PC Tips & Tricks

In the days of 16-bit Windows, all settings were stored in initialization files. The two main files for storing settings were the SYSTEM.INI and WIN.INI files. As each application was installed, it stored its settings in these two files.

These applications could store only a limited set of entries because of the INI files were restricted to 64K. To solve this, application developers started to use their own INI files. This seemed to be a good idea, but as the number of applications grew, so did the number of INI files. And as each INI file grew, the system would often slow down.

The registry was born in the same time with Windows NT in 1993 and it was the answer to Windows INI files. The registry is a hierarchal, relational database that holds system information, application settings, operating system configuration data, and more.
The information stored includes everything from the display settings to the hardware configuration. To speed access time, the registry is stored in binary format and is composed of multiple files.
Under Windows 2000/XP/2003, user-related settings are stored in a file called ntuser.dat. This file is stored in the user’s profile directory located in the %USERPROFILE% directory. System settings are stored in the SYSTEM32\CONFIG directory and consist of the following five files:

• Default (HKEY_USERS\DEFAULT)-Stores default settings for new users
• SAM (HKEY_LOCAL_MACHINE\SAM)-Stores system security information
• Security (HKEY_LOCAL_MACHINE\Security)-Stores network security information
• Software (HKEY_LOCAL_MACHINE\Software)-Stores specific application and operating system information

The registry consists of top-level keys called hives:

1. HKEY_CLASSES_ROOT
2. HKEY_CURRENT_USER
3. HKEY_LOCAL_MACHINE
4. HKEY_USERS
5. HKEY_CURRENT_CONFIG

These hives store all the keys (subfolders) that make up the registry. These keys store all the values (entries), which specify all the individual system settings.

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE (HKLM) stores all software, hardware, network, security, and Windows system information. This hive is the largest registry hive and stores two of the main registry hives.

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT (HKCR) is actually a virtual link to HKLM\Software\Classes. This hive stores information about all file extensions, descriptions, icons, associations, shortcuts, automation, class IDs, and more.

HKEY_USERS

HKEY_USERS (HKU) stores information about all users of the system and their individual settings. These individual settings include environment variables, color schemes, fonts, icons, desktop configuration, Start menu items, network, and more. Each time a new user logs on, a new key is created based on a default key.

HKEY_CURRENT_USER

HKEY_CURRENT_USER (HKCU) is actually a link to the currently logged-in user’s key stored in HKEY_USERS. This hive is named by the user’s SID (Security Identifier) value and not by the user’s name. This key is rebuilt each time the system reboots.

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG (HKCC) is actually a link to the currently selected hardware profile stored in HKEY_LOCAL_MACHINE. Hardware profiles allow you to specify which device drivers are to be loaded for a given Windows session. Hardware profiles are commonly used with laptops to distinguish RAS, network, and local Windows sessions.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.