HKEY_USER contains the sister entries to HKEY_CURRENT_USER.  Specifically, HKEY_USER contains the user settings to ANY current user.  Still confused as to the differnce between HKU and HKCU?  Don’t be.  What if you did a RUN AS command or a SWITCH USER?  Where would that users profile be loaded and accessed?  You got it: HKEY_USER.  That is why each HKEY_USER key starts with a SID number (the long string of superficially random numbers that uniquely identifies each person that has a profile on your PC).

If you were the only person to log into your Windows PC since your last reboot, then you should only see a few short system SID’s, plus your SID.

You can verify that the SID you see in in HKEY_USER is actually you by checking PROFILE IMAGE PATH on each SID listed under HKLM > SOFTWARE > MICROSOFT > WINDOWS NT (note the NT!!) > PROFILE LIST.  It’s fun for the whole family!


0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *