Share via

What are Shell Extensions in the Registry and Why Are They Different on Each System

Anonymous
2023-10-08T23:48:30+00:00

in the Registry, under HKEY Users > S-1-5-18 > Software > Microsoft > Windows > CurrentVersion > Shell Extensions > Cached, there is a list of keys with the type "Reg Binary"

I would like to know what these are and if these keys are related to the "interface" Shell, or PowerShell, because the way Windows names these 2 different components has always caused confusion for me

secondly, is it normal for 2 systems to have different keys and a different number of them? my PC has 17 of these keys under Shell Extensions > Cached, while my laptop has 12 of them instead. the last 3 keys appear to be the same on both systems, while the others are different

I exported the folder into a text document on my PC and they were last modified on April 15th 2023 so I assume it's nothing to concern myself with but I'd like some more info on what these keys are and whether or not it's normal for different systems to have more/less keys than other people

Windows for home | Windows 10 | Files, folders, and storage

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 225.5K Reputation points Independent Advisor
    2023-10-09T00:43:23+00:00

    Hello, this is Emily.

    In the context of the Windows Registry and "Shell Extensions", the "Shell" refers to the Windows Shell, which is essentially the user interface that you interact with when using Windows, such as taskbar, desktop, file explorer, etc. not PowerShell.

    It's completely normal for two systems to have a different number and different sets of keys in the registry, even under "Shell Extensions. Just think about the different softwares, settings, configurations, usage, they won't be exactly the same for both computers.

    Does that help answer your concern?

    1 person found this answer helpful.
    0 comments
  2. EmilyS726 225.5K Reputation points Independent Advisor
    2023-10-09T12:51:56+00:00

    I see your concern with web-based cookies. But this is device specific cookies, so I don't think it is the same concern.

    0 comments
  3. Anonymous
    2023-10-09T02:46:18+00:00

    I restarted my PC as a test and when I checked Registry, none of the numbers changed, all the values were the same, which I imagine is due to the fact that I'm still signing in on the same device

    so in short, even if someone was to look in the AuthCookies > DIDC folder in the Registry, they wouldn't be able to do anything with the numbers on each key. not even to sign in to my account or do anything to my system?

    I just had to ask because obviously with browser-based cookie stealing, if they take the cookies then they can just start signing in wherever they want. so when I saw this AuthCookies folder and the unique ID of the Data key, I thought "is it possible for someone to see this ID/number and use it"

    0 comments
  4. EmilyS726 225.5K Reputation points Independent Advisor
    2023-10-09T01:53:17+00:00

    As the name suggests, AuthCookies is related to authentication cookies, which are data stored to manage, authenticate, or recognize a user's session with a service. In this case, I believe the service is for signing into live.com (Microsoft's). The data here is unique to the session on this device, If you use the same Microsoft account on both devices, I can see why some keys and numbers are similar, but the session/token itself is NOT the same, hence someone cannot simply grab this data to sign into your account on another device. That's not how it works. The AuthCookies allow Microsoft live.com service to recognize your session, so it won't be asking you to do the two step verficiation all the time.

    0 comments
  5. Anonymous
    2023-10-09T01:40:42+00:00

    it does thank you, that makes sense. I have another question related to the same section of the Registry

    the path HKEY Users > S-1-5-18 > Software > Microsoft > AuthCookies > Live > Default > DIDC

    do you know what "AuthCookies" are, and what the keys listed under DIDC represent? they consist of Data, Flags, Name, P3P, and URL

    both of my devices have the same keys and numbers, the only difference is the beginning number of the "Data" key is different, which I assume is like a unique ID

    if someone were to see this folder and see the numbers on these keys, could they use that to gain control of the system in any way? l ask because seeing this registry folder have the word "Cookies" in it makes me fear that, like browser cookies, they can be stolen and used to hack the system

    is that situation possible? for someone to see the numbers of these registry keys and use them for anything? or is that simply not how that works and have I misunderstood what these "AuthCookies" folder is

    0 comments