Software & Apps Windows 57 57 people found this article helpful HKEY_LOCAL_MACHINE (HKLM Registry Hive) By Tim Fisher General Manager, VP, Lifewire.com Tim Fisher has 30+ years' professional technology support experience. He writes troubleshooting content and is the General Manager of Lifewire. our editorial process Facebook Twitter LinkedIn Tim Fisher Updated November 13, 2019 Windows The Ultimate Laptop Buying Guide Tweet Share Email HKEY_LOCAL_MACHINE, often abbreviated as HKLM, is one of several registry hives that make up the Windows Registry. This particular hive contains the majority of the configuration information for the software you have installed, as well as for the Windows operating system itself. In addition to software configuration data, the HKEY_LOCAL_MACHINE hive also contains lots of valuable information about currently detected hardware and device drivers. In Windows 10, Windows 8, Windows 7, and Windows Vista, information about your computer's boot configuration is included in this hive, too. How to Get to HKEY_LOCAL_MACHINE Being a registry hive, HKEY_LOCAL_MACHINE is easy to find and open using the Registry Editor tool included in all versions of Windows: Open Registry Editor. Locate HKEY_LOCAL_MACHINE on the left-hand side of Registry Editor. Tap or click on the word HKEY_LOCAL_MACHINE or the small arrow to the left to expand it. If you, or someone else, have used Registry Editor before on your computer, you may need to collapse any open registry keys until you find the HKEY_LOCAL_MACHINE hive. Registry Subkeys in HKEY_LOCAL_MACHINE The following registry keys are located under the HKEY_LOCAL_MACHINE hive: HKEY_LOCAL_MACHINE\BCD00000000HKEY_LOCAL_MACHINE\COMPONENTSHKEY_LOCAL_MACHINE\DRIVERSHKEY_LOCAL_MACHINE\HARDWAREHKEY_LOCAL_MACHINE\SAMHKEY_LOCAL_MACHINE\SchemaHKEY_LOCAL_MACHINE\SECURITYHKEY_LOCAL_MACHINE\SOFTWAREHKEY_LOCAL_MACHINE\SYSTEM The keys located under HKEY_LOCAL_MACHINE on your computer may differ somewhat depending on your version of Windows and your specific computer configuration. For example, newer versions of Windows do not include the HKEY_LOCAL_MACHINE\COMPONENTS key. The HARDWARE subkey holds data pertaining to the BIOS, processors, and other hardware devices. For example, within HARDWARE is DESCRIPTION > System > BIOS, which is where you'll find the current BIOS version and vendor. The SOFTWARE subkey is the one most commonly accessed from the HKLM hive. It's organized alphabetically by the software vendor and is where each program writes data to the registry so that the next time the application gets opened, its specific settings can be applied automatically so that you don't have to reconfigure the program each time it's used. It's also useful when finding a user's SID. The SOFTWARE subkey also holds a Windows subkey that describes various UI details of the operating system, a Classes subkey detailing which programs are associated with which file extensions, and others. HKLM\SOFTWARE\Wow6432Node\ is found on 64-bit versions of Windows but is used by 32-bit applications. It's equivalent to HKLM\SOFTWARE\ but isn't the exact same since it's separated for the sole purpose of providing information to 32-bit applications on a 64-bit OS. WoW64 shows this key to 32-bit applications as "HKLM\SOFTWARE\." Hidden Subkeys in HKLM In most configurations, the following subkeys are hidden keys, and therefore can't be browsed like the other keys under the HKLM registry hive: HKEY_LOCAL_MACHINE\SAMHKEY_LOCAL_MACHINE\SECURITY Most of the time these keys appear blank when you open them and/or contain subkeys that are blank. The SAM subkey refers to information about Security Accounts Manager (SAM) databases for domains. Within each database are group aliases, users, guest accounts, and administrator accounts, plus the name used to log in to the domain, cryptographic hashes of each user's password, and more. The SECURITY subkey is used to store the security policy of the current user. It's linked to the security database of the domain where the user is logged in, or to the registry hive on the local computer if the user is logged in to the local system domain. To see the contents of the SAM or SECURITY key, the Registry Editor must instead be opened using the System Account, which has greater permissions than any other user, even a user with administrator privileges. Once Registry Editor has been opened using the appropriate permissions, the HKEY_LOCAL_MACHINE\SAM and HKEY_LOCAL_MACHINE\SECURITY keys can be explored like any other key in the hive. Some free software utilities, like PsExec by Microsoft, are able to open Registry Editor with the proper permissions to view these hidden keys. More on HKEY_LOCAL_MACHINE It might be interesting to know that HKEY_LOCAL_MACHINE doesn't actually exist anywhere on the computer, but is instead just a container for displaying the actual registry data being loaded via the subkeys located within the hive, listed above. In other words, HKEY_LOCAL_MACHINE acts like a shortcut to a number of other sources of data about your computer. Because of this non-existent nature of HKEY_LOCAL_MACHINE, neither you nor any program you install can create additional keys under HKEY_LOCAL_MACHINE. The HKEY_LOCAL_MACHINE hive is global, meaning that it's the same no matter which user on the computer views it, unlike a registry hive-like HKEY_CURRENT_USER which is specific to each user that views it while logged in. Although HKEY_LOCAL_MACHINE is often written as HKLM, it's not really an "official" abbreviation. This is important to know because some programs in some circumstances, even tools available directly from Microsoft, do not let you abbreviate the hive in registry paths. If you're getting an error while using "HKLM," use the full path instead and see if that fixes it.