Load registry hive for offline registry editing

If needing to access the registry database on a system that is no longer bootable, then one should use Windows PE or a Linux Live CD.

With REGEDT32 one can load and edit offline registry databases:
  1. Start REGEDT32
  2. Highlight the HKEY_LOCAL_MACHINE-window and select the root of the tree
  3. In the menu select "Registry" -> "Load Hive"
  4. Select the wanted registry database file:
    • [HKEY_LOCAL_MACHINE \SYSTEM] (%windir%/system32/config/system)
    • [HKEY_LOCAL_MACHINE \SOFTWARE] (%windir%/system32/config/software)
    • [HKEY_USERS \.Default] (%windir%/system32/config/default)
    • [HKEY_CURRENT_USER] (%userprofile%/ntuser.dat)
  5. When prompted for a name give it whatever name you like (etc. test1). The name will be used to create a new node in the tree so one can browse the offline registry.
  6. Go to the newly created node and edit whatever you like (The changes are written immediately to the offline registry database). One can import/export between the newly created node and the current registry just browse between the corresponding keys.
    • To export a single key(with subkeys) into a file: Select the wanted key and in the menu "Registry" use "Save Key".
    • To import a single key or tree from a file: Select the location where the key should be imported and in the menu "Registry" use "Restore". Be very careful to select the same location from which is was exported as the restore will erase everything below the import location and replace with the contents of the file.
  7. When finished editing select the newly created node and in the menu select "Registry" -> "Unload Hive"
This gives some possibilities:
  • Load another users HKEY_CURRENT_USER (ntuser.dat) and change the users settings without logging in with the user.
  • Load an offline registry database and extract settings to import in the current registry database.
  • Load an offline [HKEY_USERS \.Default] and change the login screensaver to Reset Administrator Password
  • Load and edit the registry database on a parallel installation without needing to boot it first.
  • Repair the registry without using a parallel installation:
    • Use the Recovery Console to recover from faulty registry
    • Boot Windows in safemode using the restored registry database
    • Start REGEDT32 and load the faulty registry and edit away the faults
    • Boot into the Recovery Console again to exchange the now hopefully fixed registry database back (winnt/system32/config)
    • Boot Windows and it will now be using the fixed registry database
Note WinXP has a new feature called Registry Repair and Recovery (MS KB815011) and it is usually activated when starting WinXP. But it is also activated when loading an offline hive, which can have the undesired effect that the loaded hive is modifying behind your back. One can disable this feature in WinXP SP1 in case one is afraid that the "Repair" feature will do more harm than good:

[HKEY_LOCAL_MACHINE\ System \CurrentControlSet \Control \Session Manager \Configuration Manager]
SelfHealingEnabled = 0

More Info MS KB146050

Credits jsifaq.com


  1. Ruebenkind says:

    Hey Man!
    You saved my day!
    Got an Win2K PC with a corrupt registry. Copy back the old SOFTWARE Database from the repair folder worked, but it was an old version. So I took the corrupt File and imported the hive with my XP machine. XP repaired the file and i copied it back to the win2k PC. IT WORKED !!! Thanx !! Axel

  2. Basavaraj says:

    Hello Sir good Work Thanks For Sharing This artical

  3. How to edit the registry offline using BartPE boot CD ?
    1. Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible
    2. Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
    3. From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
    4. Select the file named SOFTWARE (the file without any extensions), and click Open
    5. Type a name for the hive that you've loaded now. (Example: MyXPHive)
    6. Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
    7. In order to fix the Userinit value in the loaded hive, navigate to the following location:
    HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
    8. Double-click Userinit and set it's value correctly. Example: Set it's data as follows:
    (Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
    9. After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
    10. Quit BartPE and restart Windows. See if you're able to logon to your profile.

  4. DDJ says:

    I have tried EVERYTHING and Basavaraj Gowda's advice is the only instructions that finally worked! Whew....... I used these registry editing instructions in conjuction with Hiren Boot CD on a mini XP session instead of Bart PE.

  5. DDJ says:

    BTW, I have been to about 20 websites

  6. Takkie says:

    Oh, this is a great solution!
    I've been trying to get my buddy's computer free of a nasty virus, and accidently removed the userinit entry in the xp registry.
    Worked on it for days, since the bloody netbook doesn't have a cd-drive.

    Thank you Basavaraj Gowda! Your solution helped me save another 5 days!

  7. mrprozac says:


    Tell me about it, those netbooks are the worst to fix if you don't have the required equipement (like an USB DVD/CD-Reader, Bootable USB Stick)

    Nowadays i have to carry my notebook bag everywhere since there is a new virus on the net which changes the userinit and put limits on every account. It needs to be fixed with a bootable Windows.

    Thanks for the steps, this saved me a lot of time to figure (read: Search) it. ;)

  8. harddrive says:

    In windows xp, vista, and win 7, which is the best registry cleaner software? If you are looking for the answer, then you have come to the right place. The following are five best registry cleaner software review. Why we need windows registry cleaner software? As you know, windows registry is the heart of each computer. The longer use of computers, the more software installed, registry garbage inside the computer registry will be more. Most of the software will add unnecessary junk to the registry which makes the computer crash or slower and slower. If you have the following problem, and answered yes, then you need to clear your PC using the registry cleaner software.

  9. Richard B says:

    I can finally get some sleep tonight after finding the above info. I have been working on the following problem for days.

    I had a completely failed NT4 system due to a hard disk crash but manged to get all the data on to a new disk however the system would not start due to a corrupt "system" hive file (in the C:\winnt\system32\config directory). No ERD disk was available (surprise surprise !!).

    I used a separte XP machine to do the Regedit work on the new hard disk and managed to fix the problem. The XP "auto repair" facility sorted the corruption problem symply by loading the file as described in the above article, note however that the file time stamp is not changed when this is done.

    Anyway I can't thank you enough for your help. I would never have managed it on my own.

    Richard B.

  10. KDS says:

    Thanks for your great info. Your instructions helped me repair my XP home system.
    I thought I might add one hint that worked for me. I was able to copy the corrupt system file to a working computer and load the hive just as you instructed. Next, I Exported this new registry key (with subkeys), but had to change the File Type. By default the export was in a .reg format, I had to pick the File Type drop down and select Registry Hive (*.*).
    When I moved this file back to the corrupted computer, it booted just fine. By the way, the new system file was smaller than the original file, but that has not seemed to make any difference.
    Thanks again.

  11. hector says:

    Same here, I appreciate the clear write up. As simple as the registry seems to be, its always been a great mystery, like if its live its own world and you what you had to do but you were careful not to touch anything else even if its may you ask 'Huh, whats that?" The thing just grew and grew and unfortunately MS never provided a solution to clean it up.

    Anyway, thanks. I know now a little more about "hives"

  12. Joel says:

    I just ran across this virus as well and had to do a little work to get it back up and running.

    The user brought a computer to me with the error stating that she saw some notification and then shut down and it wouldnt come back up.

    I used these instructions to resolve the registry issue but I could not do so from the pc itself.
    Steps I performed:
    Pulled drive out and slaved to another machine.
    Opened regedit on the machine and loaded the registry hive from the slave drive. (click on hkey local machine, click file, load hive, browse to "slave drive letter"\windows\system32\config and load the SYSTEM file
    Made the required changes to the registry and unloaded the hive.

    They system came right up into safe mode after that and I was able to clean the virus from the machine.

    Thanks for the info and I hope that my issues can help anyone else who is having difficulty with this.

  13. ajay says:

    could you please tell me
    how you did that
    because I am unable to do that

  14. Jacob says:

    Awesome WOrk. Worked like a charm. Grrreat stuff

  15. Andrew B says:

    Thanks for the instructions for Win PE. However, I am trying to remove a registry key that Windows claims doesn't exist. Tried the same thing with Win PE and it also says it doesn't exist.

    I've done an sfc /scannow. Chkdsk /f and to no avail. Am I skewed and need to reload my Win 7?

  16. TheZeDD says:

    Follow Basavaraj Gowda post about using a PE, or use Hirens BootCD


    The other option you have is to either open the reg files on another computer by copying them OR slave the bad/corrutped system drive to a good computer.

    Either way, use Basavaraj steps to import your hive IF THIS IS YOUR ISSUE. Otherwise, these are still viable options for How To Fixing a Corrupted System Registry.

    More basics on the registry, names, steps to manualy fix a corrupted registry:

    - The main hives/roots of the registry are HKCR, HKLM, HKCU, HKU, HKCC.

    - The files in use (whether working or broke/corrupt) are partialy listed on the drive WITHOUT extensions as: SOFTWARE, SYSTEM, Default, SAM etc. These are usualy found in something like: C:\WINDOWS\system32\config

    - The BACKUP files (if your system is storing them, or you have chose to store them) will be found in varied formats/placements as such like:


    - When you find your backups the user hives as well will be found as such like S-15-blah-blah-blah.

    - Copy and Manualy Rename them by adding a .OLD/.NEW while you do so. When ready for a reboot, simply REMOVE the .new extension. Repeat if necessary.

    Here is microsofts direct link and a strip down version in my own words, KNOW THIS, FOLLOW THIS, DO NOT MIS PLACE IT :

    * How to recover from a corrupted registry that prevents Windows XP from starting


    FROM RECOVERY CONSOLE (if no bootdisk or similar available). I recommend a boot disk and simply do it via a simply gui of your boot disk such as Hirens BootCD or even a LINUX Recovery/BootCD but I do throw caution and thus say use Hirens/BartPE :)

    These are the steps, these show the EXACT commands you would type at a DOS type COMMAND PROMPT

    cd C:\
    cd C:\

    md TempR

    [WaRNING ... be forewarned that you could over write your EMERGENCY files if this is not done right!]

    copy c:\windows\system32\config\system c:\TmpR\system.bak
    copy c:\windows\system32\config\software c:\TmpR\software.bak
    copy c:\windows\system32\config\sam c:\TmpR\sam.bak
    copy c:\windows\system32\config\security c:\TmpR\security.bak
    copy c:\windows\system32\config\default c:\TmpR\default.bak

    THEN, copy these from one of the RPxxx restore backups in the "System Volume Information" folder, when prompted of over write type Y (yes):

    type: copy _REGISTRY_USER_.DEFAULT c:\windows\system32\config\default
    type: copy _REGISTRY_MACHINE_SAM c:\windows\system32\config\sam
    type: copy _REGISTRY_MACHINE_SECURITY c:\windows\system32\config\security
    type: copy _REGISTRY_MACHINE_SOFTWARE c:\windows\system32\config\software
    type: copy _REGISTRY_MACHINE_SYSTEM c:\windows\system32\config\system

    Note: It is possible to be locked out of the RecoveryConsole/SafeMode due to corruption, Virus, And/OR... PREDEFINED ADMINISTRATIVE SECURITY SETTINGS. See the Group Editor 'Recovery Console' gpedit.msc Policies or use a boot disk as previously stated (Hirens/Linux).

    Feel free to edit my/this info at will..... -TZ

  17. Martin says:

    Thanks a lot mate.

  18. gangster says:

    sir, i have WD sentinal dx4000 , which have 2 lan ports and 2 usb ports. lan ports are not working. There is not any display port, i want to check or edit registry . but i can view the drives on slave mode( connected externally through sata to usb cable ). is there any way to edit . or if possible then please describe.

  19. thanks for the sharing

  20. John Carter says:

    Hi, I am looking for a method to enable booting a machine when the motherboard has died. Just replacing the MB doesn't workcessfully, unless it's the exact same model as Windows won't like the MB and HDD drivers. I read about, and successfully used, a method when preparing to migrate to a new MB which consisted of replacing the custom drivers with the standard MS versions, then installing the new MB etc. Where would I look to update these entries in the registry of the now unbootable disk?Thanks, John

  21. Ehay says:

    Just fixed an old 2003 server migration, thanks!!

  22. Kayl says:

    1000 thanks !! ;)

  23. devraj says:


    I want to modify the HKCU\Policies without admin privileges.

Leave a Reply

Your email address will not be published. Required fields are marked *