Something interesting about the Windows registry
The Microsoft Windows Registry Editor is able to view five predefined and reserved keys in the registry. They are HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG, HKEY_CLASSES_ROOT, HKEY_CURRENT_USER. The HKEY_CURRENT_USER is a subkey of HKEY_USERS. It is the registry key used by a user, who is currently logging on to the system.
When you log on Windows NT/2000 locally, you can edit your personal registries in HKEY_USERS or HKEY_CURRENT_USER using the Registry Editor. At the same time, HKEY_CURRENT_USER can be accessed and modified remotely. In other words, you can edit your personal registries (HKEY_CURRENT_USER) using your account and password from a remote computer, given that you are also logging on the target computer locally.
If your account and password are stolen, it becomes a very serious security problem. Someone who knows your account and password can edit your personal registries.
RegistryBrowser is a utility which demonstrates this security issue. It can browse remote system registry using a specified user account. Please try to access HKEY_CURRENT_USER remotely when you either log on or log off locally.