Windows Registry

The Windows registry is a database for storing operating system, device, and software application configuration information.

comprised of a set of five root keys that contain computer and user databases
- HKEY_LOCAL_MACHINE (HKLM) database governs system-wide settings
- HKEY_USERS database includes settings that apply to individual user profiles
  - e.g., dekstop personalization
- HKEY_CURRENT_USER is a subset of HKEY_USERS with the settings for a logged-in user
registry database is stored in binary files called hives
- a hive is comprised of:
  - a single file (no extension)
  - a .LOG file (containing a transaction log)
  - a .SAV file (a copy of the key as it was at the end of setup)
- system hive has an .ALT backup file
- most of these files are stored in C:\Windows\System32\Config folder
  - hive for each user profile (NTUSER.DAT) is stored in the folder holder the user’s profile

Windows Registry Files stored in C:\Windows\System32\Config

Subkey Name Description
SAM Security Accounts Manager (SAM) stores username information for accounts used on the current computer
SECURITY Linked to the security database of the domain the current user is logged onto
SOFTWARE Contains settings for software and the Windows operating system
SYSTEM Contains settings for drivers and file systems
DEFAULT Contains settings for the LocalSystem account profile

adam's notes

Windows Registry

Graph View

Backlinks

Subkey Name	Description
SAM	Security Accounts Manager (SAM) stores username information for accounts used on the current computer
SECURITY	Linked to the security database of the domain the current user is logged onto
SOFTWARE	Contains settings for software and the Windows operating system
SYSTEM	Contains settings for drivers and file systems
DEFAULT	Contains settings for the LocalSystem account profile