Load registry hive for offline registry editing

28 February 2003 by Snakefoot | Comment » | Trackback Off
If needing to access the registry database on a system that is no longer bootable, then one should use Windows PE or a Linux Live CD.

With REGEDT32 one can load and edit offline registry databases:
  1. Start REGEDT32
  2. Highlight the HKEY_LOCAL_MACHINE-window and select the root of the tree
  3. In the menu select "Registry" -> "Load Hive"
  4. Select the wanted registry database file:
    • [HKEY_LOCAL_MACHINE \SYSTEM] (%windir%/system32/config/system)
    • [HKEY_LOCAL_MACHINE \SOFTWARE] (%windir%/system32/config/software)
    • [HKEY_USERS \.Default] (%windir%/system32/config/default)
    • [HKEY_CURRENT_USER] (%userprofile%/ntuser.dat)
  5. When prompted for a name give it whatever name you like (etc. test1). The name will be used to create a new node in the tree so one can browse the offline registry.
  6. Go to the newly created node and edit whatever you like (The changes are written immediately to the offline registry database). One can import/export between the newly created node and the current registry just browse between the corresponding keys.
    • To export a single key(with subkeys) into a file: Select the wanted key and in the menu "Registry" use "Save Key".
    • To import a single key or tree from a file: Select the location where the key should be imported and in the menu "Registry" use "Restore". Be very careful to select the same location from which is was exported as the restore will erase everything below the import location and replace with the contents of the file.
  7. When finished editing select the newly created node and in the menu select "Registry" -> "Unload Hive"
This gives some possibilities:
  • Load another users HKEY_CURRENT_USER (ntuser.dat) and change the users settings without logging in with the user.
  • Load an offline registry database and extract settings to import in the current registry database.
  • Load an offline [HKEY_USERS \.Default] and change the login screensaver to Reset Administrator Password
  • Load and edit the registry database on a parallel installation without needing to boot it first.
  • Repair the registry without using a parallel installation:
    • Use the Recovery Console to recover from faulty registry
    • Boot Windows in safemode using the restored registry database
    • Start REGEDT32 and load the faulty registry and edit away the faults
    • Boot into the Recovery Console again to exchange the now hopefully fixed registry database back (winnt/system32/config)
    • Boot Windows and it will now be using the fixed registry database
Note WinXP has a new feature called Registry Repair and Recovery (MS KB Q815011) and it is usually activated when starting WinXP. But it is also activated when loading an offline hive, which can have the undesired effect that the loaded hive is modifying behind your back. One can disable this feature in WinXP SP1 in case one is afraid that the "Repair" feature will do more harm than good:

[HKEY_LOCAL_MACHINE\ System \CurrentControlSet \Control \Session Manager \Configuration Manager]
SelfHealingEnabled = 0

More Info MS KB Q146050

Credits jsifaq.com
Tags:
Category:

Updated: 27 November 2008

Comments:

Comment by Ruebenkind - 17 March 2008 @ 23:05 Reply

Hey Man!
You saved my day!
Got an Win2K PC with a corrupt registry. Copy back the old SOFTWARE Database from the repair folder worked, but it was an old version. So I took the corrupt File and imported the hive with my XP machine. XP repaired the file and i copied it back to the win2k PC. IT WORKED !!! Thanx !! Axel

Comment by Basavaraj - 7 October 2008 @ 18:44 Reply

Hello Sir good Work Thanks For Sharing This artical

Comment by Basavaraj Gowda - 8 October 2008 @ 18:05 Reply

How to edit the registry offline using BartPE boot CD ?
1. Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible
2. Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
3. From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
C:\Windows\System32\Config\
4. Select the file named SOFTWARE (the file without any extensions), and click Open
5. Type a name for the hive that you’ve loaded now. (Example: MyXPHive)
6. Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
7. In order to fix the Userinit value in the loaded hive, navigate to the following location:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
8. Double-click Userinit and set it’s value correctly. Example: Set it’s data as follows:
C:\Windows\System32\Userinit.exe,
(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
9. After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It’s important to note that you’ll need to select the MyXPHive branch first, before unloading it.
10. Quit BartPE and restart Windows. See if you’re able to logon to your profile.

Comment by DDJ - 12 February 2010 @ 21:21 Reply

I have tried EVERYTHING and Basavaraj Gowda’s advice is the only instructions that finally worked! Whew……. I used these registry editing instructions in conjuction with Hiren Boot CD on a mini XP session instead of Bart PE.

Comment by DDJ - 12 February 2010 @ 21:22 Reply

BTW, I have been to about 20 websites

Comment by Takkie - 6 May 2010 @ 2:40 Reply

Oh, this is a great solution!
I’ve been trying to get my buddy’s computer free of a nasty virus, and accidently removed the userinit entry in the xp registry.
Worked on it for days, since the bloody netbook doesn’t have a cd-drive.

Thank you Basavaraj Gowda! Your solution helped me save another 5 days!

Comment by mrprozac - 22 May 2010 @ 14:33 Reply

@Takkie

Tell me about it, those netbooks are the worst to fix if you don’t have the required equipement (like an USB DVD/CD-Reader, Bootable USB Stick)

Nowadays i have to carry my notebook bag everywhere since there is a new virus on the net which changes the userinit and put limits on every account. It needs to be fixed with a bootable Windows.

Thanks for the steps, this saved me a lot of time to figure (read: Search) it. ;)

Comment by harddrive - 8 August 2010 @ 11:32 Reply

In windows xp, vista, and win 7, which is the best registry cleaner software? If you are looking for the answer, then you have come to the right place. The following are five best registry cleaner software review. Why we need windows registry cleaner software? As you know, windows registry is the heart of each computer. The longer use of computers, the more software installed, registry garbage inside the computer registry will be more. Most of the software will add unnecessary junk to the registry which makes the computer crash or slower and slower. If you have the following problem, and answered yes, then you need to clear your PC using the registry cleaner software.

Leave a comment


NB! Use the Forum for computer help and off-topic questions.

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>