Artifacts

Win7 HomeGroup Reg Particulars

Posted by:  /  Tags:

Author Name
Matt Nelson
Submission Title
Win7 HomeGroup Reg Particulars
Artifact or Program Version
HomeGroup Information
Artifact Description
A few of the particulars out of the registry for a Win7 system that may be part of a HomeGroup.
IPv6 must be enabled.

Per Microsoft:

A homegroup is a group of computers on a home network that can share files and printers. Using a homegroup makes sharing easier. You can share pictures, music, videos, documents, and printers with other people in your homegroup. Other people can’t change the files that you share unless you give them permission to do so. You can help protect your homegroup with a password, which you can change at any time.

– In Windows 7 Starter and Windows 7 Home Basic, you can join a homegroup, but you can’t create one.

– If a homegroup already exists on your network, you’ll be asked to join it instead of creating a new one.

– If your computer belongs to a domain, you can join a homegroup but you can’t create one. You can access files and resources on other homegroup computers, but you can’t share your own files and resources with the homegroup.


Registry Keys
-=Created or Joined HomeGroup=-

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\CreatedOrJoinedHomeGroup: 0×00000001


-=Member Computers (of the HomeGroup):=-

HKLM\SYSTEM\ControlSet001\services\HomeGroupProvider\ServiceData\Members\5f325793fe322a229e41646c0278c3d052ebcb32.HomeGroupClassifier\ComputerName: [computer name]

HKLM\SYSTEM\ControlSet001\services\HomeGroupProvider\ServiceData\Members\4a0aaaa82ac735e645ca3e6c9ec98e8ae2d6d406.HomeGroupClassifier\ComputerName: [computer name]

Note: the [*********].HomeGroupClassifier is a unique string to the computer

 

-=Owner/User that set up the HomeGroup:=-

HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider\ServiceData\Owner: “[user name]”

 

-=Primary System ID of the HomeGroup=-

HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider\ServiceData\OwnerId: “4a0aaaa82ac735e645ca3e6c9ec98e8ae2d6d406.HomeGroupClassifier”

 

-=Computer that Joined HomeGroup=-

HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider\ServiceData\OwnerMachineName: “[computer name]”

 

-=User name that joined the HomeGroup=-

HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider\ServiceData\LocalJoiningUser: “[user name]”

 

-=HomeGroup pasword=-

HKLM\SYSTEM\CurrentControlSet\services\HomeGroupProvider\ServiceData\Password:

Note: this is automatically set up by the system.

 

-=What is shared on the HomeGroup=- (for the analyzed system)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\SharingPreferences\S-1-5-21-440289028-1358208096-2242387208-1000\ShareDocuments: 0×00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\SharingPreferences\S-1-5-21-440289028-1358208096-2242387208-1000\SharePictures: 0×00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\SharingPreferences\S-1-5-21-440289028-1358208096-2242387208-1000\ShareMusic: 0×00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\SharingPreferences\S-1-5-21-440289028-1358208096-2242387208-1000\ShareVideos: 0×00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\SharingPreferences\S-1-5-21-440289028-1358208096-2242387208-1000\ShareMediaToAllDevices: 0×00000000

Note: Specific to user SID

 

-=HomeGroup Shared printers=-

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\PrintingPreferences\Printers: 0×00000001

 

-=MAC addresses of Member systems w/name=-

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\Members\00-0C-29-5E-11-BC: “primary computer”

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\Members\8C-11-11-4C-C1-C7: “member computer”

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\Members\8C-11-11-4C-C1-C6: “member computer”

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\HME\Members\2C-11-11-BA-94-EC: “member computer”

Note: the “member computer” has multiple MACs – a laptop with wired/wireless NICs

 

Research Links
http://windows.microsoft.com/en-US/windows7/products/features/homegroup

Leave a Reply

Your Name: (required)

Your Email: (will not be published) (required)

Your Website:

Your Message:

submit comment