 2. HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\ SessionManager 3. Bits 4. then the action is unprotected. Byte 2. 60 Roll No. and 6 of byte 2 apply only to actions that are protected. The EditFlags value for Drive. bits 5. Protection on system files To enable protection on system files such as the KnownDLLs list. then the action is protected. bit 2: Grays out the Change Icon button in the Edit File Type dialog. Create the a Dword value and name it "ProtectionMode " 4. bit 3: Grays out the SetDefault button in the Edit File Type dialog. bit 5: Prevents you from editing the command line in the Edit Action dialog. and bit 1 is on in byte 2. and 8 are on in byte 1. bit 4: Prevents you from editing an action's description in the Edit Action dialog (select the Edit button in the Edit File Type dialog). 507140 . College of Engineering 5th Semester (Div. and 8 are on in byte 1. for instance. A)    Computer Engineering Byte 2. EditFlags with action keys (such as HKEY_CLASSES_ROOT\batfile\shell\open) determine protection. Suthar Page No. bit 1 of such an EditFlag is 0 (or if there is no EditFlag). Byte 2. 1. 7. and bit 3 is on in byte 2. 5. 7. add the following value. Byte 2. The EditFlag for batfile is d0 04 00 00 in Hex or 1101 0000 0000 0100 in binary. If byte 1.L. bit 6: Prevents you from setting DDE (Dynamic Data Exchange) fields in the Edit Action dialog.   Byte 2. Set the Value to1 Mit B. 5.D. If byte 1. Bits 2. is d2 01 00 00 in Hex (1101 0010 0000 0001 in binary). bit 1 is 1. In this case.

College of Engineering 5th Semester (Div.microsoft. An unofficial guide to ethical hacking (2008). 61 Roll No.com/tutorials/tutorial74. 2004 (http://www.L.com/regtrick.D.Ethical hacking series by Ankit Fadia  Support.easydesksoftware.html#conc) Wikipedia – the free encyclopedia http://www. A) Computer Engineering Conclusion Understanding and knowing how to backup the Registry is an important part of keeping your computer secure and running efficiently.com/kb/256986 Lawrence Abrams on June 29. Suthar Page No.htm Mit B. 507140 . It must be stressed that modifying any portion of the Registry should be done with the utmost care as incorrect usage of the Registry could make your computer inoperable.bleepingcomputer. References  Windows Hacking.

Suthar Page No. 507140 .L.D. College of Engineering 5th Semester (Div. 62 Roll No. A) Computer Engineering Mit B.