Where to Find File Extension Associations in the Windows Registry

This blog post will explore the various Windows Registry locations containing file extensions, such as .docx or .exe, using PowerShell commands. To understand how the Windows operating system stores file extension information, we first need to understand some basic background information on the Windows Registry and File Extensions.

If you don’t care about the background information and simply want to parse the Windows Registry to find all file extensions and their Registry properties, you can copy the following PowerShell command.

You can also bookmark this command from my GitHub gists.

What is the Windows Registry?

The Windows Registry is an integral component of the Microsoft Windows operating system, serving as a complex database that houses a vast and diverse array of low-level information and settings on hardware, software, and user preferences on a PC through the Registry's centralized management. The Registry is segmented into components that store system configurations, application configurations, and associated user preferences.  Windows components such as the system kernel, device drivers, device services, Security Accounts Manager (SAM), and the user interface all use the Registry to store and retrieve configuration data. 

The registry is structured hierarchically, resembling a tree, with 'keys' and 'subkeys' functioning as nodes. These keys are analogous to folders, with each key able to contain values represented as data pairs. There are five primary sections of the registry, referred to as 'hives': HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, and HKEY_CURRENT_CONFIG.

The registry's structure enables Windows and other applications to locate required settings efficiently. However, any improper modifications to the registry can cause severe system instability, potentially rendering the PC unbootable. Therefore, only advanced users with a thorough understanding of the registry and professionals specializing in registry modifications must undertake any changes. In such cases, it is recommended that a backup is created beforehand to allow for swift recovery in the event of complications.

To open the Windows Registry, type regedit.exe (Registry Editor) in an elevated  powershell.exe or cmd.exe terminal window. Using this method, you can manually browse the Windows Registry, its registry hives, and its registry keys. When working with the Windows registry, it's essential to make changes carefully, as the registry is the centralized configuration source for the Windows Operating System. 

What are File Extensions?

A file extension is a suffix added at the end of a file name. Its purpose is to categorize and identify the format or type of data that a file contains. This helps the operating system select the appropriate application to open or execute files. File extensions are usually marked with a period followed by a series of characters, such as '.docx' for Microsoft Word documents, '.jpg' for JPEG image files, and '.exe' for executable files.

Common file extensions include the following:

Here are some of the most commonly used:

1. '.doc' or '.docx' - Microsoft Office Word document

2. '.jpg' or '.png' - image files

3. '.pdf' - Adobe Reader PDF document

4. '.xls' or '.xlsx' - Microsoft Office Excel document

5. '.ppt' or '.pptx' - Microsoft Power Point

6. '.zip' - Compressed file

7. '.exe' - Executable file

8. '.html' or '.htm' - HTML file

9. '.mp4', '.avi' or '.mkv' - Video files

10. '.mp3' - Audio files

It's important to note that there are potentially hundreds of file extensions that highlight the important task that the Windows OS has through the registry in maintaining a library of extensions and which applications open which extension. 

Windows Registry & File Extensions

If you're curious about which file extensions are available on your Windows machine, you can simply parse the Windows Registry with RegEdit or write a PowerShell script. The various configuration settings including the file extensions, their PerceivedType, as well as their ContentType, inside the following Registry Hive and Registry Keys.

HKEY_CURRENT_USER\Software\Classes\.*

The HKEY_CURRENT_USER registry hive of the Windows registry refers to the Registry hive that houses configuration data that is exclusive to the currently logged-in user. Each user on a Windows system is given a unique HKEY_CURRENT_USER hive in the registry that stores configurations and settings distinct to that particular user.

The path HKEY_CURRENT_USER\Software\Classes\ can be used to view the Windows registry key file extensions associated with the logged-in user. This would be useful for specific file extensions that are related to different programs and applications based on user preference. For example, user A may associate the .zip extension with WinRAR, whereas user B may associate the .zip extension with the WinZip utility. The HKEY_CURRENT_USER hive ensures that different users have their configuration schemes.

To view the file extension name as well as the PerceivedType and ContentType of the extension in the HKEY_CURRENT_USER\Software\Classes\.*path we can use the following PowerShell command:

This PowerShell command will output the .extension value such as .docx or .pdf in a grid view along with its registry properties of which Content (MIME) type and Perceived Type (Broad file format category) can be especially useful.

HKEY_LOCAL_MACHINE\Software\Classes\.*

The HKEY_LOCAL_MACHINE hive contains configuration information that applies to ALL system users. Within this registry hive, the HKEY_LOCAL_MACHINE\Software\Classes\ path contains the Windows file extensions and corresponding values for the SYSTEM. This part of the registry is often used for system-wide settings and configurations. If you associate a specific extension to a valid program in this registry hive, ALL users are affected, not just the currently logged-in user.

To view the file extension name as well as the PerceivedType and ContentType of the extension in the HKEY_LOCAL_MACHINE\Software\Classes\.*path we can use the following PowerShell command:

This PowerShell command will output the .extension value such as .pptx or .txt in a grid view and its registry properties of which Content (MIME) type and Perceived Type (Broad file format category) can be especially useful.

HKEY_CLASSES_ROOT\.*

This registry hive path contains file extension registry keys from HKEY_CURRENT_USER\Software\Classes.* and HKEY_LOCAL_MACHINE\Software\Classes.*. The HKEY_CLASSES_ROOT is read-only; changing keys directly in this hive can have unexpected consequences. However, reading can from this Hive can be a great way to get a comprehensive view of file types and your Windows machine.

To view the file extension name as well as the PerceivedType and ContentType of the extension in the HKEY_CLASSES_ROOT\.* path we can use the following PowerShell command:

This PowerShell command will output the .extension value such as .zip or .exe in a grid view along with its registry properties of which Content (MIME) type and Perceived Type (Broad file format category) can be especially useful.

Summary 

In this post we learned a little bit more about the Windows OS and using the Windows registry to view file extensions as well as their properties. In summary, we can use the following commands to output file extensions and their properties from the following registry locations: HKEY_CURRENT_USER\Software\Classes\., HKEY_LOCAL_MACHINE\Software\Classes\., & HKEY_CLASSES_ROOT\.*.

Thanks for reading! If you found this information helpful or have any questions shoot me a message :)