7.3 Flashcards
What registry key contains a SID sub-key for all loaded user profiles?
HKEY_USERS (HKU)
What registry key contains the most critical part of the registry; it contains specific information about the hardware, software, and preferences for all users who log into the system?
HKEY_LOCAL_MACHINE (HKLM)
Which key is used to associate file types with programs that are used to open them?
HKEY_CLASSES_ROOT (HKCR)
Which key is used to establish the current hardware configuration profile?
HKEY_CURRENT_CONFIG (HKCC)
Where are the profile environment settings stored at?
ntuser.dat file
Which HKLM Sub-Key contains boot configuration data, used with 6.* architectures?
HKLM\BCD0000000
Which HKLM Sub-Key is a volatile hive created at boot that contains hardware information provided by the firmware?
HKLM\HARDWARE
Which HKLM Sub-Key contains local account information as well as password values?
HKLM\SAM
Which HKLM Sub-Key contains cached logons and local security policy?
HKLM\SECURITY
Which HKLM Sub-Key contains a collection of sub-keys for various installed components and programs?
HKLM\SOFTWARE
Which HKLM Sub-Key contains control sets from which HKCC is derived?
HKLM\SYSTEM
What are the sub-keys of HKLM/SAM?
- Account (Contains virtually everything regarding the users and groups)
- Passwords (Stored in a hash format)
- Built-In (Contains local group information)
What are two important subkeys of HKLM\SECURITY?
Cache (contains logon information for the last 10 people) and Policy (contains security settings for users, groups, and other components)
What are some important sub-keys under HKLM\Software\Microsoft\Windows?
- CurrentVersion (Defines current installation of Windows)
- CurrentVersion\Run (List of executables that run on system startup)
- CurrentVersion\RunOnce (Executes a program the next time a user log ons.)
- CurrentVersion\RunServices (Programs are deleted from the key once executed)
What are important sub-keys of HKLM\System?
- Select
- ControlSet001
- ControlSet002
- CurrentControlSet
