Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.

Published byKylie Payne Modified over 10 years ago

Similar presentations

Presentation on theme: "Working with the Windows Registry Computer Club of the Sandhills November 12, 2012."— Presentation transcript:

1 Working with the Windows Registry Computer Club of the Sandhills November 12, 2012

2 Registry Definition The registry was developed to overcome the restrictions of the INI and REG.DAT files. The registry was developed to overcome the restrictions of the INI and REG.DAT files. The registry is composed of two pieces of information: The registry is composed of two pieces of information: System-Wide Information – This is data about software and hardware settings. This information tends to be apply to all users of the computer. System-Wide Information – This is data about software and hardware settings. This information tends to be apply to all users of the computer. User Specific Information – This is data about an individual configuration. This information is specific to a users profile. User Specific Information – This is data about an individual configuration. This information is specific to a users profile.

3 Registry Definition The Microsoft Computer Dictionary defines the registry as: The Microsoft Computer Dictionary defines the registry as: A central hierarchical database used in the Microsoft Windows family of Operating Systems to store information necessary to configure the system for one or more users, applications and hardware devices. A central hierarchical database used in the Microsoft Windows family of Operating Systems to store information necessary to configure the system for one or more users, applications and hardware devices. The registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can crate, property sheet settings for folders and application icons, what hardware exists on the system and the ports that are being used. The registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can crate, property sheet settings for folders and application icons, what hardware exists on the system and the ports that are being used.

4 Details The registry is a database that is used by all windows operating systems that followed Win95. The registry is a database that is used by all windows operating systems that followed Win95. The registry is used by the Windows OS to store hardware and software configuration information, user preferences and setup information. The registry is used by the Windows OS to store hardware and software configuration information, user preferences and setup information. A healthy registry is essential for proper windows performance and function, this is why the registry is usually attacked by viruses and other malicious software. A healthy registry is essential for proper windows performance and function, this is why the registry is usually attacked by viruses and other malicious software.

5 Registry vs. File System The registry is analogous to a file system. The registry is analogous to a file system. File system: Folders Folders Files FilesRegistry: Keys Keys Keys have inside them either other keys or name/value pairs which correspond to object name and content. Keys have inside them either other keys or name/value pairs which correspond to object name and content.

6 Registry Content The registry holds critical information about the system, the users of the system, and installed applications: The registry holds critical information about the system, the users of the system, and installed applications: Operating System version number, build number, and registered user. Operating System version number, build number, and registered user. Information for every properly installed application, Information for every properly installed application, Information about the computers processor type and system memory. Information about the computers processor type and system memory. User-specific information (home directory, app. preferences) User-specific information (home directory, app. preferences) Security information such as user account names. Security information such as user account names. Installed services Installed services Mapping from file names to programs/executables. Mapping from file names to programs/executables. Mapping network addressees to host machine names. Mapping network addressees to host machine names.

7 Registry contents: Security Information the registry includes: System Configuration System Configuration Devices on the System Devices on the System User Names User Names Personal Settings and Browser Preferences Personal Settings and Browser Preferences Web Browsing Activity Web Browsing Activity Files Opened Files Opened Programs Executed Programs Executed Passwords Passwords

8 Windows 9x Registry FilenameLocationContent system.datC:\Windows Protected storage area for all users All installed programs and their settings System settings user.dat If there are multiple user profiles, each user has an individual user.dat file in windows\profiles\user account C:\Windows Most Recently Used (MRU) files User preference settings

9 Modern Windows Registry FilenameLocationContent ntuser.dat If there are multiple user profiles, each user has an individual user.dat file in windows\profiles\user account \Documents and Settings\user account Protected storage area for user Most Recently Used (MRU) files User preference settings Default\Windows\system32\config System settings SAM\Windows\system32\config User account management and security settings Security\Windows\system32\config Security settings Software\Windows\system32\config All installed programs and their settings System\Windows\system32\config System settings

10 Windows Security and Relative ID The Windows Registry utilizes a alphanumeric combination to uniquely identify a security principal or security group. The Windows Registry utilizes a alphanumeric combination to uniquely identify a security principal or security group. The Security ID (SID) is used to identify the computer system. The Security ID (SID) is used to identify the computer system. The Relative ID (RID) is used to identity the specific user on the computer system. The Relative ID (RID) is used to identity the specific user on the computer system. The SID appears as: The SID appears as: S-1-5-21-927890586-3685698554-67682326-1005 S-1-5-21-927890586-3685698554-67682326-1005

11 Registry Structure

12 Registry has five top level branches or Hives: Registry has five top level branches or Hives: HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT COM server info, file associations, shortcuts COM server info, file associations, shortcuts HKEY_CURRENT-USER HKEY_CURRENT-USER Logged in user name, desktop, start menu Logged in user name, desktop, start menu HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Hardware, software, preferences for all users Hardware, software, preferences for all users HKEY_USERS HKEY_USERS Individual preferences for each user, represented by Security ID (SID) Individual preferences for each user, represented by Security ID (SID) HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG Links to part of HKEY_LOCAL_MACHINE for current hardware Links to part of HKEY_LOCAL_MACHINE for current hardware HKEY_DYN_DATA HKEY_DYN_DATA Links to part of HKEY_LOCAL_MACHINE for PlugAndPlay Links to part of HKEY_LOCAL_MACHINE for PlugAndPlay

13 Registry Value Types REG_BINARY REG_BINARY Raw binary data Raw binary data REG_DWORD REG_DWORD 32 bit integers – often representing bools 32 bit integers – often representing bools REG_SZ REG_SZ string string REG_EXPAND_SZ REG_EXPAND_SZ Expandable string Expandable string REG_MULTI_SZ REG_MULTI_SZ Container for null separated strings Container for null separated strings

14 Exporting and Importing In RegEdit select a key In RegEdit select a key File Export File Export Provide filespec info in resulting save dialog Provide filespec info in resulting save dialog

15 Using Regedit

16 Using CCleaner http://www.piriform.com/ccleaner

Download ppt "Working with the Windows Registry Computer Club of the Sandhills November 12, 2012."

Similar presentations

How to Look at ExBPA Files Exchange Tech Talk 10/04/2004.

How to Look at ExBPA Files Exchange Tech Talk 10/04/2004.
Windows Under the Hood.

Windows Under the Hood.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Registry Forensics COEN 152 / 252. Registry: A Wealth of Information Information that can be recovered include:  System Configuration  Devices on the.

Registry Forensics COEN 152 / 252. Registry: A Wealth of Information Information that can be recovered include:  System Configuration  Devices on the.
CSN11121/CSN11122 System Administration and Forensics Windows Registry & Timeline

CSN11121/CSN11122 System Administration and Forensics Windows Registry & Timeline
Your Friend and Mine The Windows Registry. What is the Registry? ► Think of as a giant 411 switchboard ► Simple idea of centralized one-stop shopping.

Your Friend and Mine The Windows Registry. What is the Registry? ► Think of as a giant 411 switchboard ► Simple idea of centralized one-stop shopping.
Microsoft Office 2010 Office 2010 and Windows 7: Essential Concepts and Skills Mark Worden Instructor Use your spacebar or down arrow key to advance slides.

Microsoft Office 2010 Office 2010 and Windows 7: Essential Concepts and Skills Mark Worden Instructor Use your spacebar or down arrow key to advance slides.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
Working with the Windows XP Registry

Working with the Windows XP Registry
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.

Similar presentations

Ads by Google