Articles‎ > ‎Computing‎ > ‎

Windows Configuration/Log Files

Have you ever needed to know where Windows stores the system configuration (e.g registry, network file, etc.) and logs files (e.g. event logs). 

Note: To see some of the file like the registry files, you will need to utilize the administrator command prompt and a command "dir %WinDir%\system32\config\SYSTEM.LOG* /a:h"

Below are the file locations for these files:
  • Registry
    • %WinDir%\system32\config\SYSTEM (HKLM\System)
    • %WinDir%\system32\config\SOFTWARE (HKLM\Software)
    • %WinDir%\system32\config\SECURITY (HKLM\Security)
    • %WinDir%\system32\config\SAM (HKLM\SAM)
    • %WinDir%\system32\config\Default (HKEY_USERS.DEFAULT)
    • %UserProfile%\Ntuser.dat (HKEY_USERS\[SID])
    • %UserProfile%\AppData\Local\Microsoft\Windows\Usrclass.dat (HKCU\[SID]\Software\Classes)
  • HOST file
    • %WinDir%\System32\drivers\etc\HOST
  • Event Logs
    • %WinDir%\System32\Winevt\Logs
  • IIS/.NET Configuration Files
    • %WinDir%\Microsoft.NET\Framework\<FrameworkVersion>\CONFIG\Machine.config
    • %WinDir%\Microsoft.NET\Framework\<FrameworkVersion>\CONFIG\Web.config
    • %WinDir%\system32\inetsrv\config\ApplicationHost.config