Scribd
Upload
25 views

Registry Editor

The document lists 50 registry keys and briefly describes what kind of system information can be found under each key. This includes information about boot settings, devices, services, installed applications, user profiles, network settings, and other operating system configuration details. Examining these registry keys allows troubleshooting and auditing of a system's configuration, drivers, installed software, and user activity.

Uploaded by

vinayakgupta8356
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
25 views

Registry Editor

The document lists 50 registry keys and briefly describes what kind of system information can be found under each key. This includes information about boot settings, devices, services, installed applications, user profiles, network settings, and other operating system configuration details. Examining these registry keys allows troubleshooting and auditing of a system's configuration, drivers, installed software, and user activity.

Uploaded by

vinayakgupta8356
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

REGISTRY EDITOR

1.Safe boot
used to trouble shoot system That has crashed or
failed to boot.it keeps History of boot
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\SafeBoot
2.BAM(background activity manager)
The BamUserSettingsInitialize function is used
to create or to open the “UserSettings ”key under
the registry key specified (“returned”) by the
IoOpenDriverRegistryKey () routine (this routine
“returns a handle to a driver-specific registry key
for a particular driver”).
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Services\bam
3.Vss(volume shadow copy service)
VSS coordinates the actions that are required to
create a consistent shadow copy (also known as a
snapshot or a point-in-time copy) of the data that
is to be backed up.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\VSS

4.enviorment(os)
you can use environment variables for paths that
are stored in the registry.
These entries require special formatting in order
to be recognized by the operating system as
environment variables.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Session Manager\
Environment
5.RDP-TCP
What is remote desktop protocol (RDP)? Remote
desktop protocol (RDP) is a secure network
communications protocol developed by Microsoft.
It enables network administrators to remotely
diagnose problems
that individual users encounter and gives users
remote access to their physical work desktop
computer
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Terminal Server\
WinStations\RDP-Tcp
6.bthport(connection port)
Shows previously connected devices through
bluetooth
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Services\BTHPORT\Parameters
7. eventlog
Windows event log is an in-depth record of events
related to the system, security, and application
stored on a Windows operating system. Event logs
can be used to track system and some application
issues and forecast future problems.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Services\EventLog
8. interfaces
It keeps record of DHCP network and network
plugins and settings
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Services\Tcpip\Parameters\
Interfaces
9. memory management
the process of controlling and coordinating a
computer's main memory. It ensures that
blocks of memory space are properly
managed and allocated so the operating
system (OS),
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Session Manager\Memory
Management
10.additional removable storage info
It keeps record of exeternal removable devices
such as pendrive etc
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\DeviceClasses\{10497b1b-
ba51-44e5-8318-a65c837b6661}
11.channels(windows event log)
Sink that collects events.events can be written to
event log channels ,event log file, or both a
channel is basically sink that collects events.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\WINEVT\
Channels

12.windows current version


Tells current version of windows
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\
CurrentVersion
13. (wpd)windows portable device
Windows Portable Devices (WPD) enables
computers to communicate with attached
media and storage devices. WPD provides a
flexible, robust way for computers to
communicate with music players, storage
devices, mobile phones, cameras, and many
other types of connected devices.
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows Portable
Devices\Devices
14.image file execution
Its intended use is to force a program to
run under a debugger regardless of how it
is launched (and secondarily to alter how
the system treats the program). It's handy
if you need to debug a program "in the
wild" rather than under the controlled
environment of your favorite IDE. For
example, you can use it if you want to
debug how a program runs when it is
launched by some other program you
can't debug.
Microsoft\Windows NT\CurrentVersion\
Image File Execution Options
15.LogonUI
The last logged on user
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Authentication
16.network cards
List of network cards
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\
CurrentVersion\NetworkCards
17.netwok list
Contains information about the network
has been connected to
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\WindowsNT\
CurrentVersion\NetworkList
18.RunOnce
Identifies program that only runs once at
startup and can be assigned to the specific
user account or machine
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\
CurrentVersion\RunOnce
19.profile list
Show profile list including SIDs
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList
20.tracing
Tracing information
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Tracing
21.FTP
FTP server and username info
Computer\HKEY_CURRENT_USER\
Software\Microsoft\FTP
22.Recent Docs
Recently opened files by extension
Computer\HKEY_CURRENT_USER\
Software\Microsoft\Windows\
CurrentVersion\Explorer\RecentDocs
23.Heap leak Detection
A Memory Leak is a situation where there are
objects present in the heap that are no longer
used, but the garbage collector is unable to
remove them from memory, and therefore, they're
unnecessarily maintained. A memory leak is bad
because it blocks memory resources and
degrades system performance over time
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\RADAR\HeapLeakDetection
24.User profile List
Show profile list including SIDs.
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList
25.Products
Show installed MSI packages An MSI
package is a database containing all the
information needed to install a software
product on a Windows system. An MSI
package may contain registry values, INI-file
settings, shortcuts, files, services etc.
Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\Classes\Installer\Products
26.Files Not To Snapshots
Files not to backup in volume snapshot.
Computer\HKEY_LOCAL_MACHINES\SYSTEM\
ControlSet001\Control\BackupRestore\
FilesNotToSnapshot
27.MRU Shell Bag Root Key
ShellBags hold user activity related to
accessing resources on a computer
Computer\HKEY_USERS\S-1-5-21-
1418087611-232199781-1335819320-
1001_Classes\Local Settings\Software\
Microsoft\Windows\Shell\BagMRU
28. Windows App List
Maintains window application list
Computer\HKEY_USERS\S-1-5-21-1418087611-
232199781-1335819320-1001_Classes\Local
Settings\Software\Microsoft\Windows\
CurrentVersion\AppModel\Repository
29.Crash Control
Crash dump information
A complete memory dump records all the
contents of system memory when your computer
stops unexpectedly. A complete memory dump
may contain data from processes that were
running when the memory dump was collected
Computer\HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\CrashControl
30.Time zone Information
Time zone info
Computer\HKEY_LOCAL_MACHINE\
SYSTEM\ControlSet001\Control\
TimeZoneInformation
31.Terminal server
Terminal server info
Computer\HKEY_LOCAL_MACHINE\
SYSTEM\ControlSet001\Control\Terminal
Server
32.Prefetch Parameters
Prefetch is a utility that is intended to improve
Windows and application startup performance by
loading application data into memory before it is
demanded.
Computer\HKEY_LOCAL_MACHINE\
ControlSet001\Control\Session Manager\Memory
Management\PrefetchParameters
33.Firewall Policy
A list of programs that have been allowed
access to the Internet through the firewall
Computer\ControlSet001\Services\
SharedAccess\Parameters\FirewallPolicy
34.System(UAC)
It will check if UAC is enabled or not
UAC(User Acsess Control)- It aims to improve
the security of Microsoft Windows by limiting
application software to standard User
previlages until an administrator authorises an
increase or elevation. In this way, only
applications trusted by the user may receive
administrative privileges and malware are kept
from compromising the operating system.
Computer\HKEY_LOCAL_MACHINES\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\System
35.Uninstall
Shows which program had been
uninstalled on system
Computer\HKEY_LOCAL_MACHINE \
SOFTWARE\WOW6432Node\Microsoft\
Windows\CurrentVersion\Uninstall

36.Control Panel
Includes categories and individual items,
including those to not load, unload, etc.
Computer\HKEY_LOCAL_MACHINE\
Microsoft\Windows\CurrentVersion\
Control Panel
37.Still images(Devices ,Web Cam Info )
Microsoft STI makes use of several registry entries, some of which can be modified by
vendor-supplied components.

Computer\HKEY_LOCAL_MACHINE\
SOFTWARE\ControlSet001\Control\Class\
{6bdd1fc6-810f-11d0-bec7-08002be2092f}
38.App Combat Cache
which software are compatible with your
windows Shows
Computer\HKEY_LOCAL_MACHINE\
SYSTEM\ControlSet001\Control\Session
Manager\AppCompatCache
39.Last Shutdown Time
Keeps record of when windows was
shutdown last time
Computer\HKEY_LOCAL_MACHINE\
SYSTEM\ControlSet001\Control\Windows
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.

You might also like