Load registry hive for offline registry editing

28 February 2003 by Snakefoot | Comment » | Trackback Off
With REGEDT32 one can load and edit offline registry databases:
  1. Start REGEDT32
  2. Highlight the HKEY_LOCAL_MACHINE-window and select the root of the tree
  3. In the menu select "Registry" -> "Load Hive"
  4. Select the wanted registry database file:
    • [HKEY_LOCAL_MACHINE \SYSTEM] (winnt/system32/config/system)
    • [HKEY_LOCAL_MACHINE \SOFTWARE] (winnt/system32/config/software)
    • [HKEY_USERS \.Default] (winnt/system32/config/default)
    • [HKEY_CURRENT_USER] (profile/ntuser.dat)
  5. When prompted for a name give it whatever name you like (etc. test1). The name will be used to create a new node in the tree so one can browse the offline registry.
  6. Go to the newly created node and edit whatever you like (The changes are written immediately to the offline registry database). One can import/export between the newly created node and the current registry just browse between the corresponding keys.
    • To export a single key(with subkeys) into a file: Select the wanted key and in the menu "Registry" use "Save Key".
    • To import a single key or tree from a file: Select the location where the key should be imported and in the menu "Registry" use "Restore". Be very careful to select the same location from which is was exported as the restore will erase everything below the import location and replace with the contents of the file.
  7. When finished editing select the newly created node and in the menu select "Registry" -> "Unload Hive"
This gives some possibilities:
  • Load another users HKEY_CURRENT_USER (ntuser.dat) and change the users settings without logging in with the user.
  • Load an offline registry database and extract settings to import in the current registry database.
  • Load an offline [HKEY_USERS \.Default] and change the login screensaver to Reset Administrator Password
  • Load and edit the registry database on a parallel installation without needing to boot it first.
  • Repair the registry without using a parallel installation:
    • Use the Recovery Console to recover from faulty registry
    • Boot Windows in safemode using the restored registry database
    • Start REGEDT32 and load the faulty registry and edit away the faults
    • Boot into the Recovery Console again to exchange the now hopefully fixed registry database back (winnt/system32/config)
    • Boot Windows and it will now be using the fixed registry database
Note WinXP has a new feature called Registry Repair and Recovery (MS KB Q815011) and it is usually activated when starting WinXP. But it is also activated when loading an offline hive, which can have the undesired effect that the loaded hive is modifying behind your back. One can disable this feature in WinXP SP1 in case one is afraid that the "Repair" feature will do more harm than good:

[HKEY_LOCAL_MACHINE\ System \CurrentControlSet \Control \Session Manager \Configuration Manager]
SelfHealingEnabled = 0

More Info MS KB Q146050

Credits jsifaq.com
Tags:
Category:

Updated: 23 September 2007

Comments:

Comment by Ruebenkind - 17 March 2008 @ 23:05 Reply

Hey Man!
You saved my day!
Got an Win2K PC with a corrupt registry. Copy back the old SOFTWARE Database from the repair folder worked, but it was an old version. So I took the corrupt File and imported the hive with my XP machine. XP repaired the file and i copied it back to the win2k PC. IT WORKED !!! Thanx !! Axel

Leave a comment


You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>