BLUF
Before I give the BLUF, allow me to address a departure from previous behaviour. I’m not a fan of click-baity stories that make readers read a full post before they get to the point, so in the past I have usually provided a TL;DR at the start of my posts, but I think by convention they are meant to go at the end of an article. For that reason I’m switching up initialisms. The BLUF (Bottom Line Up Front) is my new TL;DR because it’s meant to go at the start, and by goodness, do I believe you should not have to scroll very far to find the point of any particular post!
Obviously I go into more detail as to my journey of finding the knowledge I’m about to reveal, and I would prefer if you took that journey with me, but I get it, you’re busy, so here it is:
In order to get the account creation date for a user account on Windows you need to navigate to the registry key located at:
C:\Windows\system32\config\SAM: [ROOT]\SAM\Domains\Account\Users\NamesOnce there you will see a list of the user name accounts on the system and if you locate the user name you’re interested in, for example “testuser1”, and then check the “Last Written Date” for that folder it will correlate to the user creation date (on that specific computer).
It is an exercise left to the reader as to how to get one’s hands on the SAM file.
Continue reading “The Time of Creation: A Descent into Insanity; or, Where is the Creation Date for a Windows User Account Stored in the Registry”