The Registry database is stored in binary files known as hives. At startup, the hives are read and the data is stored in the pageable memory pool. This will take a few MB for a workstation and more for domain controllers. The size of the Registry depends on
Improperly set RSL Registry Size Limit can produce errors. An insufficient size limit may cause problems such as out of memory errors.
The hive file for the logged in user is loaded from the folder %SystemDrive%\Documents and Settings\%Username%. The other hive files are stored in the folder %SystemRoot%\System32\Config.
The hives correspond to the files in the following table.
Everything in the Registry is organized
into two main subtrees.
NTBackup will backup the registry as part of the System State. REGBACK/REGREST are Resource Kit utilities to backup and restore the Registry without the rest of the System State.
Emergency Repair Disk
The ERD is an emergency backup of the Registry that is stored on a diskette. In Windows 2000, NTBACKUP copies the Registry to a diskette and to C:\Repair\RegBack. Windows 2003 and XP replace this with the new ASR Automated System Recovery.
The Emergency Repair procedure requires booting with the original Windows CD or the set of four setup diskettes. Interrupt the normal installation procedure by selecting R to repair the system.
The same security and auditing system that protects the file system is used to protect the Registry. The generic permissions on Registry keys are Read and Full Control. Special permissions provide fine control. The default permissions allow ordinary users to alter many critical Registry settings. The Registry Editor can change the security permissions.
Restricting permissions too much may prevent some applications or system features from working properly. Ensure that you test any security changes.
Windows 2000 and XP have tighter Registry security than NT. This may cause problems for older applications. Solve this problem by updating the application or relaxing the security. To relax the security to be compatible with NT, use the Security Configuration and Analysis MMC snap-in and apply the COMPATWS.INF template.
Use SysDiff to fix application problems
The Resource Kit SysDiff utility can store system changes/differences from one machine and duplicate these changes to another machine. SysDiff can store both file and registry changes. It is typically used to store the file and registry changes that occur when a new application is installed. The changes are stored in a difference file that is then used to quickly deploy the application on other machines. If the application becomes corrupted, reapplying the the difference file will fix the problem.
Use WinDiff to observe Registry changes
WinDiff is a utility that can show you the differences between two files. It can be used to show differences between two parts of the Registry or to compare a part of the Registry before and after some event, like an application installation. The registry entries must first be exported to ASCII REG files and then they can be compared with WinDiff. The following dialog shows the comparison of two different Control Sets. Common lines are displayed with a white background and differences are colored.