Registry Types for Windows Administrators

 

  
The Registry is one of the most maligned parts of Windows, but it’s something that is going to be with us for a long time and every system administrator will have to work with eventually. Not everyone is familiar with all of the types of data that it can contain, so here’s a quick summary of those types. I will only cover those types that can be created with regedit.exe, the other types are rarely used enough that most administrators will never encounter them.
 
String
AKA REG_SZ
Probably the most common type, it’s simply a text value. It can contain any text support by the system, which means it can contain Unicode characters which may trip you up if you export or import data from text files.
 
Multi-String
AKA REG_MULTI_SZ
Used a lot less than String, it’s just a list of several strings together. The one thing that can’t be stored in a Multi-String value is an empty string (which can be stored in String) because internally an empty string is used to mark the end of the value.
 
Expandable String
AKA REG_EXPAND_SZ
This type is exactly the same as a normal String. It is used to inform an application that the string contains environment variables that need to be expanded (such as %windir% or %programfiles%.) It’s up to the application to do the expanding, though, so there’s no guarantee that creating a value of this type will actually be expanded. 
 
DWORD
AKA REG_DWORD
A 32-bit number in the range 0 – 4,294,967,295. This type is quite often used as a Boolean (true/false) value with 0 used for false and 1 used for true. Its name comes from Double WORD, since a WORD is 16-bits. (TRIVIA! 4-bits is called a Nibble.)
 
QWORD
AKA REG_QWORD
A 64-bit number in the range 0 – 18,446,744,073,709,551,615. This type was added to the registry in Windows 2000 and not supported by regedit.exe until very recently. It’s still very uncommon and you’ll see a lot large numbers stored in two DWORDs. As you can probably guess, its name is short for Quad WORD.
 
Binary
AKA REG_BINARY
A binary value is simply a bunch of bytes. Binary values are usually encrypted data or data that is encoded in a format that can only be understood internally by a program (such as ACLs.) These values can be edited with regedit.exe or reg.exe, but you’ll want to be very careful because they aren’t intended to be understood directly by a human (if you’re a protocol droid, then you’ll be okay.) 
 

Need to remotely edit the registry on multiple computers? Try Admin Arsenal for free.