Sharing IT knowledge ...and a little more

How to edit HKEY_CURRENT_USER for another user

by · Published · Updated

There are times when you need to edit HKEY_CURRENT_USER for another user without logging on as that user. Knowing how to do this can be very handy when troubleshooting group policy issues that affect user specific registry settings. User registry settings are stored in the HKEY_CURRENT_USER registry key which can only be viewed or edited by the logged on user account. However, an administrator can view and modify user specific registry settings by matching the account and the SID for that account. The Security Identifier (SID) is a unique name that is assigned by a Windows Domain controller during the login process that is used to identify a user.

The rest of this post describes the step by step process on how to identify and match the SID with the account so that an administrator can view and/or edit user registry settings. You must have local administrative permissions on the local machine in order to modify these registry settings.

  1. Connect to the remote computer’s registry using the REGEDIT command
  2. Expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  3. Note the folders are named with the SID names of every users that has logged onto that computer
    hkey_current_user3
  4. Expand each folder and view at the “ProfileImagePath” key to identify the user profile associated with the SID folder
    hkey_current_user
  5. Once you’ve found the account or user profile that you are looking for, make a note of the SID folder name
  6. Expand the HKEY_USERS registry key and look for the SID folder that you have identified in step 4
    hkey_current_user2
  7. Now modify or view the registry settings you wish to change.

Tags:

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology Director. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

19 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Mahi
Mahi
8 years ago

Thanks, this was very helpful

2
Reply
George Almeida
Author
George Almeida
8 years ago
Reply to  Mahi

Mahi, thanks for commenting. Glad it helped.

1
Reply
OhGonneck
OhGonneck
7 years ago

This does not seem to work if the other user has administrative privileges. The SID under HKEY_USERS is just not there then.
Maybe it’s in another reg-file?

0
Reply
George Almeida
Author
George Almeida
7 years ago
Reply to  OhGonneck

Thanks for your post. Please try the following registry location (per Adrian’s post) HKLM\SYSTEM\CurrentControlSe\tControl\hivelist. I’m able to see the Administrator SID.

0
Reply
Adrian
Adrian
7 years ago

An easier way to link the user’s SID with their username is to look to the HKLMSYSTEMCurrentControlSetControlhivelist key.
There you can find the location for all users hive files and their SID. Also there you can see the location of the administrative users profile (like SYSTEM).

0
Reply
George Almeida
Author
George Almeida
7 years ago
Reply to  Adrian

Yep. That works too and it is less steps. Thanks for sharing Adrian!

0
Reply
Mattia
Mattia
6 years ago

Very clear and helpful George!! Congratulations for your site and thanks for sharing!! 🙂

0
Reply
George Almeida
Author
George Almeida
6 years ago
Reply to  Mattia

Thank you Mattia. I’m so glad this post helped out. Cheers!

0
Reply
Jo Franklin
Jo Franklin
6 years ago

why am i unable to find other SID, the only SID that is shown is only the account that i am using right now.

0
Reply
George Almeida
Author
George Almeida
6 years ago
Reply to  Jo Franklin

Jo, let’s try two things. First, have you tried using the method posted by Adrian? Navigate to HKLM/SYSTEM/CurrentControlSet/Control/hivelist key. You should be able to see all the SIDs for your users in there. Although I did not have to open regedit as an administrator, you might want to try that if the above doesn’t work. Let me know if you found what you are looking for. Thanks and good luck!

0
Reply
Shah
Shah
6 years ago

Great IT helped. Tk

0
Reply
George Almeida
Author
George Almeida
6 years ago
Reply to  Shah

Very happy to hear it helped! Thank you for posting Shah.

0
Reply
Daniel Triantopoulos
Daniel Triantopoulos
6 years ago

Spot on and same results today!

0
Reply
George Almeida
Author
George Almeida
6 years ago
Reply to  Daniel Triantopoulos

Fantastic Daniel! Thanks for leaving a comment!

0
Reply
Chris
Chris
5 years ago

You can get the current user SID by:
whoami /user

0
Reply
George Almeida
Author
George Almeida
5 years ago
Reply to  Chris

Thanks Chris! I learned something today!

0
Reply
RFBAdmin
RFBAdmin
4 years ago

Unfortunately, HKEY_Users only shows the currently logged-in users on our terminal server. We need to modify the registry for a user who’s not available to log onto the TS.

3
Reply
Ignotus
Ignotus
3 years ago
Reply to  RFBAdmin

I know this is old, but it came up in a Google search for editing HKCU for another user. I noticed the same issue on a terminal server, but also confirmed that HKLM/SYSTEM/CurrentControlSet/Control/hivelist works the same on a standard Win 10 Enterprise desktop system as well (not a server). It shows the currently logged in user as well as any other sessions that have logged on while the current user is logged in. For example, I opened regedit with my domain admin acct and again using the local admin acct and hivelist shows the current user along with my domain… Read more »

0
Reply
Gareth
Gareth
3 years ago

Thank you, super helpful, concise answer.
10/10 – would recommend.

0
Reply
19
0
Would love your thoughts, please comment.x
()
x