none
What is HKEY_CURRENT_USER ?

    Question

  • Hi everyone. Cannot understand the sense of this hive. It point ti HKU hive with correspondinf SID. Why do need to male an alias for user? And what else makes this hive (any security issues etc?)
    Thursday, February 14, 2013 4:03 PM

Answers

  • This is the information on msdn:

    "

    Registry entries subordinate to this key define the preferences of the current user. These preferences include the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences. This key makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS. In HKEY_CURRENT_USER, software vendors store the current user-specific preferences to be used within their applications. Microsoft, for example, creates the HKEY_CURRENT_USER\Software\Microsoft key for its applications to use, with each application creating its own subkey under the Microsoft key.

    The mapping between HKEY_CURRENT_USER and HKEY_USERS is per process and is established the first time the process references HKEY_CURRENT_USER. The mapping is based on the security context of the first thread to reference HKEY_CURRENT_USER. If this security context does not have a registry hive loaded in HKEY_USERS, the mapping is established with HKEY_USERS\.Default. After this mapping is established it persists, even if the security context of the thread changes.

    All registry entries in HKEY_CURRENT_USER except those under HKEY_CURRENT_USER\Software\Classes are included in the per-user registry portion of a roaming user profile. To exclude other entries from a roaming user profile, store them in HKEY_CURRENT_USER_LOCAL_SETTINGS.

    This handle should not be used in a service or an application that impersonates different users. Instead, call the RegOpenCurrentUser function.

    For more information, see HKEY_CURRENT_USER. "

    Friday, February 15, 2013 8:45 AM
  • The reason is basically that HKCU is always referring to the logged on user/active session. That way you don't have to know the user's SID to make changes to a user, like when deploying a registry setting by script.
    • Marked as answer by Kerberrus Thursday, July 04, 2013 3:55 AM
    Friday, February 15, 2013 8:58 AM
  • It's just a shortcut, the same way HKEY_CURRENT_CONFIG is just a shortcut. It makes accessing the currently relative registry settings easier. That's all, really. It's not technically a separate hive, it just appears to be.
    • Marked as answer by Kerberrus Thursday, July 04, 2013 3:55 AM
    Friday, February 15, 2013 8:33 PM

All replies

  • The hive files are the elements of the registry.  What exactly are you trying to do?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    Thursday, February 14, 2013 4:58 PM
  • No, just a theory question. Trying to understand why we need to separate this hive from HKU and what information does it store.
    Friday, February 15, 2013 7:56 AM
  • This is the information on msdn:

    "

    Registry entries subordinate to this key define the preferences of the current user. These preferences include the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences. This key makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS. In HKEY_CURRENT_USER, software vendors store the current user-specific preferences to be used within their applications. Microsoft, for example, creates the HKEY_CURRENT_USER\Software\Microsoft key for its applications to use, with each application creating its own subkey under the Microsoft key.

    The mapping between HKEY_CURRENT_USER and HKEY_USERS is per process and is established the first time the process references HKEY_CURRENT_USER. The mapping is based on the security context of the first thread to reference HKEY_CURRENT_USER. If this security context does not have a registry hive loaded in HKEY_USERS, the mapping is established with HKEY_USERS\.Default. After this mapping is established it persists, even if the security context of the thread changes.

    All registry entries in HKEY_CURRENT_USER except those under HKEY_CURRENT_USER\Software\Classes are included in the per-user registry portion of a roaming user profile. To exclude other entries from a roaming user profile, store them in HKEY_CURRENT_USER_LOCAL_SETTINGS.

    This handle should not be used in a service or an application that impersonates different users. Instead, call the RegOpenCurrentUser function.

    For more information, see HKEY_CURRENT_USER. "

    Friday, February 15, 2013 8:45 AM
  • The reason is basically that HKCU is always referring to the logged on user/active session. That way you don't have to know the user's SID to make changes to a user, like when deploying a registry setting by script.
    • Marked as answer by Kerberrus Thursday, July 04, 2013 3:55 AM
    Friday, February 15, 2013 8:58 AM
  • It's just a shortcut, the same way HKEY_CURRENT_CONFIG is just a shortcut. It makes accessing the currently relative registry settings easier. That's all, really. It's not technically a separate hive, it just appears to be.
    • Marked as answer by Kerberrus Thursday, July 04, 2013 3:55 AM
    Friday, February 15, 2013 8:33 PM