The Microsoft Windows Registry Editor can view five predefined and reserved keys in the registry. They are HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG, HKEY_CLASSES_ROOT, and HKEY_CURRENT_USER. The HKEY_CURRENT_USER is a subkey of HKEY_USERS. It is the registry key used by a user, who is currently logging on to the system.
When you log on Windows NT/2000 locally, you can edit your personal registries in HKEY_USERS or HKEY_CURRENT_USER using the Registry Editor. At the same time, HKEY_CURRENT_USER can be accessed and modified remotely. In other words, you can edit your personal registries (HKEY_CURRENT_USER) using your account and password from a remote computer, given that you are also logging on the target computer locally.
If your account and password are stolen, it becomes a very serious security problem since someone who knows your account and password can edit your personal registry settings.
RegistryBrowser is a utility that demonstrates this security issue. It can browse remote system registry using a specified user account. Please try to access HKEY_CURRENT_USER remotely when you either log on or log off locally.
