HKEY_LOCAL_MACHINE


Stores all computer specific configuration data. This subtree has five subkeys:


  • HARDWARE : ntdetect.com
    writes the subtree during the boot process. The hardware detected is divided
    into the following keys:

    • DESCRIPTION : system hardware database generated
      during boot.
    • DEVICEMAP : has subkeys enumerating all device
      drivers loaded.
    • RESOURCEMAP: tracks IRQ, DMA and other resource
      allocations for each driver.

  • SAM : Security Accounts Manager
    contains the user and group account database for a workstation, stand-alone
    server, member server or domain. It is often noted that this subtree can not be
    directly edited. It can be but one would be foolish using anything other than
    indirect editing tools such as User Manager or Resource Toolkit utilities. This
    subkey is actually a db view of the HKEY_LOCAL_MACHINE\SECURITY\SAM key. The max size is
    limited by the maximum size of the Registry. The Registry can not exceed 80% of
    the PagedPoolSize. If PagedPoolSize=128MB, max registry size is 128MB * .80 =
    102MB. See Current Registry Size for tip on how to
    determine current registry size and maximum registry setting. See Q143475
    on how to use strong encryption to the SAM.
  • SECURITY : contains policy information. It should
    not be directly edited. Use an indirect registry editor like the policy editor.
  • SOFTWARE : defines and maintains configuration data
    for all Win32 software installed on the PC including NT itself. There should be
    a subkey for each software vendor with a subkey for each installed title
    published by that vendor.

    • Classes Contains the information necessary to
      launch applications when opened from File Manager (file associations) or
      Explorer and for OLE COM. HKEY_CLASSES_ROOT is a db
      view of the Classes subtree.

      • Holds information about the ActiveX controls installed. When an ActiveX
        control installs itself, it creates entries so that ActiveX container
        applications can find and use the control. These controls register themselves by
        name and they also have a unique numer called a class ID (CLSID).
      • All the extensions and associations between applications and documents
      • Names of all the drivers
      • Strings used as pointers to the actual text they represent (for example,
        aufile actually represents AU Format Sound)
      • Class ID numbers (numbers used intead of names for accessing items)
      • DDE and OLE information
      • Icons used for applications and documents
      It controls all the data
      files. This key is maintained and manipulated the same way under NT and Win9x.
      Every file type is assigned a CLSID number. For example, the CLSID key for a .BMP extension lists the file type,
      the default app used for editing, running or printing the document, the default
      icons, and other info required to use the .BMP file type. Associations define
      what program runs when you double-click on a file name, what Context menu items
      appear when you right-click on the file. To change a file association, use the
      Explorer’s Folder Options dialog or in NT, use the ASSOC cmd.
    • Microsoft : contains subkeys for all Microsoft
      software installed on NT-based computer including NT itself, Browser, Clipbook
      Server, Mail, Microsoft Office, …
    • Secure : not used by NT OS. Used by applications
      such as Exchange Server to maintain configuration data restricted to
      administrator level.
    • Windows 3.1 Migration Status : the presense of this
      key indicates that the migration was complete (ie when NT Workstation installed
      in same directory as Win 3.x or WfWg 3.x).

  • SYSTEM : review the kernel section of Registry Construction Steps for a good overview of this
    subtree.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top