Главная » Linux

Windows user registry file location

Содержание
  1. User Account Control: Virtualize file and registry write failures to per-user locations
  2. Reference
  3. Possible values
  4. Best practices
  5. Location
  6. Default values
  7. Policy management
  8. Restart requirement
  9. Group Policy
  10. Security considerations
  11. Vulnerability
  12. Countermeasure
  13. Контроль учетных записей: виртуализация сбоев записи в файл или реестр на основании расположений пользователя User Account Control: Virtualize file and registry write failures to per-user locations
  14. Справочные материалы Reference
  15. Возможные значения Possible values
  16. Рекомендации Best practices
  17. Расположение Location
  18. Значения по умолчанию Default values
  19. Управление политикой Policy management
  20. Необходимость перезапуска Restart requirement
  21. Групповая политика Group Policy
  22. Вопросы безопасности Security considerations
  23. Уязвимость Vulnerability
  24. Противодействие Countermeasure
  25. Возможное влияние Potential impact
  26. How do I open and edit the Windows registry?
  27. How to open the Windows registry
  28. Windows 10
  29. Windows 8
  30. Windows 7 and earlier
  31. How to browse the Windows registry
  32. How to edit a Windows registry value
  33. How to delete a Windows registry value
  34. Windows registry shorthand and abbreviations
  35. Windows registry information for advanced users
  36. Description of the registry
  37. Back up the registry
  38. Edit the registry
  39. Use the Windows user interface
  40. Use Registry Editor
  41. Use Group Policy
  42. Use a Registration Entries (.reg) file
  43. Use Windows Script Host
  44. Use Windows Management Instrumentation
  45. Use Console Registry Tool for Windows
  46. Restore the registry
  47. Method 1: Restore the registry keys
  48. Method 2: Restore the whole registry
  49. References

User Account Control: Virtualize file and registry write failures to per-user locations

Applies to

Describes the best practices, location, values, policy management and security considerations for the User Account Control: Virtualize file and registry write failures to per-user locations security policy setting.

Reference

This policy setting enables or disables the redirection of the write failures of earlier applications to defined locations in the registry and the file system. This feature mitigates applications that historically ran as administrator and wrote runtime application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKEY_LOCAL_MACHINE\Software\.

This feature can be disabled for applications on devices running at least WindowsВ Vista because it is unnecessary.

Possible values

Enabled

Setting this value facilitates the runtime redirection of application write failures to defined user locations for the file system and the registry.

Disabled

Applications that write data to protected locations fail.

Best practices

  1. If you run applications that are not WindowsВ Vista-compliant, enable this security policy to prevent the possibility that these older applications could write data to unsecure locations.
  2. If you only run at least Windows Vista–compliant applications, this feature is unnecessary so you can disable this policy.

Location

\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Default values

The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.

Server type or GPO Default value
Default Domain Policy Not defined
Default Domain Controller Policy Not defined
Stand-Alone Server Default Settings Enabled
DC Effective Default Settings Enabled
Member Server Effective Default Settings Enabled
Client Computer Effective Default Settings Enabled

Policy management

This section describes features and tools that are available to help you manage this policy.

Restart requirement

None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.

Group Policy

All auditing capabilities are integrated in Group Policy. You can configure, deploy, and manage these settings in the Group Policy Management Console (GPMC) or Local Security Policy snap-in for a domain, site, or organizational unit (OU).

Security considerations

This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

Vulnerability

Earlier applications might not write data to secure locations.

Countermeasure

Enable the User Account Control: Virtualize file and registry write failures to per-user locations setting.

Контроль учетных записей: виртуализация сбоев записи в файл или реестр на основании расположений пользователя User Account Control: Virtualize file and registry write failures to per-user locations

Область применения Applies to

В этой статье описываются практические советы, расположение, значения, управление политиками и вопросы безопасности для контроля учетных записей пользователей: виртуализация сбоев записи файлов и реестра в параметр политики безопасности расположений для каждого пользователя. Describes the best practices, location, values, policy management and security considerations for the User Account Control: Virtualize file and registry write failures to per-user locations security policy setting.

Справочные материалы Reference

Этот параметр политики включает или отключает перенаправление сбоев записи предыдущих приложений в определенные расположения в реестре и файловой системе. This policy setting enables or disables the redirection of the write failures of earlier applications to defined locations in the registry and the file system. Эта функция устраняет влияние приложений, которые ранее запускались как администраторы и записыывали данные приложений в %ProgramFiles%, %Windir%, %Windir%\system32 или HKEY_LOCAL_MACHINE\Software\. This feature mitigates applications that historically ran as administrator and wrote runtime application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKEY_LOCAL_MACHINE\Software\.

Эту функцию можно отключить для приложений на устройствах под управлением Windows Vista, так как она не нужна. This feature can be disabled for applications on devices running at least Windows Vista because it is unnecessary.

Возможные значения Possible values

Включено Enabled

Установка этого значения упрощает перенаправление сбоев записи приложений в определенные расположения пользователей для файловой системы и реестра. Setting this value facilitates the runtime redirection of application write failures to defined user locations for the file system and the registry.

Отключено Disabled

Сбой приложений, которые записывают данные в защищенные расположения. Applications that write data to protected locations fail.

Рекомендации Best practices

  1. Если вы запустите приложения, не совместимые с Windows Vista, в этой политике безопасности предотвращается возможность записи данных в незасвеченные расположения в старых приложениях. If you run applications that are not Windows Vista-compliant, enable this security policy to prevent the possibility that these older applications could write data to unsecure locations.
  2. Если вы запустите по крайней мере приложения, совместимые с Windows Vista, эта функция не является необходимой, поэтому вы можете отключить эту политику. If you only run at least Windows Vista–compliant applications, this feature is unnecessary so you can disable this policy.

Расположение Location

\Конфигурация компьютера\Параметры Windows\Параметры безопасности\Локальные политики\Параметры безопасности \Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Значения по умолчанию Default values

В следующей таблице перечислены фактические и эффективные значения по умолчанию для этой политики. The following table lists the actual and effective default values for this policy. Значения по умолчанию также можно найти на странице свойств политики. Default values are also listed on the policy’s property page.

Тип сервера или объект групповой политики Server type or GPO Значение по умолчанию Default value
Default Domain Policy Default Domain Policy Не определено Not defined
Политика контроллера домена по умолчанию Default Domain Controller Policy Не определено Not defined
Параметры по умолчанию для автономного сервера Stand-Alone Server Default Settings Включено Enabled
Эффективные параметры по умолчанию для DC DC Effective Default Settings Включено Enabled
Действующие параметры по умолчанию для рядового сервера Member Server Effective Default Settings Включено Enabled
Действующие параметры по умолчанию для клиентского компьютера Client Computer Effective Default Settings Включено Enabled

Управление политикой Policy management

В этом разделе описываются функции и средства, которые помогут вам управлять этой политикой. This section describes features and tools that are available to help you manage this policy.

Необходимость перезапуска Restart requirement

Нет. None. Изменения этой политики становятся эффективными без перезапуска устройства, если они сохраняются локально или распространяются посредством групповой политики. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.

Групповая политика Group Policy

Все возможности аудита интегрированы в групповую политику. All auditing capabilities are integrated in Group Policy. Эти параметры можно настроить, развернуть и управлять ими в консоли управления групповыми политиками (GPMC) или в оснастке «Локализованная политика безопасности» для домена, сайта или подразделения. You can configure, deploy, and manage these settings in the Group Policy Management Console (GPMC) or Local Security Policy snap-in for a domain, site, or organizational unit (OU).

Вопросы безопасности Security considerations

В этом разделе описывается, каким образом злоумышленник может использовать компонент или его конфигурацию, как реализовать меры противодействия, а также рассматриваются возможные отрицательные последствия их реализации. This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

Уязвимость Vulnerability

Более ранние приложения могут не записывать данные в безопасные расположения. Earlier applications might not write data to secure locations.

Противодействие Countermeasure

Включить контроль учетных записей пользователей: виртуализация сбоев записи файлов и реестра в параметры расположения для каждого пользователя. Enable the User Account Control: Virtualize file and registry write failures to per-user locations setting.

Возможное влияние Potential impact

Нет. None. Это конфигурация по умолчанию. This is the default configuration.

How do I open and edit the Windows registry?

Fixing Windows errors, tweaking Windows features, or completely removing a program can sometimes require you to edit the Windows registry. This page provides help on how to open and view the Windows registry, edit, and delete registry values.

Before editing or changing anything in the Microsoft Windows registry, we recommend you back up the registry. For help with backing up the registry, see: How to back up and restore the Windows registry.

How to open the Windows registry

To open the Windows registry, follow the steps below for your version of Windows.

If you have restricted access to the Windows computer you’re logged in to, you may not be able to access the Windows registry.

Windows 10

  1. Type regedit in the Windows search box on the taskbar and press Enter .
  2. If prompted by User Account Control, click Yes to open the Registry Editor.
  3. The Windows Registry Editor window should open and look similar to the example shown below.

Windows 8

  1. Type regedit on the Start screen and select the regedit option in the search results.
  2. If prompted by User Account Control, click Yes to open the Registry Editor.
  3. The Windows Registry Editor window should open and look similar to the example shown below.

Windows 7 and earlier

  1. Click Start or press the Windows key .
  2. In the Start menu, either in the Run box or the Search box, type regedit and press Enter . In Windows 8, you can type regedit on the Start screen and select the regedit option in the search results. In Windows 10, type regedit in the Search box on the taskbar and press Enter .
  3. If prompted by User Account Control, click Yes to open the Registry Editor.
  4. The Windows Registry Editor window should open and look similar to the example shown below.

How to browse the Windows registry

When most users need to edit their registry, they’re given the location or path of where the registry value is located and what to change. Below is an example path for a commonly accessed registry subkey. To browse to this location, you first start by opening the HKEY_LOCAL_MACHINE key (folder). In this key, you see the SOFTWARE folder, then Microsoft, Windows, CurrentVersion, and finally the Run folder.

Each backslash («\») in a registry path represents another folder in the registry, with the name of that folder following the backslash.

After navigating to the registry path above, you’ll see a window similar to the example below. In this example, you can see four different string value keys, which are pointing to the programs that run each time the computer is turned on or restarted.

How to edit a Windows registry value

To edit a registry value, double-click the name of the value you want to edit. For example, if we double-clicked the ‘IntelliPoint’ value in the example above, a new window appears that would allow us to change the value of the data. In this case, we could change the file path of where the «ipoint.exe» file is located for the IntelliPoint driver.

How to delete a Windows registry value

To delete a registry value, highlight any registry Name and then press the Del on the keyboard. For example, if we did not want the IntelliPoint program to load each time Windows starts, we could highlight IntelliPoint and then press the Del .

Windows registry shorthand and abbreviations

In some documentation and online forums, the registry values may be abbreviated. For example, instead of saying «HKEY_LOCAL_MACHINE,» it is easier to say and write «HKLM.» For a listing of registry terms and shorthand, see our registry definition.

Windows registry information for advanced users

This article describes the Windows registry and provides information about how to edit and back up it.

Original product version: В Windows 10 — all editions, Windows Server 2012 R2
Original KB number: В 256986

Description of the registry

The Microsoft Computer Dictionary, Fifth Edition, defines the registry as:

A central hierarchical database used in Windows 98, Windows CE, Windows NT, and Windows 2000 used to store information that is necessary to configure the system for one or more users, applications, and hardware devices.

The Registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used.

The Registry replaces most of the text-based .ini files that are used in Windows 3.x and MS-DOS configuration files, such as the Autoexec.bat and Config.sys. Although the Registry is common to several Windows operating systems, there are some differences among them. A registry hive is a group of keys, subkeys, and values in the registry that has a set of supporting files that contain backups of its data. The supporting files for all hives except HKEY_CURRENT_USER are in the % SystemRoot%\System32\Config folder on Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. The supporting files for HKEY_CURRENT_USER are in the %SystemRoot%\Profiles\Username folder. The file name extensions of the files in these folders indicate the type of data that they contain. Also, the lack of an extension may sometimes indicate the type of data that they contain.

Registry hive Supporting files
HKEY_LOCAL_MACHINE\SAM Sam, Sam.log, Sam.sav
HKEY_LOCAL_MACHINE\Security Security, Security.log, Security.sav
HKEY_LOCAL_MACHINE\Software Software, Software.log, Software.sav
HKEY_LOCAL_MACHINE\System System, System.alt, System.log, System.sav
HKEY_CURRENT_CONFIG System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log
HKEY_USERS\DEFAULT Default, Default.log, Default.sav

In Windows 98, the registry files are named User.dat and System.dat. In Windows Millennium Edition, the registry files are named Classes.dat, User.dat, and System.dat.

Security features in Windows let an administrator control access to registry keys.

The following table lists the predefined keys that are used by the system. The maximum size of a key name is 255 characters.

Folder/predefined key Description
HKEY_CURRENT_USER Contains the root of the configuration information for the user who is currently logged on. The user’s folders, screen colors, and Control Panel settings are stored here. This information is associated with the user’s profile. This key is sometimes abbreviated as HKCU.
HKEY_USERS Contains all the actively loaded user profiles on the computer. HKEY_CURRENT_USER is a subkey of HKEY_USERS. HKEY_USERS is sometimes abbreviated as HKU.
HKEY_LOCAL_MACHINE Contains configuration information particular to the computer (for any user). This key is sometimes abbreviated as HKLM.
HKEY_CLASSES_ROOT Is a subkey of HKEY_LOCAL_MACHINE\Software . The information that is stored here makes sure that the correct program opens when you open a file by using Windows Explorer. This key is sometimes abbreviated as HKCR. Starting with Windows 2000, this information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. The HKEY_LOCAL_MACHINE\Software\Classes key contains default settings that can apply to all users on the local computer. The HKEY_CURRENT_USER\Software\Classes key contains settings that override the default settings and apply only to the interactive user. The HKEY_CLASSES_ROOT key provides a view of the registry that merges the information from these two sources. HKEY_CLASSES_ROOT also provides this merged view for programs that are designed for earlier versions of Windows. To change the settings for the interactive user, changes must be made under HKEY_CURRENT_USER\Software\Classes instead of under HKEY_CLASSES_ROOT. To change the default settings, changes must be made under HKEY_LOCAL_MACHINE\Software\Classes . If you write keys to a key under HKEY_CLASSES_ROOT, the system stores the information under HKEY_LOCAL_MACHINE\Software\Classes . If you write values to a key under HKEY_CLASSES_ROOT, and the key already exists under HKEY_CURRENT_USER\Software\Classes , the system will store the information there instead of under HKEY_LOCAL_MACHINE\Software\Classes .
HKEY_CURRENT_CONFIG Contains information about the hardware profile that is used by the local computer at system startup.

The registry in 64-bit versions of Windows XP, Windows Server 2003, and Windows Vista is divided into 32-bit and 64-bit keys. Many of the 32-bit keys have the same names as their 64-bit counterparts, and vice versa. The default 64-bit version of Registry Editor that is included with 64-bit versions of Windows XP, Windows Server 2003, and Windows Vista displays the 32-bit keys under the node HKEY_LOCAL_MACHINE\Software\WOW6432Node . For more information about how to view the registry on 64-Bit versions of Windows, see How to view the system registry by using 64-bit versions of Windows.

The following table lists the data types that are currently defined and that are used by Windows. The maximum size of a value name is as follows:

  • Windows Server 2003, Windows XP, and Windows Vista: 16,383 characters
  • Windows 2000: 260 ANSI characters or 16,383 Unicode characters
  • Windows Millennium Edition/Windows 98/Windows 95: 255 characters

Long values (more than 2,048 bytes) must be stored as files with the file names stored in the registry. This helps the registry perform efficiently. The maximum size of a value is as follows:

  • Windows NT 4.0/Windows 2000/Windows XP/Windows Server 2003/Windows Vista: Available memory
  • Windows Millennium Edition/Windows 98/Windows 95: 16,300 bytes

There is a 64K limit for the total size of all values of a key.

Name Data type Description
Binary Value REG_BINARY Raw binary data. Most hardware component information is stored as binary data and is displayed in Registry Editor in hexadecimal format.
DWORD Value REG_DWORD Data represented by a number that is 4 bytes long (a 32-bit integer). Many parameters for device drivers and services are this type and are displayed in Registry Editor in binary, hexadecimal, or decimal format. Related values are DWORD_LITTLE_ENDIAN (least significant byte is at the lowest address) and REG_DWORD_BIG_ENDIAN (least significant byte is at the highest address).
Expandable String Value REG_EXPAND_SZ A variable-length data string. This data type includes variables that are resolved when a program or service uses the data.
Multi-String Value REG_MULTI_SZ A multiple string. Values that contain lists or multiple values in a form that people can read are generally this type. Entries are separated by spaces, commas, or other marks.
String Value REG_SZ A fixed-length text string.
Binary Value REG_RESOURCE_LIST A series of nested arrays that is designed to store a resource list that is used by a hardware device driver or one of the physical devices it controls. This data is detected and written in the \ResourceMap tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.
Binary Value REG_RESOURCE_REQUIREMENTS_LIST A series of nested arrays that is designed to store a device driver’s list of possible hardware resources the driver or one of the physical devices it controls can use. The system writes a subset of this list in the \ResourceMap tree. This data is detected by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.
Binary Value REG_FULL_RESOURCE_DESCRIPTOR A series of nested arrays that is designed to store a resource list that is used by a physical hardware device. This data is detected and written in the \HardwareDescription tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.
None REG_NONE Data without any particular type. This data is written to the registry by the system or applications and is displayed in Registry Editor in hexadecimal format as a Binary Value
Link REG_LINK A Unicode string naming a symbolic link.
QWORD Value REG_QWORD Data represented by a number that is a 64-bit integer. This data is displayed in Registry Editor as a Binary Value and was introduced in Windows 2000.

Back up the registry

Before you edit the registry, export the keys in the registry that you plan to edit, or back up the whole registry. If a problem occurs, you can then follow the steps in the Restore the registry section to restore the registry to its previous state. To back up the whole registry, use the Backup utility to back up the system state. The system state includes the registry, the COM+ Class Registration Database, and your boot files. For more information about how to use the Backup utility to back up the system state, see the following articles:

Edit the registry

To modify registry data, a program must use the registry functions that are defined in Registry Functions.

Administrators can modify the registry by using Registry Editor (Regedit.exe or Regedt32.exe), Group Policy, System Policy, Registry (.reg) files, or by running scripts such as VisualBasic script files.

Use the Windows user interface

We recommend that you use the Windows user interface to change your system settings instead of manually editing the registry. However, editing the registry may sometimes be the best method to resolve a product issue. If the issue is documented in the Microsoft Knowledge Base, an article with step-by-step instructions to edit the registry for that issue will be available. We recommend that you follow those instructions exactly.

Use Registry Editor

Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

You can use Registry Editor to do the following actions:

  • Locate a subtree, key, subkey, or value
  • Add a subkey or a value
  • Change a value
  • Delete a subkey or a value
  • Rename a subkey or a value

The navigation area of Registry Editor displays folders. Each folder represents a predefined key on the local computer. When you access the registry of a remote computer, only two predefined keys appear: HKEY_USERS and HKEY_LOCAL_MACHINE.

Use Group Policy

Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services, and other system components. The Group Policy MMC snap-in lets administrators define policy settings that are applied to computers or users. You can implement Group Policy on local computers by using the local Group Policy MMC snap-in, Gpedit.msc. You can implement Group Policy in Active Directory by using the Active Directory Users and Computers MMC snap-in. For more information about how to use Group Policy, see the Help topics in the appropriate Group Policy MMC snap-in.

Use a Registration Entries (.reg) file

Create a Registration Entries (.reg) file that contains the registry changes, and then run the .reg file on the computer where you want to make the changes. You can run the .reg file manually or by using a logon script. For more information, see How to add, modify, or delete registry subkeys and values by using a Registration Entries (.reg) file.

Use Windows Script Host

The Windows Script Host lets you run VBScript and JScript scripts directly in the operating system. You can create VBScript and JScript files that use Windows Script Host methods to delete, to read, and to write registry keys and values. For more information about these methods, visit the following Microsoft Web sites:

Use Windows Management Instrumentation

Windows Management Instrumentation (WMI) is a component of the Microsoft Windows operating system and is the Microsoft implementation of Web-Based Enterprise Management (WBEM). WBEM is an industry initiative to develop a standard technology for accessing management information in an enterprise environment. You can use WMI to automate administrative tasks (such as editing the registry) in an enterprise environment. You can use WMI in scripting languages that have an engine on Windows and that handle Microsoft ActiveX objects. You can also use the WMI Command-Line utility (Wmic.exe) to modify the Windows registry.

Use Console Registry Tool for Windows

You can use the Console Registry Tool for Windows (Reg.exe) to edit the registry. For help with the Reg.exe tool, type reg /? at the Command Prompt, and then click OK.

Restore the registry

To restore the registry, use the appropriate method.

Method 1: Restore the registry keys

To restore registry subkeys that you exported, double-click the Registration Entries (.reg) file that you saved in the Export registry subkeys section. Or, you can restore the whole registry from a backup. For more information about how to restore the whole registry, see the Method 2: Restore the whole registry section later in this article.

Method 2: Restore the whole registry

To restore the whole registry, restore the system state from a backup. For more information about how to restore the system state from a backup, see How to use Backup to protect data and restore files and folders on your computer in Windows XP and Windows Vista.

Backing up the system state also creates updated copies of the registry files in the %SystemRoot%\Repair folder.

References

For more information, visit the following Web sites:

The Windows Server Catalog of Tested Products is a reference for products that have been tested for Windows Server compatibility.

Data Protection Manager (DPM) is a key member of the Microsoft System Center family of management products and is designed to help IT professionals manage their Windows environment. DPM is the new standard for Windows backup and recovery and delivers continuous data protection for Microsoft application and file servers that use seamlessly integrated disk and tape media. For more information about how to back up and restore the registry, see How to back up and restore the registry in Windows XP and Windows Vista.

Читайте также:  Windows bat rename directory
Оцените статью
© 2024 Советы по настройке компьютера