Windows registry is a set of configuration parameters on the Windows system that reads and utilizes for run time execution of programs. Registries are the central part of Windows OS and critical for the system functioning well. It controls various parts including the kernel, drivers, user interface and applications. Registries are maintained in a hierarchy structure and the entries are stored in various levels to control the system behavior.
Windows registry entry is a set of key and value pair that can be stored and accessed at various levels. The levels are the machine, all users, current user who has logged in etc., The registry entries can be manually modified by running regedit. Also, the registries can be modified by writing scripts and programs like.reg and .ini files which updates the registry entry. The user must be an administrator to modify the registry entries. In general registry entries are created and maintained by Windows. The registry entries of an application are created and managed during the installation of the application.
Significance, relevance and usage of Windows registry
Let us look at the relevance of registry keys. They are used for storing global level parameters hence there is a greater risk of modifying or deleting them. Registry entries store default values on how system or application should behave during execution time. It is critical to maintain the health of the registry as a whole to preserve system sanctity and integrity. The security policy of the organization should cover this critical topic in terms of the restrictions and how it can be governed.
Let us take an example where Windows registry can be used by an application. A collaborative website sends email notification to various users based on the alert levels set by the user, for example once the user modifies a document or an artifact a mail needs to be sent to the observers, reviewers and the author. The website runs on an internet information server over Windows platform. The collaborative application web server can set a registry parameter on the limits of the mails the server can generate at a given point of time for spooling to the mail server. The limit can be, say 2000, which means that at a given point of time the application can process 2000 alerts or mail notifications to the user through a messaging server. This helps the application to manage the queue at a global level of the application. This parameter can be changed to control the outgoing message rate based on the incoming rate of the mail server.
Similarly all applications and even Windows kernel use these global parameters in the registry to optimize performance, manage concurrence and have a reference point for the system to operate on default values.
Limitations
Registry values are organized at very lower level hence the whole system can be impacted like performance degradation, crashes and other catastrophic impacts.
As registry values can be overridden manually it is quite possible that the user may be unaware of the consequences of those changes. The programmer/developer or administrator must be extremely careful for tweaking lower level entries like system.
The best practice is to change the parameters through predefined application interfaces provided by Windows or the application itself, than going to registry.
Virus, malware, spam and Trojans tend to alter registry entries and execute scripts altering the system level parameters. In a system check the integrity of the registry must be checked to avoid corruption.
In summary Windows registry is a mechanism by which the system behavior is governed. It is critical to evolve a policy of making changes and altering them through change management methods.