SAM

The key HKLM\SAM\SAM is a link to HKLM\SECURITY\SAM. You learn about the SECURITY subkey in the next section. This key is where the Security Account Manager (SAM) creates the local computer's security database. Examining the contents of this key is interesting, but you can't customize it. You're better off managing local security using the User Accounts dialog box.

Windows XP protects the SAM key by preventing access to it. The key's access control list (ACL) doesn't even allow the Administrators group to read its contents, much less members of the Users or Power Users groups. You can give yourself Read permission to view the key, however, if you're a member of the Administrators group, because this group owns the SAM key. If you want to tour this key, do it on a lab computer. Don't tamper with the SAM key on a production computer. To give yourself Read permission, select HKLM\SAM\SAM; click Edit, Permissions; select the Administrators group; and then select the Read check box in the Allow column. If you don't have a lab computer available, just look at Figure C-1, which shows the contents of this key.

Figure C-1: You can't normally see the contents of the SAM key, but this figure shows what you do see if you give the Administrators group permission to read it.

The key HKLM\SAM\SAM\Domains contains two subkeys. The first subkey, Account, describes local computer accounts, user accounts, and groups. The second subkey, Builtin, describes built-in accounts and groups. You manage these subkeys using the User Accounts dialog box. Both subkeys contain the same three subkeys: Aliases, Groups, and Users. These subkeys define the computer's local accounts and membership in the computer's local groups.