Windows NT HKEY_USERS registry hive keeps all the user-specific data required by the operating system and applications. That includes things like screen saver, fonts, folder view preferences, event sounds, and the list of recent Start/Run entries. Directly under the HKU key is a set of keys that represent all the user names created on the system. There is also a .DEFAULT key under HKU that contains the settings that will be used when a new user is created. The .DEFAULT settings are also used when no user is logged into NT. The .DEFAULT profile is used while the NT Alt-Ctl-Del logon message is displayed. Changing the color scheme under .DEFAULT will change the color scheme used for logons. The default logon screen saver is the blank screen saver. Probably best to leave it asis.

HKU doesn't identify keys by user names except through the creation of HKEY_CURRENT_USER db view. HKU assigns unique numbers to each user when the user's account is created. For example, the Administrator account number on one NT system is S-1-5-21-1255497644-172053269-203352104-500, but it won't be the same on any other system. All security access control in NT is actually keyed to security IDs. The last portion of the SID for the builtin Administrator account is always 500, making it impossible to hide which account is the builtin Administrator account. See SID.

Covers NT4 & NT2000. 3Ps covered well: policies, permissions, profiles.

A must have for NT administrators in corporate or governmental organizations or anyone being audited by a large outside audit firm.
It is not a secrets type guide but it has excellent sound advice and its used by PriceWaterhouse's auditors as a guide.