Purpose of the Registry
The main component of the registry is the hardware installed on the computer. This includes the Central Processing Unit (CPU), bus type, pointing device or mouse, and keyboard. It also includes device drivers, installed applications, and network adapter card settings. The registry contains a vast amount of data and is critical to how the system operates. The structure of the registry is designed to provide a secure set of records about the components that control the operating system. These components read, update, and modify data stored in the registry. There are six main components that access the registry and store data:

1. Device drivers – The registry sets the configuration settings for the system device drivers. Information is written to the registry when device drivers are updated or referenced.
2. Setup programs – When new applications or new hardware is installed in a computer system, a setup program is run that adds new configuration data to the registry. The setup programs will also attempt to scan the registry in order to verify if components have been installed.
3. User profiles – Windows NT, 2000, and XP create user profiles that maintain the specific settings for all the users that log on to the computer. These settings are first changed in the registry and then made to the user profile. The name of the file that holds the user profile information is Ntuser.dat
4. Windows NT kernel – The registry plays an important role during the Boot Process. The Windows NT kernel (Ntoskrnl.exe file) loads the correct device drivers in the proper order.
5. Ntdetect.com – The Ntdetect.com file and its role in the Boot Process were explained in the previous section of this chapter. Only Intel-based systems use this file to detect hardware that is installed in a system. The data that is collected during the hardware detection phase is stored in this phase.
6. Hardware profiles – Windows NT, 2000, and XP have the capability to have two or more profiles in which the administrator can decide to have pieces of hardware either load or not load. These hardware profile configurations are stored in the registry.

Registry Subtrees
Navigating and editing the registry can be done manually using the Regedt32.exe. When this command is typed an interface will be displayed that will have the registry subtrees window, allowing a search through all of the registry values. Figure illustrates an example of the registry subtree.

Becoming familiar with these subtrees and their purpose will help to troubleshoot and maintain the computer. A key for every process that is running on a system can be found here. The following five subtrees or subtree keys are displayed in Registry Editor Window.

1. HKEY_USERS – Contains the system default settings used to control individual user profiles and environments, such as desktop settings, windows environment, and custom software settings.
2. HKEY_CURRENT_CONFIG – Contains data on the active hardware profile that is selected during the Boot Process. This information is used to configure settings such as the device drivers to load and the display resolution to use.
3. HKEY_CLASSES_ROOT – This subtree contains software configuration data of all the software that is installed on the computer.
4. HKEY_CURRENT_USER – Contains data about the current user that is logged into the computer. Retrieves a copy of each user account that is used to log on to the computer and stores it in the registry.
5. HKEY_LOCAL_MACHINE – Contains all configuration data for the local computer, including hardware and operating system data such as bus type, system memory, device drivers, and startup control data. Applications, device drivers, and the operating system use this data to set the computer configuration. The data in this subtree remains constant regardless of the user.