The SAM subkey contains information used by the Security Accounts Manager. Windows 2000 severs acting as domain controllers use this subkey to store user and group information pertaining to the directory service restore mode. Domain controllers maintain domain user and group information in Active Directory to manage user security. However, Windows NT 4.0 and earlier, as well as Windows 2000 servers that are not part of a Windows 2000 domain, use SAM. All the data in this key is in binary form.

The HKLM\SECURITY\SAM subkey stores a duplicate of the information in this subkey.

The information in the SAM subkey is not viewable by users of Windows 2000 Professional, and should not be edited directly in Windows 2000 Server.

Change method

In Windows 2000, Active Directory tools maintain the information held in this subkey. In Windows NT 4.0, use the tools designed for User Manager or User Manager for Domains.

Caution Image Caution

Do not alter or add entries in the SAM subkey. Doing so could prevent users from logging on to the domain or their computers, and it could require you to restore your entire system.