Understanding Windows Registry

Introduction

Let’s say a user just finished installing a piece of recommended software. They weren’t really familiar with the source, but the potential benefits would be excellent. Immediately after installation they can’t right-click anywhere, the taskbar is gone and there is a rather large PAY US OR ELSE wallpaper permanently plastered onto their desktop. 

They run the standard company-issued antivirus/malware applications, which takes care of some of the problems. But certain settings, like the wallpaper, are still stuck in place. They need your help to finish cleaning up the system. What are you going to do?

Windows Registry

The Registry in Windows stores a ridiculous number of program and personalization settings, license keys, policies, rules and the list goes on and on. Basically, if it’s a setting that needs to be kept long-term, more often than not it’s going to be kept in the Registry.

To access the Registry, you simply have to run a utility called regedit. This same executable works on all flavors of Windows, although the ability to run this depends greatly on your local permissions. This is one of the key programs affected by User Account Control (UAC) and by your group memberships, so if you’re trying to change a user-specific setting and end up having to run regedit as a different user, this can cause some mild problems.

Once you are in Regedit, the registry will appear as a tree structure:

Each of these elements does one of two things. Either it covers a key domain of the Registry, or it acts as a pointer or aggregator for values that are stored in locations that are not that easy to get to.

 

HKEY_CLASSES_ROOT (Shortened to HKCR)This deals primarily with applications that associate specific file types with themselves. It combines values located in (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Kurt Ellzey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/XspRaVSZxYQ/