locked
Incomplete(?) SIDs list of users accounts in HKEY_USERS registry entry RRS feed

  • Question

  • While browsing through Registry, i went to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to check the SIDs of users accounts that are registered on my system.

    They were:

    S-1-5-18 which belongs to %systemroot%\system32\config\systemprofile

    S-1-5-19 which belongs to %SystemDrive%\Documents and Settings\LocalService

    S-1-5-20 which belongs to %SystemDrive%\Documents and Settings\NetworkService

    S-1-5-21-1085031214-1482476501-725345543-1003 which belongs to my daily use admin account

    S-1-5-21-1085031214-1482476501-725345543-1004 which belongs to %SystemDrive%\Documents and Settings\UpdatusUser - it's an account made during NVIDIA graphic drivers installation, needed to perform updates of those drivers

    S-1-5-21-1085031214-1482476501-725345543-1006 which belongs to normal user that runs on limited privileges

    S-1-5-21-1085031214-1482476501-725345543-1007 and S-1-5-21-1085031214-1482476501-725345543-1008 which belongs to %SystemDrive%\Documents and Settings\UpdatusUser - it's my fault because i had small problems while installing those drivers (now everything's fine, i think) and i had to repeat this 3 times, that's why this user has 3 SIDs

    And of course 2 last SIDs belongs to default Admin account - S-1-5-21-1085031214-1482476501-725345543-500 and Guest account - S-1-5-21-1085031214-1482476501-725345543-501

    And where's the problem? I went to HKEY_USERS and saw, there are following SIDs:

    HKEY_USERS\.DEFAULT

    HKEY_USERS\S-1-5-18

    HKEY_USERS\S-1-5-19

    HKEY_USERS\S-1-5-19_Classes - what stands for _Classes ?

    HKEY_USERS\S-1-5-20

    HKEY_USERS\S-1-5-20_Classes

    HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003

    HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003_Classes

    Why there aren't other SIDs, mentioned earlier (like my daily admin account or even guest account)?

    Is it normal?


    • Edited by krakerS Monday, December 5, 2011 1:31 PM edit typo
    Monday, December 5, 2011 1:30 PM

All replies

  • Because HKCU only has the currently loaded users' hives (As I understand it, the currently logged in / active users only).

    Perhaps someone else can chime in on the _Classes hive purpose / function / etc.

    Friday, November 23, 2012 10:03 PM
  • Thanks anyway! :)

    Wednesday, November 28, 2012 9:55 AM