Dear all, My question is pretty simple. Let's say my current account does not have the administration privileges on the PC I run. I launch regedit and the ACL asks me for the local admin credentials, right. Then, I'm looking at the CURRENT_USER hive key and my question is: is this CURRENT_USER the local admin (regedit is finally launched under this account, no?)? or my own one? Thanks.

CURRENT_USER refers to the user who is currently logged on. For more information, refer to this Microsoft article. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Ok, thanks for the help.

Current_user hive refers to the subkey of Hkey_users that is valid for the currently logged on user. All users have full read/write access to "their" user key.The fact you need admin privileges to run regedit, is because regedit is a tool for admins not for end-users and it need admin acces to read/write for example HKLM keys. If you do a runas to open regedit, off course "current user" refers to the user you used in the runas statement. Vista/7 use the runas principle to lauch executables as admin. So indeed, the current user hive refers to the adminaccount used. You can of course browse in the hkey_users hive to the sid of the user and edit "his" registr from there. MCP/MCSA/MCTS/MCITP

Thanks for your answer. Indeed, I made some tests and they confirm your point and my initial thoughts, and are against the MrX point. How do I the match between the SID and the user account? -> Forget, I got it. Final question, if I add some keys in the _USERS/.DEFAULT/..., are these elements propagated to the users respective CURRENT_USER places?

HKEY_CURRENT_USER: Contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is associated with the user's profile. This key is sometimes abbreviated as "HKCU." This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

If you search you will easily find scripts to determine the sid of a user. but what I mostly do is perform a search starting from hkey_users for the username. It usually is listed multiple times in the user's hive. Be aware this method is not 100% watertight, so you will need some common sense to evaluate whether you chose the right key. MCP/MCSA/MCTS/MCITP