Talk:OldDocumentation:Administration

From OCS Inventory NG
Jump to: navigation, search

Registry Terminology

Blame Microsoft if you want for making it so confusing, but the names used in the OCS user interface are completely mixed up. If it makes you feel better, the description of Hives is also wrong in the Wikipedia.

Root keys

These are the starting points for accessing the registry of a machine. They are often mistakenly called 'hives'. Note that the 'H' in the name 'HKEY_...' sthands for handle and not for hive. The root keys are:

Root key Abbrev. Description
HKEY_CLASSES_ROOT HKCR symbolic link to HKLM\SOFTWARE\Classes
HKEY_CURRENT_USER HKCU symbolic link to the current user's hive HKU\user_sid
HKEY_LOCAL_MACHINE HKLM place holder for the hives corresponding to the subkeys
HKEY_USERS HKU place holder for the hives of logged-on users (including service accounts, etc.)
HKEY_CURRENT_CONFIG HKCC symbolic link to a subkey somewhere under HKLM\SYSTEM\CurrentControlSet\...

Hives

A hive is a (sub)tree of the Registry that corresponds to the physical files containing the persistent copy. The principal hives are shown in the next table.

Hive File store
HKEY_LOCAL_MACHINE\SAM  %systemroot%\system32\config\SAM
HKEY_LOCAL_MACHINE\SOFTWARE  %systemroot%\system32\config\SOFTWARE
HKEY_LOCAL_MACHINE\SECURITY  %systemroot%\system32\config\SECURITY
HKEY_LOCAL_MACHINE\SYSTEM  %systemroot%\system32\config\system
HKEY_USERS\.DEFAULT  %systemroot%\system32\config\DEFAULT
HKEY_USERS\user_sid  %USERPROFILE%\NTUSER.DAT

Please note that there are also a couple of volatile hives which do not have a persistent file store:

  • HKEY_LOCAL_MACHINE\HARDWARE
  • HKEY_LOCAL_MACHINE\SYSTEM\Clone

Keys

TODO

Values

A value is a typed property of a Key that actually holds the data. The types of values include:

  • REG_BINARY
  • REG_SZ
  • REG_DWORD
  • ...

References