0
votes

Ok so I know that the Registry key "HKEY_CURRENT_USER" is actually just a redirection to subkey, for example, HKEY_USERS\S-1-5-21-xxxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxxx-1001

What I can't quite figure out is how any user reading the registry can establish what their "own" S-1-5-21-xxxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxxx-yyyy value is. I don't see an obvious location in HKEY_CURRENT_USER from which to read it so... yeah ... where?

The closest I can see that might work is to go to HKEY_CURRENT_USER and go to subkey "Volatile Environment" and read USERPROFILE from there, but it would mean that I would then have to look at every subkey "\Volatile Environment" in HKEY_USERS until I find the one with USERPROFILE matching the one in HKEY_CURRENT_USER\Volatile Enviroment.

If I HAVE to I'll do that but is there really no more direct way?

1

1 Answers

0
votes

In C#....

var user = WindowsIdentity.GetCurrent().User; 
string sid = UserPrincipal.Current.Sid.ToString();

sid contains the sid used in HKEY_USERS