3 Tools To Monitor & Examine The Windows Registry
The Windows registry is one of the most poorly understood parts of the Windows operating system. Understanding it, and using appropriate tools to manage it, can make the difference in having a well-functioning computer.
Whatever version of Windows you’re using, the registry remains a core piece of how software “plugs in” to the OS. For many years, it’s been the secret weapon for many IT technicians. It is a place where, if you know what you’re doing, you can increase performance of your PC . Of course, if you don’t know what you’re doing, you might not see any performance increase at all or you can actually cause the dreaded blue screen of death .
Don’t worry, you don’t have to be a PC guru to gain the benefits of registry tweaks. Several tools can simplify the registry, and help you find and repair any issues that might be causing problems for your computer.
Windows Registry Basics
Managing the Windows registry in either Windows 7, Windows 8, or Windows 10 boils down to using the built-in Regedit tool. Launching Regedit works the same in all versions of Windows. You can either search for it (this is where Windows versions differ slightly) or you can press Windows key + R to open the Run dialog, type regedit, and click OK or hit Enter.
Picture the windows registry as the “Project Manager” for Windows. It manages custom elements of all software installed on the system, such as what users can or can’t do when logged into an application. This is especially useful when you’re looking into why Windows itself is behaving unexpectedly. Many times, the secret lies deep inside the registry, where some random registry key got edited – sometimes by a virus – and it’s causing the sort of problems you’re seeing.
One of the more thorough examples of using the registry – complete with a list of really cool registry hacks – is Chris Hoffman’s recent article explaining how the Windows registry works .
You’ll want to be very careful any time you try to customize the registry in the way that Chris described – or using any of the tools described below. However, by using one of the tools below, monitoring or customizing the Windows registry gets a little bit easier, especially for users who are new to tweaking registry settings.
Monitor Registry Changes With Regshot
The great thing about the Windows registry is that it is a very powerful way to affect the entire operating system. That is also its ultimate weakness. All it takes is a small “tweak” to an important entry in the registry, and it can completely alter how your operating system performs.
This is why Regshot, an open-source registry compare utility, makes it to the top of this list of registry tools.
Regshot lets you take a snapshot of your entire registry when you know your computer is operating at peak efficiency. This might be just after you did a virus scan , or when you’ve updated Windows with the latest Microsoft patches . It has the added bonus of taking a snapshot of important directories (like your core Windows directory), so you can compare later to see if any changes were made there as well.
Once you have the “1st shot” file saved, at any point in time you can run the utility again, click the “2nd shot” button, and then run the “Compare” function to see any changes. You can actually test this out after installing new software on your computer. This utility will show you all of the registry and Windows directory changes that were made.
Examine The Registry With The Reg Command
One very useful command line tool that’s built right into Windows is the “Reg” command. Launch the command window (via Search or Accessories or press Windows key + R, enter cmd, and hit Enter), and you can make use of this fast and effective tool to query the values of registry keys, add or change key values, or even export and import keys.
The only catch with using this tool is that you’ll need a list of keys that you want to monitor or change before issuing the commands. For example, if you want to monitor the Common Files Directory that the Windows Operating system currently uses, you can check that key by typing in:
Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir
The resulting key value gets displayed when you hit the enter key.
If you want to regularly monitor important registry values to see if any of them get changed as a result of viruses or other malicious software , you could create a batch job that queries all of those keys and outputs them to a data file, like this:
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >> c:\temp\registryinfo.txt
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v ProgramFilesDir >> c:\temp\registryinfo.txt
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v ProgramFilesPath >> c:\temp\registryinfo.txt
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v SM_GamesName >> c:\temp\registryinfo.txt
The resulting output file will look like below.
Using the “reg” command, you can also add new values by typing:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\TestKey
Obviously, there’s not much point in adding a “TestKey” value in that registry domain, but it shows how you can quickly add a key anywhere in the registry with just one single command line.
With the “reg” command, you can also use the “export” function to take a snapshot of important sections of the registry. This is as easy as typing “reg export”, followed by the path of the key or the domain folder. For example, to take a snapshot of the entire CurrentVersion registry domain, you would type:
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion c:\temp\CurrentVersionExport.txt
Once you’ve saved these snapshot files, you can import them later by using the “reg import [Filename]” command. This is a convenient way to fix important sections of the registry after some software update or virus infection has corrupted it. This is obviously a more “manual” approach to managing and protecting the registry, but for anyone who prefers the command-line or batch job approach over using pre-made applications – this is the perfect solution.
Manage Your Registry Better With Registrar
Considering the importance of your registry, maybe it should be “managed” rather than just checked occasionally for problems. Clearly meant for more advanced PC users, a free tool called Registrar offered by Resplendence – the maker of a number of high quality Windows tools – is a fantastic solution. It provides more functional access to your registry than the Windows regedit utility.
At first glance, it looks just like you’re using regedit, but there’s a toolbar filled with features.
What you’ll find when you start exploring your registry with this tool, is that it gives you much more flexibility and management over the registry when compared to regedit. Conduct easy search and replace operations, bookmark important registry keys for constant monitoring later, and best of all, descriptions for registry keys and values (and the ability to add your own).
You can see how useful these descriptions are when you double click a key. Unlike regedit, which simply shows you the name of the key and the value while editing, Registrar shows you the key and value, but also what category that key falls under, and a thorough description if it’s available.
Bookmarking important keys for easy monitoring is as simple as right clicking a key or folder, and choosing the “Bookmark” option.
This is especially useful for those critical Windows OS keys that you know viruses particularly target, like the Startup and Scheduler keys. You can find a full list of most commonly targeted registry keys over at the Symantec website.
Do You Keep A Backup Of Your Registry?
As you can see, there are some pretty useful tools and utilities for monitoring your registry and making sure it’s clean. It’s a good idea to at least take a snapshot so that if your registry gets hacked, you can figure out what made things go south. You will also have a way to recover things back to the way they were before. Considering how significantly small changes to the registry can impact your computer performance and operation, taking a snapshot and monitoring your registry is a very good insurance policy.
Do you keep an eye on your computer registry? What tools do you use to do so? Share your own tricks and advice in the comments section below.
Image Credits: 3d cube Via Shutterstock