Hive (registry)

Last Edited

by

in

Definition of HIVE in Network Encyclopedia.

What is Hive (registry)?

A hive is a logical group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. Each time a new user logs on to a computer, a new hive is created for that user with a separate file for the user profile. This is called the user profile hive. A user’s hive contains specific registry information pertaining to the user’s application settings, desktop, environment, network connections, and printers. User profile hives are located under the HKEY_USERS key.

Hive (Registry)
Hive (Registry)

Hives consist of a discrete collection of keys and subkeys that have a root at the top of the registry. Five of these hives are located in the folder %SystemRoot%\system32\config; the sixth hive (ntuser.dat), which contains user profile information, is stored on machines running Windows NT in the folder %SystemRoot%\Profiles\username. On machines running Windows 2000, it is stored in the folder

  • %SystemRoot%\Documents and Settings\username if this is a new Windows 2000 installation or an upgrade from Windows 95 or Windows 98
  • %SystemRoot%\Profiles\username if this is an upgrade from Windows NT to Windows 2000

Each hive has an associated transactional .log file that logs all modifications made to the registry and provides fault tolerance. Each hive file also has a .sav file, which is a backup copy of the hive file. The functions of the hives and the logical key they map to are indicated in the following table.

Most of the supporting files for the hives are in the %SystemRoot%\System32\Config directory. These files are updated each time a user logs on. The file name extensions of the files in these directories, or in some cases a lack of an extension, indicate the type of data they contain. The following table lists these extensions along with a description of the data in the file.

Registry files have the following two formats: standard and latest. The standard format is the only format supported by Windows 2000. It is also supported by later versions of Windows for backward compatibility. The latest format is supported starting with Windows XP. On versions of Windows that support the latest format, the following hives still use the standard format: HKEY_CURRENT_USERHKEY_LOCAL_MACHINE\SAMHKEY_LOCAL_MACHINE\Security, and HKEY_USERS\.DEFAULT; all other hives use the latest format.

Most of the supporting files for the hives are in the %SystemRoot%\System32\Config directory. These files are updated each time a user logs on. The file name extensions of the files in these directories, or in some cases a lack of an extension, indicate the type of data they contain. The following table lists these extensions along with a description of the data in the file.

Standard hives and their supporting files

Registry hiveSupporting files
HKEY_CURRENT_CONFIGSystem, System.alt, System.log, System.sav
HKEY_CURRENT_USERNtuser.dat, Ntuser.dat.log
HKEY_LOCAL_MACHINE\SAMSam, Sam.log, Sam.sav
HKEY_LOCAL_MACHINE\SecuritySecurity, Security.log, Security.sav
HKEY_LOCAL_MACHINE\SoftwareSoftware, Software.log, Software.sav
HKEY_LOCAL_MACHINE\SystemSystem, System.alt, System.log, System.sav
HKEY_USERS\.DEFAULTDefault, Default.log, Default.sav
What is Hive (Windows Registry)

Search