HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018

[armsys]

Referring to HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018\Software\Classes
does S-1-5-21-83194588-1107328243-1373009395-1018 identify any particular computer? What's the meaning of the S-1-5-21-83194588-1107328243-1373009395-1018?

[HansV]

S-1-5-21-83194588-1107328243-1373009395-1018 refers to one of the user accounts - it is the internal security identifier that won't change even if you change the username.

S-1-5-18 is 'Local System'.
S-1-5-19 is 'NT authority - local service'.
S-1-5-20 is 'NT authority - network service'.
These accounts are used by the operating system.
The long user IDs are actual users, such as you. To find out which one you are, look at HKEY_CURRENT_USERS\Identities and compare the Default User ID to those under HKEY_USERS.

[armsys]

Hi HansV,
Thanks for your useful help.
Looking up http://support.microsoft.com/kb/243330" onclick="window.open(this.href);return false;, S-1-5-21 turns out to be a guest.
Does exposing, say, HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018 facilitate hacker attacks and thus pose a security concern?

[HansV]

No, I don't think so. The currently active user is always HKEY_CURRENT_USER, regardless of its security identifier. Hackers don't have to take any guesses about that.

[armsys]

Hans,
Thanks.

[JoeP]

The SID you've listed is your user account. The guest account would end in 501. A domain guest account would end in 514.

Joe

[armsys]

Hi Joe,
Thanks for your quick help. Do you mean 1018 signify a user account?

[JoeP]

Not necessarily. It can be a user or group. See Wikipedia - Windows SID, Describe the Windows SID, and Technet - SID structure.

Joe

[armsys]

Joe,
Thanks for the extensive links.