Windows NT HKEY_USERS registry hive keeps all the user-specific data required by
the operating system and applications. That includes things like screen saver,
fonts, folder view preferences, event sounds, and the list of recent Start/Run
entries. Directly under the HKU key is a set of keys that represent all the user
names created on the system. There is also a .DEFAULT
key under HKU that contains the settings that will be used when a new user is
created. The .DEFAULT settings are also used when no
user is logged into NT. The .DEFAULT profile is used
while the NT Alt-Ctl-Del logon message is displayed. Changing the color scheme
under .DEFAULT will change the color scheme used for
logons. The default logon screen saver is the blank screen saver. Probably best
to leave it asis.
HKU doesn’t identify keys by user names except through the creation of
HKEY_CURRENT_USER db view. HKU assigns unique numbers to each user when the
user’s account is created. For example, the Administrator account number on one
NT system is S-1-5-21-1255497644-172053269-203352104-,
but it won’t be the same on any other system. All security access control in NT
is actually keyed to security IDs. The last portion of the SID for the builtin
Administrator account is always 500, making it impossible to hide which
account is the builtin Administrator account. See SID.
