ControlSet

[JunInagaki]

Hi,

I have a question:  There are keys called "ControlSet001", "ControlSet002", and
"CurrentControlSet" under HKEY_LOCAL_MACHINE -> SYSTEM.  Will you tell me what they are.

I created a CD-ROM to install some 3rd party distributable application.  Someone tried it and the installation trashed the user profile of the computer.  As I am trying to find the cause of it, I was modifying some data of the sub-key of "ControlSet001".  And I am wondering if this key relates to the user profile.

JunInagaki

[Space between]

from http://secinf.net/windows_security/Inside_...T_Registry.html

"HKLM\SYSTEM also contains two or more subkeys with the prefix ControlSet and another subkey called CurrentControlSet. NT links CurrentControlSet to the ControlSet subkey that corresponds to the profile the system used in the boot of the current session. The other ControlSet subkeys represent configurations such as Last Known Good Configuration, a copy of the last profile the system successfully booted with. You can look at the value Current under HKLM\SYSTEM\Select to find out which ControlSet subkey CurrentControlSet maps to. Other values under Select point at control sets associated with Last Known Good Configuration, and the control set that last resulted in a failed boot attempt.

Within HKLM\SYSTEM\CurrentControlSet are the four subkeys listed in Table 5. NT keeps its static configuration information in the Control subkey, which contains about 30 different subkeys of its own. One of Control's noteworthy subkeys is ComputerName, which displays the system's name under ActiveComputerName. Control\CrashControl is a handy subkey for device driver developers and systems administrators. It contains values that give NT directions for what to do when the machine goes down, including whether to produce a crash dump and whether to immediately reboot. "