Hkey_local_machine Location

[Kipa Crawn]

MiniTool OEM program enable partners like hardware / software vendors and relative technical service providers to embed MiniTool software with their own products to add value to their products or services and expand their market.

What is HKEY_LOCAL_MACHINE? This post introduces the definition and location of HKEY_LOCAL_MACHINE, as well as how to open and view the registry keys under HKEY_LOCAL_MACHINE Windows Registry tree. If you need a free data recovery software, hard drive partition management software, system backup and restore software, MiniTool software has all of them.

Windows Registry is a database that contains Windows operating system configuration settings. Windows Registry is categorized into different trees. If you open Windows Registry Editor, you can find several different root keys. Each registry root key includes different information of a specific Windows function.

HKLM registry hive contains the majority of the configuration information of Windows OS, installed software, Windows services, device and hardware drivers. It also includes the boot configuration of your Windows 10/8/7/Vista computer.

You can try this data recovery program to restore any data and files after a mistakenly file deletion, system crash, black/blue screen error (e.g. Kernel Data Inpage Error), malware/virus infection, hard drive failure, or any other data loss situations.

There are many different ways to examine registry entries. The simplest way is to get the propertynames associated with a key. For example, to see the names of the entries in the registry keyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, use Get-Item. Registry keys have aproperty with the generic name of "Property" that's a list of registry entries in the key. Thefollowing command selects the Property property and expands the items so that they're displayed in alist:

Path expansion works the same as it does within the filesystem, so from this location you can getthe ItemProperty listing for HKLM:\SOFTWARE\Microsoft\Windows\Help usingGet-ItemProperty -Path ..\Help.

If you want to retrieve a specific entry in a registry key, you can use one of several possibleapproaches. This example finds the value of DevicePath inHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.

Although Get-ItemProperty has Filter, Include, and Exclude parameters, they can'tbe used to filter by property name. These parameters refer to registry keys, which are itempaths and not registry entries, which are item properties.

Another option is to use the reg.exe command line tool. For help with reg.exe, type reg.exe /?at a command prompt. To find the DevicePath entry, use reg.exe as shown in the followingcommand:

You can also use the WshShell COM object to find some registry entries, although this methoddoesn't work with large binary data or with registry entry names that include characters such asbackslash (\). Append the property name to the item path with a \ separator:

If you want to change a specific entry in a registry key, you can use one of several possibleapproaches. This example modifies the Path entry under HKEY_CURRENT_USER\Environment. ThePath entry specifies where to find executable files.

The following example changes the Path entry by removing the path added in the example above.Get-ItemProperty is still used to retrieve the current value to avoid having to parse the stringreturned from reg query. The SubString and LastIndexOf methods are used to retrieve thelast path added to the Path entry.

To add a new entry named "PowerShellPath" to the CurrentVersion key, use New-ItemProperty withthe path to the key, the entry name, and the value of the entry. For this example, we will take thevalue of the Windows PowerShell variable $PSHome, which stores the path to the installationdirectory for Windows PowerShell.

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

In other words, the registry or Windows Registry contains information, settings, options, and other values for programs and hardware installed on all versions of Microsoft Windows operating systems. For example, when a program is installed, a new subkey containing settings such as a program's location, its version, and how to start the program, are all added to the Windows Registry.

When introduced with Windows 3.1, the Windows Registry primarily stored configuration information for COM-based components. Windows 95 and Windows NT extended its use to rationalize and centralize the information in the profusion of INI files, which held the configurations for individual programs, and were stored at various locations.[1][2] It is not a requirement for Windows applications to use the Windows Registry. For example, .NET Framework applications use XML files for configuration, while portable applications usually keep their configuration files with their executables.

Prior to the Windows Registry, .INI files stored each program's settings as a text file or binary file, often located in a shared location that did not provide user-specific settings in a multi-user scenario. By contrast, the Windows Registry stores all application settings in one logical repository (but a number of discrete files) and in a standardized form. According to Microsoft, this offers several advantages over .INI files.[2][3] Since file parsing is done much more efficiently with a binary format, it may be read from or written to more quickly than a text INI file. Furthermore, strongly typed data can be stored in the registry, as opposed to the text information stored in .INI files. This is a benefit when editing keys manually using regedit.exe, the built-in Windows Registry Editor. Because user-based registry settings are loaded from a user-specific path rather than from a read-only system location, the registry allows multiple users to share the same machine, and also allows programs to work for less privileged users. Backup and restoration is also simplified as the registry can be accessed over a network connection for remote management/support, including from scripts, using the standard set of APIs, as long as the Remote Registry service is running and firewall rules permit this.

The registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values and subkeys. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. Keys must have a case insensitive name without backslashes.

The hierarchy of registry keys can only be accessed from a known root key handle (which is anonymous but whose effective value is a constant numeric handle) that is mapped to the content of a registry key preloaded by the kernel from a stored "hive", or to the content of a subkey within another root key, or mapped to a registered service or DLL that provides access to its contained subkeys and values.

Like other files and services in Windows, all registry keys may be restricted by access control lists (ACLs), depending on user privileges, or on security tokens acquired by applications, or on system security policies enforced by the system (these restrictions may be predefined by the system itself, and configured by local system administrators or by domain administrators). Different users, programs, services or remote systems may only see some parts of the hierarchy or distinct hierarchies from the same root keys.

Registry values are name/data pairs stored within keys. Registry values are referenced separately from registry keys. Each registry value stored in a registry key has a unique name whose letter case is not significant. The Windows API functions that query and manipulate registry values take value names separately from the key path or handle that identifies the parent key. Registry values may contain backslashes in their names, but doing so makes them difficult to distinguish from their key paths when using some legacy Windows Registry API functions (whose usage is deprecated in Win32).

The terminology is somewhat misleading, as each registry key is similar to an associative array, where standard terminology would refer to the name part of each registry value as a "key". The terms are a holdout from the 16-bit registry in Windows 3, in which registry keys could not contain arbitrary name/data pairs, but rather contained only one unnamed value (which had to be a string). In this sense, the Windows 3 registry was like a single associative array, in which the keys (in the sense of both 'registry key' and 'associative array key') formed a hierarchy, and the registry values were all strings. When the 32-bit registry was created, so was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distorted.[6] For compatibility with the previous behavior, each registry key may have a "default" value, whose name is the empty string.

Each value can store arbitrary data with variable length and encoding, but which is associated with a symbolic type (defined as a numeric constant) defining how to parse this data. The standard types are:[7]

The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".[2] They are frequently abbreviated to a three- or four-letter short name starting with "HK" (e.g. HKCU and HKLM). Technically, they are predefined handles (with known constant values) to specific keys that are either maintained in memory, or stored in hive files stored in the local filesystem and loaded by the system kernel at boot time and then shared (with various access rights) between all processes running on the local system, or loaded and mapped in all processes started in a user session when the user logs on the system.

c80f0f1006