Windows Registry Editor Version 5.00 HKEY_CLASSES_ROOT: OLE, Drag & Drop (== HKLM\SOFTWARE\Classes) HKEY_CURRENT_USER (== HK_USERS\$USER) HKEY_LOCAL_MACHINE (HKLM) HKEY_USERS HKEY_CURRENT_CONFIG (== HKLM\Config\$CONFIG) HKEY_DYN_DATA Win9x: SYSTEM.DAT & USER.DAT (SYSTEM.DA0, USER.DA0 als Backup) WinNT: %System32%\Config CLSIDs: 20D04FE0-3AEA-1069-A2D8-08002B30309D My Computer (Arbeitsplatz) 208D2C60-3AEA-1069-A2D7-08002B30309D My Network Places (Netzwerkumgebung) 645FB040-5081-101B-9F08-00AA002F954E Recycle Bin (Papierkorb) 85BBD920-420A-1069-A2E4-08002B30309D (Aktenkoffer) 0020D75-0000-0000-C000-000000000046 (Posteingang) 21EC2020-3AEA-1069-A2DD-08002B30309D Control Panel (Systemsteuerung) 2227A280-3AEA-1069-A2DE-08002B30309D Printer (Drucker) * Regedit-Favoriten: HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites HKCU\Software\Microsoft\Windows\CurrentVersion\Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policiy
Optionen, die beim Systemstart verwendet wurden:
HKLM\System\CurrentControlSet\Control\SystemStartOptions

Routing-Eintraege, die auch nach einem Neustart noch da sein sollen:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

Network Neighborhood: toogle from "comment (servername)" to "servername (comment)":
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 
"ToggleCommentPosition"=dword:00000001

SHUTDOWN-Knopf beim Login aktivieren:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
shutdownwithoutlogon REG_DWORD 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
LegalNoticeCaption      "Welcome to ICQ of TUI-NET"
LegalNoticeText         "Local Admins are: Funny, Lex and Sladge."

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

WGA (Windows Genuine Advantage):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notify\WgaLogon

WPA (Windows Product Activation):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WPAEvents

Windows Auto-Update:
- ...
- ...
- ...

SMB Server String:
HKLM\SYSTEM\ControlSet001\Services\lanmanserver\parameters
srvcomment REG_SZ

Setup-Path (w/o i386):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SourcePath REG_SZ

shutdown event tracker:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{25DC7398-3875-4F26-8B88-2869E174FBBB}Machine\SOFTWARE\Policies\Microsoft\Windows NT\Reliability
**del.ShutdownReasonUI	REG_SZ
ShutdownReasonUI	REG_DWORD	0 (1 - workstation and server, 2 - workstation only, 3 - server only)
ShutdownReasonOn	REG_DWORD	0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability
ShutdownReasonOn	REG_DWORD	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability
ShutdownReasonUI	REG_DWORD	0

Deinstallationsdaten:
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

You can also change the value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing\Policy to hex:00 so that unsigned drivers will install. Windowsy System File Protection: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon DWORD SFCDisable value 0xffffff9d This disables the System File Checker (set to "0" to enable again). Fuer Fast User Switching ohne Welcome-Screen noetig: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllowMultipleTSSessions "Prefetch" fuer angeblich schnelleres Laden von Anwendungen etc.: (depends on service "Task Scheduler" & "Performance Logs and Alerts"?) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters Windows-Installer (MSI) logging to %TEMP%: HKLM\Software\policies\Microsoft\Windows\Installer Reg_SZ: Logging Value: voicewarmup v: verbose output o: out-of-diskspace messages i: status messages c: initialUI parameters e: all error messages w: non-fatal warnings a: start up of actions r: action-specific records m: out-of-memory or fatal exit information u: user requests p: terminal properties +: append to existing file !: flush each line to the log *: wildcard, log all information except for the v option. To incluide the v option, specify "/l*v". Info ueber BIOS und Systemhardware: HKLM\HARDWARE\DESCRIPTION\System autocheck beim Systemstart: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] BootExecute REG_MULTI_SZ: autocheck autochk /p \??\C: autocheck autochk /p \??\D: autocheck autochk /p \??\E: autocheck autochk /p \??\F: autocheck autochk /p \??\Q: autocheck autochk * AutoChkTimeOut REG_DWORD: (Zeit in Sekunden)