Stores all computer specific configuration data. This subtree has five subkeys:
- HARDWARE : ntdetect.com
writes the subtree during the boot process. The hardware detected is divided
into the following keys:
- DESCRIPTION : system hardware database generated
during boot.
- DEVICEMAP : has subkeys enumerating all device
drivers loaded.
- RESOURCEMAP: tracks IRQ, DMA and other resource
allocations for each driver.
- DESCRIPTION : system hardware database generated
- SAM : Security Accounts Manager
contains the user and group account database for a workstation, stand-alone
server, member server or domain. It is often noted that this subtree can not be
directly edited. It can be but one would be foolish using anything other than
indirect editing tools such as User Manager or Resource Toolkit utilities. This
subkey is actually a db view of the HKEY_LOCAL_MACHINE\SECURITY\SAM key. The max size is
limited by the maximum size of the Registry. The Registry can not exceed 80% of
the PagedPoolSize. If PagedPoolSize=128MB, max registry size is 128MB * .80 =
102MB. See Current Registry Size for tip on how to
determine current registry size and maximum registry setting. See Q143475
on how to use strong encryption to the SAM.
- SECURITY : contains policy information. It should
not be directly edited. Use an indirect registry editor like the policy editor.
- SOFTWARE : defines and maintains configuration data
for all Win32 software installed on the PC including NT itself. There should be
a subkey for each software vendor with a subkey for each installed title
published by that vendor.
- Classes Contains the information necessary to
launch applications when opened from File Manager (file associations) or
Explorer and for OLE COM. HKEY_CLASSES_ROOT is a db
view of the Classes subtree.
- Holds information about the ActiveX controls installed. When an ActiveX
control installs itself, it creates entries so that ActiveX container
applications can find and use the control. These controls register themselves by
name and they also have a unique numer called a class ID (CLSID).
- All the extensions and associations between applications and documents
- Names of all the drivers
- Strings used as pointers to the actual text they represent (for example,
aufile actually represents AU Format Sound)
- Class ID numbers (numbers used intead of names for accessing items)
- DDE and OLE information
- Icons used for applications and documents
files. This key is maintained and manipulated the same way under NT and Win9x.
Every file type is assigned a CLSID number. For example, the CLSID key for a .BMP extension lists the file type,
the default app used for editing, running or printing the document, the default
icons, and other info required to use the .BMP file type. Associations define
what program runs when you double-click on a file name, what Context menu items
appear when you right-click on the file. To change a file association, use the
Explorer’s Folder Options dialog or in NT, use the ASSOC cmd.
- Holds information about the ActiveX controls installed. When an ActiveX
- Microsoft : contains subkeys for all Microsoft
software installed on NT-based computer including NT itself, Browser, Clipbook
Server, Mail, Microsoft Office, …
- Secure : not used by NT OS. Used by applications
such as Exchange Server to maintain configuration data restricted to
administrator level.
- Windows 3.1 Migration Status : the presense of this
key indicates that the migration was complete (ie when NT Workstation installed
in same directory as Win 3.x or WfWg 3.x).
- Classes Contains the information necessary to
- SYSTEM : review the kernel section of Registry Construction Steps for a good overview of this
subtree.