Accessing HKEY_CLASSES_ROOT and HKEY_CURRENT_USER Registry Remotely

To connect connect to another computer in RegEdit, you need to first start “Remote Registry” service on the remote computer. You can find out how to do this from here. When you open registry editor and connect to a remote computer, the only hives you will see are HKEY_LOCAL_MACHINE and HKEY_USERS.

So where are the other hives? They are actually there and you can find it following these instructions. HKEY_CLASSES_ROOT and HKEY_CURRENT_USER are under the two hives you can see.

HKEY_CLASSES_ROOT

It is under HKEY_LOCAL_MACHINESOFTWAREClasses

HKEY_CURRENT_USER

This is harder to find because you need to know what the user SID is and find it. You can find the user SID in HKEY_USERS and browse through each SID. You can ignore the SIDs that have only 4 digits (i.e. S-1-5-20), these are system accounts.

There are two ways to find User’s SIDs in the Registry:

Command Line Way

Run cmd console, and type in

whoami /user

Registry Key Way

You can also determine a user’s SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under theHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList key.

The ProfileImagePath value within each SID-named registry key lists the profile directory, which includes the user name.

For example, the ProfileImagePath value under the S-1-5-21-1180699209-877415012-3182924384-1004 key on my computer is C:UsersTim so I know that the SID for the user “Tim” is “S-1-5-21-1180699209-877415012-3182924384-1004”.

Leave a Reply

Your email address will not be published. Required fields are marked *

Are you Robot? *

For prompt technical support, please use our forum IntoFPV.com. I check blog comments weekly.