In Depth Key Discussion

HKEY_CURRENT_USER
This registry key contains the configuration information for the user that is currently
logged in. The users folders, screen colors, and control panel settings are stored here.
This information is known as a User Profile.
HKEY_USERS
In windowsNT 3.5x, user profiles were stored locally (by default) in the
systemroot\system32\config directory. In NT4.0, they are stored in the
systemroot\profiles directory. User-Specific information is kept there, as well as
common, system wide user information.
This change in storage location has been brought about to parallel the way in which
Windows95 handles its user profiles. In earlier releases of NT, the user profile was stored
as a single file - either locally in the \config directory or centrally on a server. In
windowsNT 4, the single user profile has been broken up into a number of subdirectories
located below the \profiles directory. The reason for this is mainly due to the way in
which the Win95 and WinNT4 operating systems use the underlying directory structure
to form part of their new user interface.
A user profile is now contained within the NtUser.dat (and NtUser.dat.log) files, as well
as the following subdirectories:
 
* Application Data: This is a place to store application data specific to this particular
user.
* Desktop: Placing an icon or a shortcut into this folder causes the that icon or shortcut to
appear on the desktop of the user.
* Favorites: Provides a user with a personlized storage place for files, shortcuts and other
information.
* NetHood: Maintains a list of personlized network connections.
* Personal: Keeps track of personal documents for a particular user.
* PrintHood: Similar to NetHood folder, PrintHood keeps track of printers rather than
network connections.
* Recent: Contains information of recently used data.
* SendTo: Provides a centralized store of shortcuts and output devices.
* Start Menu: Contains configuration information for the users menu items.
* Templates: Storage location for document templates.
HKEY_LOCAL_MACHINE
This key contains configuration information particular to the computer. This information
is stored in the systemroot\system32\config directory as persistent operating system files,
with the exception of the volatile hardware key.
The information gleaned from this configuration data is used by applications, device
drivers, and the WindowsNT 4 operating system. The latter usage determines what
system configuration data to use, without respect to the user currently logged on. For this
reason the HKEY_LOCAL_MACHINE regsitry key is of specific importance to
administrators who want to support and troubleshoot NT 4.
HKEY_LOCAL_MACHINE is probably the most important key in the registry and it
contains five subkeys:
* Hardware: Database that describes the physical hardware in the computer, the way
device drivers use that hardware, and mappings and related data that link kernel-mode
drivers with various user-mode code. All data in this sub-tree is re-created everytime the
system is started.
* SAM: The security accounts manager. Security information for user and group
accounts and for the domains in NT 4 server.
* Security: Database that contains the local security policy, such as specific user rights.
This key is used only by the NT 4 security subsystem.
* Software: Pre-computer software database. This key contains data about software
installed on the local computer, as well as configuration information.
* System: Database that controls system start-up, device driver loading, NT 4 services
and OS behavior.
Information about the HKEY_LOCAL_MACHINE\SAM Key
This subtree contains the user and group accounts in the SAM database for the local
computer. For a computer that is running NT 4, this subtree also contains security
information for the domain. The information contained within the SAM registry key is
what appears in the user interface of the User Manager utility, as well as in the lists of
users and groups that appear when you make use of the Security menu commands in NT4
explorer.
Information about the HKEY_LOCAL_MACHINE\Security key
This subtree contains security information for the local computer. This includes aspects
such as assigning user rights, establishing password policies, and the membership of local
groups, which are configurable in User Manager.
HKEY_CLASSES_ROOT
The information stored here is used to open the correct application when a file is opened
by using Explorer and for Object Linking and Embedding. It is actually a window that
reflects information from the HKEY_LOCAL_MACHINE\Software subkey.
HKEY_CURRENT_CONFIG
The information contained in this key is to configure settings such as the software and
device drivers to load or the display resolution to use. This key has a software and system
subkeys, which keep track of configuration information.