Home

Main Registry Keys in Microsoft Windows

October 29, 2010 (updated 10 years ago) by Chemtable Software

As we said before, the registry is a hierarchical database where information is presented on a number of levels (up to 6). Hive keys are on the first level. There are five hive keys, each of which begins with “HKEY_” and name of a key:

HKEY_CLASSES_ROOT;
HKEY_CURRENT_USER;
HKEY_LOCAL_MACHINE;
HKEY_USERS;
HKEY_CURRENT_CONFIG

There is also the sixth hive key called HKEY_DYN_DATA. This key stores dynamic data about installed hardware devices. This key data is configured and modified by the operating system at startup and not stored as files.

Registry keys are on the second level, subkeys are on the third and then come values. If we consider the registry in terms of a hierarchical file system, then the levels of the registry can be represented as in the picture below:

In terms of functionality, registry keys can be divided into two categories:

– System-defined keys, i.e. their names are defined by the operating system. If a name is modified, it may result in a failure or malfunctions of Windows.
– User-defined keys. Their names can be modified by the administrator of the computer, and such modifications do not bring any damage to the system.

Similar to key names, names of subkeys can be defined by the operating system or user. In the former case, modifications of a name can cause failures of Windows; in the latter case, such modifications are harmless.

The structure of the registry in 64-bit versions of Microsoft Windows is a little different from the architecture of the registry in 32-bit versions of Windows. The registry has two independent hives: the first hive stores information related to 32-bit components of the operating system, the second contains all information about 64-bit components. The names of keys and subkeys of both hives are almost the same.

Let’s take a closer look at the data stored in each hive.

HKEY_CLASSES_ROOT (HKCR)

This key contains several subkeys with information about extensions of all registred file types and COM servers. This information is necessary for opening files with a double-click, or for drag-and-drop operations. Besides, the HKEY_CLASSES_ROOT key provides combined data to applications that were created for earlier versions of Windows.

HKEY_CURRENT_USER (HKCU)

This key stores settings which are specific to the currently logged-in user (Windows Start menu, desktop, etc.). Its subkeys store information about environment variables, program groups, desktop settings, screen colors, network connections, printers and additional application settings. This information is gathered from the Security ID subkey (SID) of HKEY_USERS for the current user. In fact, this key stores all information related to the profile of the user who is currently working with Windows.

HKEY_LOCAL_MACHINE (HKLM)

This key stores information about installed applications, settings, and drivers. There is also information which is specific to the operating system and hardware, such as type of bus, total size of available memory, list of currently loaded device drivers and information about Windows startup. This key stores the largest ammount of information in the registry and is often used for fine-tuning the hardware configuration of the computer. Information stored in this key is valid for all profiles of registered users.

HKEY_USERS (HKU)

While the HKEY_CURRENT_USER key stores the settings of the current user, this key stores Windows settings for all users. Its subkeys contain information about all user profiles, and one of the subkeys always corresponds to the HKEY_CURRENT_USER key (via the Security ID (SID) parameter of the user). Another subkey, HKEY_USERS\DEFAULT, stores information about system settings at the moment before the start of the current user session.

HKEY_CURRENT_CONFIG (HKCC)

This key stores information about a hardware profile which is used by the local computer at system startup. Hardware profiles allow selecting drivers of supported devices for the specified session.