7.3 Flashcards
What registry key contains a SID sub-key for all loaded user profiles?
HKEY_USERS (HKU)
What registry key contains the most critical part of the registry; it contains specific information about the hardware, software, and preferences for all users who log into the system?
HKEY_LOCAL_MACHINE (HKLM)
Which key is used to associate file types with programs that are used to open them?
HKEY_CLASSES_ROOT (HKCR)
Which key is used to establish the current hardware configuration profile?
HKEY_CURRENT_CONFIG (HKCC)
Where are the profile environment settings stored at?
ntuser.dat file
Which HKLM Sub-Key contains boot configuration data, used with 6.* architectures?
HKLM\BCD0000000
Which HKLM Sub-Key is a volatile hive created at boot that contains hardware information provided by the firmware?
HKLM\HARDWARE
Which HKLM Sub-Key contains local account information as well as password values?
HKLM\SAM
Which HKLM Sub-Key contains cached logons and local security policy?
HKLM\SECURITY
Which HKLM Sub-Key contains a collection of sub-keys for various installed components and programs?
HKLM\SOFTWARE
Which HKLM Sub-Key contains control sets from which HKCC is derived?
HKLM\SYSTEM
What are the sub-keys of HKLM/SAM?
- Account (Contains virtually everything regarding the users and groups)
- Passwords (Stored in a hash format)
- Built-In (Contains local group information)
What are two important subkeys of HKLM\SECURITY?
Cache (contains logon information for the last 10 people) and Policy (contains security settings for users, groups, and other components)
What are some important sub-keys under HKLM\Software\Microsoft\Windows?
- CurrentVersion (Defines current installation of Windows)
- CurrentVersion\Run (List of executables that run on system startup)
- CurrentVersion\RunOnce (Executes a program the next time a user log ons.)
- CurrentVersion\RunServices (Programs are deleted from the key once executed)
What are important sub-keys of HKLM\System?
- Select
- ControlSet001
- ControlSet002
- CurrentControlSet
What sub-keys belong to the control sets?
- Control
- Enum
- Mounted Devices
What are major sub-keys in HKCU?
- Control Panel
- Environment
- Session Information
What are the two sub-keys of HKCC?
- Software
- System
What are the most common data types in registry?
- REG_BINARY
- REG_DWORD
- REG_SZ
- REG_EXPAND_SZ
- REG_MULTI_SZ
What registry data type is raw binary data?
REG_BINARY
What registry value is the most common value type consisting of 32-bit numbers expressed in deciaml oe hexadecimal?
REG_DWORD
What registry data type is a fixed-length text string?
REG_SZ
What registry data type is a variable-length string allowing use of environment variables?
REG_EXPAND_SZ
What registry data type cotnains lists or multiple string values?
REG_MULTI_SZ
