The SAM key contains information used by the Security Accounts Manager. Windows 2000 severs acting as domain controllers use this key to store user and group information pertaining to the directory service restore mode. Domain controllers maintain domain user and group information in Active Directory to manage user security. However, Windows NT 4.0 and earlier, as well as Windows 2000 servers that are not part of a Windows 2000 domain, use SAM. All the data in this key is in binary form.
The HKLM\SECURITY\SAM subkey stores a duplicate of the information in this key.
The information in the SAM key is not viewable by users of Windows 2000 Professional, and should not be edited directly in Windows 2000 Server.
In Windows 2000, Active Directory tools maintain the information held in this key. In Windows NT 4.0, use the tools designed for User Manager or User Manager for Domains.
Do not alter or add entries in the SAM key. Doing so could prevent users from logging on to the domain or their computers, and it could require you to restore your entire system.