The Windows Registry is a hierarchical database in which configuration settings, options to run applications and commands are stored. It is dynamic and exists only when Windows is running. The Windows Registry resembles a subtree with five main branches and looks like Windows Explorer.
Also Learn: What is Windows Registry?
Before discussing Windows registry in detail, let’s understand some of the vocabularies which is used while dealing with the Registry:
- Root key/Key. There are five root, keys in the Registry database.
- Subkey. Each root key contains one or more subkeys. Each subkey can have one or more subkeys.
- Value entry. The value entry contains three pieces of information: a name, a data type, and a value.
The five main root keys of registry are:
- HKEY_CLASSES_ROOT (HKCR)
- HKEY_CURRENT_USER (HKCU)
- HKEY_LOCAL_MACHINE (HKLM)
- HKEY_USERS (HKU)
- HKEY_CURRENT_CONFIG (HKCC)
Note: HKEY stands for “Handle to Registry Key”
HKEY_CLASSES_ROOT or HKCR is an alias (i.e. a reference) to HKEY_LOCAL_MACHINE\Software\Classes. A separate root key is added so that software developers have direct access to this data, without dipping into HKLM (HKEY_LOCAL_MACHINE). HKCR contains data related to applications, shortcuts, and file extension associations (i.e. what file type is opened with which application). The HKCR keeps track of the file name extension associations and class registrations to connect items with the appropriate application.
HKCU contains data specific to each user with a logon account on your PC. It stores information related to the user who is currently logged into the computer. Right from the appearance aspect to how the mouse pointer behaves, everything can be controlled via this root key.
This key yields data like application events, keyboard layout, mapped network drives, application preferences (Software), and user-specific settings.
HKEY_LOCAL_MACHINE or HKLM is one of the most accessed registry hives. This registry root key contains all the computer-specific information about the hardware installed, software settings, and other information. Depending on your version of Windows, the HKLM can have up to six subkeys including:
- SAM – This subkey appears empty to most users. It is used with the security and accounts management databases.
- SECURITY – This is more security-related information that appears blank to most users.
- SYSTEM – This information is created by users with administrative privileges. It includes the Windows settings, file system information, and critical hardware configurations as well as other information needed to run the core system.
- SOFTWARE – This area is used by both Windows and application programs to store critical configuration settings.
- HARDWARE – This subkey contains relevant information on all connected plug-and-play devices.
- BCD – This subkey stores, the boot configuration data.
The HKU contains information about all the users who log on to the computer. HKEY_USERS is the home of group policy settings. Any Group Policy based rules are generally stored under this root key. When you log on, these settings are copied over to HKCU (HKEY_CURRENT_USER).
When you expand HKU, you’ll see a .DEFAULT folder, as well as entries for each user/log on ID. The .DEFAULT folder contains the base settings for new users when they first logon, S-1-5-21- folders contain settings for user IDs:
HKEY_CURRENT_CONFIG or HKCC contains the current hardware profile settings which have the details about the current configuration of hardware attached to the computer. It is mainly empty and gets activated at boot time, during which it loads the ‘hardware profiles’ sub key of the HKLM.
(Note: If your PC has multiple hardware profiles, they are numbered ControlSet002, ControlSet003 etc.)
The Registry is complicated and should be respected, but there is no reason to fear from it if you take time to understand it.