Accessing HKEY_CLASSES_ROOT and HKEY_CURRENT_USER Registry Remotely

by Oscar

To connect connect to another computer in RegEdit, you need to first start “Remote Registry” service on the remote computer. You can find out how to do this from here. When you open registry editor and connect to a remote computer, the only hives you will see are HKEY_LOCAL_MACHINE and HKEY_USERS.

Some of the links on this page are affiliate links. I receive a commission (at no extra cost to you) if you make a purchase after clicking on one of these affiliate links. This helps support the free content for the community on this website. Please read our Affiliate Link Policy for more information.

So where are the other hives? They are actually there and you can find it following these instructions. HKEY_CLASSES_ROOT and HKEY_CURRENT_USER are under the two hives you can see.




This is harder to find because you need to know what the user SID is and find it. You can find the user SID in HKEY_USERS and browse through each SID. You can ignore the SIDs that have only 4 digits (i.e. S-1-5-20), these are system accounts.

There are two ways to find User’s SIDs in the Registry:

Command Line Way

Run cmd console, and type in

whoami /user

Registry Key Way

You can also determine a user’s SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under theHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList key.

The ProfileImagePath value within each SID-named registry key lists the profile directory, which includes the user name.

For example, the ProfileImagePath value under the S-1-5-21-1180699209-877415012-3182924384-1004 key on my computer is C:UsersTim so I know that the SID for the user “Tim” is “S-1-5-21-1180699209-877415012-3182924384-1004”.

Leave a Comment

By using this form, you agree with the storage and handling of your data by this website. Note that all comments are held for moderation before appearing.