Overview#Windows registry is a hierarchical Data Store that stores low-level settings for the Microsoft Windows Operating System and for applications that opt to use the Windows registry.
The Microsoft Windows kernel, device drivers, services, Security Account Manager (SAM), and user interface can all use the Windows registry.
Windows registry also allows access to counters for profiling system performance.
Keys and values#Windows registry contains two basic elements:
- keys are Containers objects similar to folders.
- values are non-container objects similar to files.
The hierarchy of registry keys can only be accessed from a known root key handle (which is anonymous but whose effective value is a constant numeric handle) that is mapped to the content of a registry key preloaded by the kernel from a stored "hive", or to the content of a subkey within another root key, or mapped to a registered service or DLL that provides access to its contained subkeys and values.
There are seven predefined root keys, traditionally named according to their constant handles defined in the Win32 API, or by synonymous abbreviations (depending on applications)
|HKEY_CURRENT_CONFIG||HKCC||System, System.alt, System.log, System.sav|
|HKEY_LOCAL_MACHINE\SAM||HKLM||Sam, Sam.log, Sam.sav|
|HKEY_LOCAL_MACHINE\Security||HKLM||Security, Security.log, Security.sav|
|HKEY_LOCAL_MACHINE\Software||HKLM||Software, Software.log, Software.sav|
|HKEY_LOCAL_MACHINE\System||HKLM||System, System.alt, System.log, System.sav|
|HKEY_CLASSES_ROOT||HKCR||contains information about registered applications, such as file associations and OLE Object Class IDs, tying them to the applications used to handle these items.|
|HKEY_USERS||HKU||contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user actively loaded on the machine, user hives are usually only loaded for currently logged-in users.|
|HKEY_USERS.DEFAULT||HKU||Default, Default.log, Default.sav|
|HKEY_PERFORMANCE_DATA||only in Windows Server NT, but invisible in the Windows Registry Editor)|
|HKEY_DYN_DATA||only in Windows 95,Windows 98,Windows ME, and visible in the Windows Registry Editor)|
More Information#There might be more information for this subject on one of the following:
- Channel Binding
- Create a MAD Service To Run
- LDAP Signing
- LSA Protection
- Microsoft Active Directory Anomalies
- Password Flow From Active Directory to eDirectory
- Service Control Manager
- Windows Authentication Package
- Windows Security Log Event