Registry Database : Windows NT hive location

Registry DataBase : Windows NT hive location

By default, hives are stored in %SystemRoot% \System32 \Config, except HKCU which is in %USERPROFILE%.

	The file Ntuser.dat contains the user profile.
	The file Ntuser.log is where modifications made to Ntuser.dat are logged.
	The file Ntuser.dat replaces the files usernamexxx and adminxxx in previous versions of Windows NT.
	The file Ntuser.dat located in %SystemRoot% \Profiles \DefaultUser replaces the file Userdef in previous versions of Windows NT and is used to create the HKCU key of each new user who will log on.
	The file Userdiff located in %SystemRoot% \System32 \Config is not related to any hive. It is used to update a profile generated with a previous version of Windows NT.

4 file types are associated with the hives :

Extension		Description
None		Hive.
System.alt		Backup of HKLM \System.
*.log		These files are logs of the modifications made to each corresponding hive.
*.sav		Hive backups as they were after text mode Windows NT installation procedure. Thus, if installation fails during the graphic installation procedure, the installation wizard will be able to use those backups to restart the graphic installation procedure, without having to go through text mode installation procedure again.

Here are the registry REG_SZ entries corresponding to the hive's locations :

System : NT
Key : HKLM \SYSTEM \CurrentControlSet \Control \hivelist

Entry	\\REGISTRY\\MACHINE\\HARDWARE
Default value	Null
Files	Not strored on disk, this hive is dynamically recreated at each startup and is loaded into memory as volatile hive.
Entry	\\REGISTRY\\MACHINE\\SECURITY
Default value	\\Device \\Harddisk0 \\Partition0 \\WINNT \\system32 \\config \\SECURITY
Files	Security, Security.log, Security.sav
Entry	\\REGISTRY\\MACHINE\\SOFTWARE
Default value	\\Device \\Harddisk0 \\Partition0 \\WINNT \\system32 \\config \\SOFTWARE
Files	Software, Software.log, Software.sav
Entry	\\REGISTRY\\MACHINE\\SYSTEM
Default value	\\Device \\Harddisk0 \\Partition0 \\WINNT \\system32 \\config \\SYSTEM
Files	System, System.alt, System.log, System.sav
Entry	\\REGISTRY\\USER\\.DEFAULT
Default value	\\Device \\Harddisk0 \\Partition0 \\WINNT \\system32 \\config \\DEFAULT
Files	Default, Default.log, Default.sav, Default.log, Default.sav
Entry	\\REGISTRY\\MACHINE\\SAM
Default value	\\Device \\Harddisk0 \\Partition0 \\WINNT \\system32 \\config \\SAM
Files	Sam, Sam.log, Sam.sav
Entry	\\REGISTRY\\USER\\SID
Default value	\\Device \\Harddisk0 \\Partition0 \\WINNT \\system32 \\config \\NTUSER.DAT
Files	Ntuser.dat, Ntuser.dat.log