How to break into registry to explore HKLM\\SAM and HKLM\\SECURITY keys?

by [Published on 16 July 2008 / Last Updated on 3 July 2008]

This article explains how you can use Psexec.exe to execute registry editor to explore SAM and SECURITY registry hives.

The Registry Editor will not allow you to navigate through HKEY_LOCAL_MACHINE\SAM and HKEY_LOCAL_MACHINE\SECURITY hives. These hives are protected by the System Account and currently logged on user or member of Administrators Group do not have permissions to view them.

To view the the registry entries under SAM or SECURITY hive, you need to run the Registory Editor under the security context of System Account. To run Registry Editor under the security context of System Account, use the following command with Psexec.exe:

Psexec.exe –s –i regedit.exe

Psexec.exe can be downloaded at the following URL: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx.

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links