Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The SAM key contains information used by the Security Accounts Manager. Servers that are running Windows Server 2003 and are acting as domain controllers use this key to store user and group information pertaining to the directory service restore mode. Domain controllers maintain domain user and group information in Active Directory to manage user security. However, Windows NT 4.0 and earlier, as well as Windows Server 2003s that are not part of a Windows Server 2003 domain, use SAM. All the data in this key is in binary form.
The HKLM\SECURITY\SAM subkey stores a duplicate of the information in this key.
The information in the SAM key is not viewable by users of Windows XP Professional, and should not be edited directly in Windows Server 2003.
To change the values of the entries in this key, use Active Directory.
Do not alter or add entries in the SAM key. Doing so could prevent users from logging on to the domain or their computers, and it could require you to restore your entire system.