How to edit HKEY_CURRENT_USER for another user
There are times when you need to edit HKEY_CURRENT_USER for another user without logging on as that user. Knowing how to do this can be very handy when troubleshooting group policy issues that affect user specific registry settings. User registry settings are stored in the HKEY_CURRENT_USER registry key which can only be viewed or edited by the logged on user account. However, an administrator can view and modify user specific registry settings by matching the account and the SID for that account. The Security Identifier (SID) is a unique name that is assigned by a Windows Domain controller during the login process that is used to identify a user.
The rest of this post describes the step by step process on how to identify and match the SID with the account so that an administrator can view and/or edit user registry settings. You must have local administrative permissions on the local machine in order to modify these registry settings.
- Connect to the remote computer’s registry using the REGEDIT command
- Expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
- Note the folders are named with the SID names of every users that has logged onto that computer
- Expand each folder and view at the “ProfileImagePath” key to identify the user profile associated with the SID folder
- Once you’ve found the account or user profile that you are looking for, make a note of the SID folder name
- Expand the HKEY_USERS registry key and look for the SID folder that you have identified in step 4
- Now modify or view the registry settings you wish to change.
Thanks, this was very helpful
Mahi, thanks for commenting. Glad it helped.
This does not seem to work if the other user has administrative privileges. The SID under HKEY_USERS is just not there then.
Maybe it’s in another reg-file?
Thanks for your post. Please try the following registry location (per Adrian’s post) HKLM\SYSTEM\CurrentControlSe\tControl\hivelist. I’m able to see the Administrator SID.
An easier way to link the user’s SID with their username is to look to the HKLMSYSTEMCurrentControlSetControlhivelist key.
There you can find the location for all users hive files and their SID. Also there you can see the location of the administrative users profile (like SYSTEM).
Yep. That works too and it is less steps. Thanks for sharing Adrian!
Very clear and helpful George!! Congratulations for your site and thanks for sharing!! 🙂
Thank you Mattia. I’m so glad this post helped out. Cheers!
why am i unable to find other SID, the only SID that is shown is only the account that i am using right now.
Jo, let’s try two things. First, have you tried using the method posted by Adrian? Navigate to HKLM/SYSTEM/CurrentControlSet/Control/hivelist key. You should be able to see all the SIDs for your users in there. Although I did not have to open regedit as an administrator, you might want to try that if the above doesn’t work. Let me know if you found what you are looking for. Thanks and good luck!
Great IT helped. Tk
Very happy to hear it helped! Thank you for posting Shah.
Spot on and same results today!
Fantastic Daniel! Thanks for leaving a comment!
You can get the current user SID by:
whoami /user
Thanks Chris! I learned something today!
Unfortunately, HKEY_Users only shows the currently logged-in users on our terminal server. We need to modify the registry for a user who’s not available to log onto the TS.
I know this is old, but it came up in a Google search for editing HKCU for another user. I noticed the same issue on a terminal server, but also confirmed that HKLM/SYSTEM/CurrentControlSet/Control/hivelist works the same on a standard Win 10 Enterprise desktop system as well (not a server). It shows the currently logged in user as well as any other sessions that have logged on while the current user is logged in. For example, I opened regedit with my domain admin acct and again using the local admin acct and hivelist shows the current user along with my domain… Read more »
Thank you, super helpful, concise answer.
10/10 – would recommend.