hive

Hive (in computer networking) is a physical file containing part of the registry in Microsoft Windows NT and Windows 2000.

What is Hive (in computer networking)?

A physical file containing part of the registry in Microsoft Windows NT and Windows 2000. This is opposed to a subtree, which is a logical section of the registry. The term “hive” is loosely connected with the idea of the cellular structure of a beehive.

Hives consist of a discrete collection of keys and subkeys that have a root at the top of the registry. Five of these hives are located in the folder %SystemRoot%\system32\config; the sixth hive (ntuser.dat), which contains user profile information, is stored on machines running Windows NT in the folder %SystemRoot%\Profiles\username. On machines running Windows 2000, it is stored in the folder

  • %SystemRoot%\Documents and Settings\username if this is a new Windows 2000 installation or an upgrade from Windows 95 or Windows 98
  • %SystemRoot%\Profiles\username if this is an upgrade from Windows NT to Windows 2000

Each hive has an associated transactional .log file that logs all modifications made to the registry and provides fault tolerance. Each hive file also has a .sav file, which is a backup copy of the hive file. The functions of the hives and the logical key they map to are indicated in the following table.

Windows NT Hives

Hive Key Function
Default
HKEY_USERS\.DEFAULT
Contains the default system profile used when the logon screen is displayed.
SAM
HKEY_LOCAL_MACHINE \SAM
Contains information for the Security Account Manager (SAM). This hive cannot be viewed with the registry editor and must be accessed using specific application programming interfaces (APIs).
Security
HKEY_LOCAL_MACHINE \SECURITY
Contains the computer’s security policy information. This hive also cannot be viewed with the registry editor and must be accessed using specific APIs.
Software
HKEY_LOCAL_MACHINE \SOFTWARE
Contains global configuration information for installed software.
System
HKEY_LOCAL_MACHINE \SYSTEM and HKEY_CURRENT_CONFIG
Contains configuration information for installed hardware devices and services.
Ntuser.dat
HKEY_CURRENT_USER
Contains user-specific configuration settings for the user who is currently logged on interactively.