People often asking me how I find Registry ‘tweaks’ and there is absolutely no voodoo behind there basically two programs I use, this is RegScanner and RegistryChangesView both portable programs are from NirSoft. All of his programs are free and ads-free, he is well known for tons of awesome tools and it’s worth to check his page and programs out, maybe even donate something to him because it takes really a long time to code so many programs.
The program comes in a very basic view, the developer basically uses one GUI for all of his programs, I’m not saying this is a bad thing, personally I like it minimalistic because it does what it promises and that’s why we are here for.
Creating a Snapshot
In order to use this program you need to create two snapshots, the first is for your current status which means that it creates an output file which lists all the current Registry related entries and the second snapshot is to find your changed registry entries or in other words to find the registry tweaks you’re looking for.
After you did this you need to create the second snapshot but first ensure you made the change you like to capture in our example I like to find a gpedit.msc change.
We like to get the registry value for this test case so now we enable this option “Disk quotas” and then we going to do our second snapshot.
The important thing here is that you check the ‘Direction’ part, the default option which you can see on the screenshot is okay, you want to compare the first snapshot against the one which including our changes we made.
After we compared our snapshots we are done, don’t be confused that there a lot of other entries because Windows is changing something in the background all the time eg. for the task scheduler or you have applications running in the background. Use the integrated search, you could in our case search for ‘quota’ which directly points us to our ‘registry tweak’. Or check the timestamp which also is a good indicator to filter the output.
The rest is pure handwork, you get the Value, the Path among other information which you can use to create your own Registry Tweak, or if you’re lazy like me, right click on the entry within RegistryChangesView and click ‘Open in RegEdit’, export the value and you have you changed registry entry. That’s it, easy, isn’t it?!
Video demonstration
Please keep in mind that this example method works for every program but sometimes you can’t view or change registry entries, this is only in case it’s directly integrated into the Windows Kernel which doesn’t can’t be controlled by Windows own Registry in this case you can’t do anything about it because the Windows Kernel has a higher priority. It also won’t display any Registry changes if the program you like to monitor doesn’t write into it for example while it stores it into an separate file or writes it directly into the memory.
Final Words
Hunting for Registry ‘Tweaks’ can be fun and it’s really easy with NirSoft’s little programs, this guy deserves some credits – for sure! You also learn a lot about the Windows OS if you play with the Registry and you get a better overview what Windows is really doing in the background.
CK’s Technology News 
You must be logged in to post a comment.