Everyone has a problem with Windows and look for an online guide that shows us how to change the system logs in the hope of solving it without understanding what you are actually doing. Good but not very well. We try to fully understand what we are going to change and how these registries are composed.


The registry is a centrale secure database where Windows store all information of hardware configuration, software and secure policies system. The components

The components that use it are varied starting from the kernel, installation programs, hardware and user profile. In many case it’s not necessary to log in to the registry manually, because they automatically think about the programs and the various applications. Every time you want to make a change, is reputable lcarefully read the instructions to avoid damaging it and making your computer unusable.


For log into registry is sufficient click in start and digit REGEDIT.EXE. It’s split in several logic sections, often referred to as hives, which are generally named by their Windows API definitions. The hives begin with HKEY, often spesso abbreviated with HK for create a uno short name with the remaining path. For example: HKCU represents HKEY_CURRENT_USER or HKLM, or rather HKEY_LOCAL_MACHINE. In Windows Server there are 5 root keys HKEY:

  • HKEY_CLASSES_ROOT: Stores information about registered applications, such as the fil association that tells which default program opens a file with a certain extension.
  • HKEY_CURRENT_USER: Stores settings that are specific to the currently logged-in user. When a user logs off, the HKEY_CURRENT_USERS is saved to HKEY_USERS.
  • HKEY_LOCAL_MACHINE: Stores settings that are specific to the local computer.
  • HKEY_USERS: Contains subkeys corresponding to the HKEY_CURRENT_USERS keys for each user profile actively loaded on the machine.
  • HKEY_CURRENT_CONFIG: Contains information gathered at run time. Information stored in this key is not permanently stored on disk, but rather regenerated at the boot time

The registry keys are similar to folders, with their paths, which contain values ​​and sub-keys of different types. Here are some types:

Binary value REG_BINARY Raw binary data. Most hardware component information is stored as binary data and is showed in Registry in hexadecimal format
Multi-string value REG_MULTI_SZ A multiple string. Values that contain list or multiple values in a form that people can read are generally this type. Entries are separated by spaces or commas.
Expandable string value REG_EXPAND_SZ A variable length data string. This datatype includes variables that are resolved when a program or service uses the data.
String value REG_SZ A fixed length text string.
Valore DWORD REG_DWORD Data represented by a number that is 4 bytes long. Many parameters for device drivers and services are this type and are displayed in Registry in binary, decimal or hexadecimal format.
Valore QWORD REG_QWORD Data represented by a number that is a 8 bytes integer. This data is show in Registry as a binary value.

A small mention to the Reg files are text files used to store portions of the registry with a .reg extension. With a double click you can add to the registry, export by right clicking and make a backup.


We have seen what the registry is in Windows and what it is composed. There is nothing left to do but to browse inside, change it if you want to pay attention to what you do!

Books to understand how Windows servers work:

Book 1
Book 2

Recent Tweets

For privacy reasons Twitter needs your permission to be loaded.
I Accept