Regedit as offline Registry editor

In this article you will learn how to use Windows tool regedit as an offline registry editor. All you need is a second Windows installation or a Windows PE boot stick.

Michael PietroforteMVP By Michael Pietroforte - Thu, August 5, 2010 - 24 comments google+ icon

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in system administration.

If a computer no longer boots up, often a rogue Registry setting is the culprit. In these cases you need an offline Registry editor, that is you have to edit the Registry from a second installation.  Although there are third party offline Registry editors, you can use regedit as an offline Registry editor. The procedure described here also works with Windows PE (Windows Preinstallation Environment) or Windows RE (Windows Recovery Environment).

Prepare Windows RE or Windows PE

  • Windows RE: You only need a Windows 7 or Windows Vista installation DVD. After you boot from the DVD, click “Next,” then click “Repair your computer,” then click “Next” (Use recovery tools), and then “Command Prompt.”

Offline Registry Editor - Windows RE

  • Windows PE: You can also use Windows PE to launch an offline Registry editor. Check out my article about creating a bootable WinPE USB flash drive for more information.

Use regedit as offline Registry editor

  1. Launch regedit on the command prompt.
  2. Click HKEY_LOCAL_MACHINE.
  3. In the File menu, click “Load Hive.”
  4. Open the database file that contains the Registry hive you need:
    • HKEY_LOCAL_MACHINE \SAM = %windir%\system32\config\SAM
    • HKEY_LOCAL_MACHINE \SYSTEM = %windir%\system32\config\SYSTEM
    • HKEY_LOCAL_MACHINE \SOFTWARE = %windir%\system32\config\SOFTWARE
    • HKEY_USERS \.Default = %windir%\system32\config\DEFAULT
    • HKEY_CURRENT_USER = %userprofile%\ntuser.dat
  5. Enter an arbitrary key name when prompted. A new node with your key name appears under HKEY_LOCAL_MACHINE.  Offline Registry Editor - Load Hive
  6. Edit the Registry entries in the new node.  Offline Registry Editor - Edit Hive
  7. Click the root folder of your node, and then click “Unload hive” in the File menu. Your changes will be written to the offline Registry.

Note that you can import and export .reg files to the offline Registry edtior. This allows you to use Registry settings from another machine for troubleshooting purposes.

Also note that this procedure can be used to edit the settings of a user profile without logging on with the corresponding user account. In one of my next posts, I will show you how you can—through offline Registry editor—access a computer where you have forgotten the administrator password, without requiring third-party software.

-1+1 (+1 rating, 1 votes)
Loading ... Loading ...
Your question wasn't answered? Ask in the new 4sysops forum!

24 Comments- Leave a Reply

  1. david says:

    step 4: how to open the database file?
    which of the five is correct?

    i clicked on file, load hive i got the look in with all names and dll but nothing that looks like step4

  2. david, it depends on which Registry hive you want to edit. If you want to edit the Software hive you have to open C:\system32\config\SOFTWARE.

  3. Josh says:

    Can’t do it

  4. Nice article.
    I discovered that you can change the account type of (yourself) to a non privileged account without any admin account be enabled. This leaves the machine with no admin abilities. Can’t uninstall, install. Personally I think this should not be allowed for machines that aren’t members of a domain. It requires a trick like this to regain control of the machine. This tip absolutely works. Here is an idea for the next time you are bored, write an article on how to change your local account from standard use back to admin from an offline registry editing session such as this. (what value equals admin account on a users account) Anyway, than for the article. it’s the only one that exactly answered my unique problem. I was going to just to an offline restore, to regain control. This is cleaner in my opinion.

  5. Donna says:

    After step 3, a SOURCES dialog opens up with some folders and many .dll files. There is nowhere to click on a system32/config/SAM database or anything like that in the SOURCES dialog. It gives a box to enter a name. So you are stuck there – you can’t go anywhere else but that dialog unless you type in a name or close it. So it is a circular problem.

    This was for the SAM option, on Vista Business edition.

    Any advice?

  6. Johnny Jay says:

    You just need to navigate to the file using the explorer window you’re talking about that pops up. Example: C:\windows\system32\config\SAM and double click it. Nice a simple!

  7. David Solomon says:

    I am trying to fix win7 Black Screen issues.

    tried Prevx fixes but I could not get the Task Manager.

    So, I am trying to manually fix the registry WINLOGON under local machine in Registry. But every time I change the Shell Value to explorer.exe. it does not show any error. But when I restart the changes never takes place.

    Please help

    lease email me if you wish to…

  8. Alex Shagin says:

    Thanks alot! Solve problem with trojan.

  9. Mikey Mike says:

    It Worked! you are the Man!

  10. p. long says:

    my employer put industrial computers in the equipment we sell, and the filesystems of the disks often crash. i have used other tools to peruse the registry files of such machines, but had little luck exporting regkeys to files for recovery. this is *exactly* what i was looking for. and what better way to work in the registry than with the official tool?

    thx!

  11. Shams says:

    Wonderful article indeed, but what if you get this message when you try to hiv the reg.
    cannot load x:\WINDOWS32\CONFIG\SAM: The process cannot access the file because it is being used by another process.
    I went through the forum but got no answer to this question, i guess someone asked the same in short, he also left without answer till now, any help will be appriciated.
    Thank you

  12. Shams says:

    I figured it out, this is because the system was not in C: drive it was on d so i had to locate manually where the directory is then the rest continued smothly,
    Thank you.

  13. Brian says:

    I still haven’t gotten past the error. It appears that the registry loads the same no matter where I run it from. My system drive is D as well, I just get a slew of new errors.

  14. Brian says:

    I figured out that I needed to reboot before trying the registry from a different location. Go figure, the most obvisous solution is so often over looked. However, my registry shows 10 in the place where I am supposed to place 10, so back to the drawing board.

  15. Brian says:

    Oh good grief, chalk it up to frustration and having EVP’s breathing down your neck. I got it, for anyone else who leaps before you look, stick with it, this is a great solution to a most frustrating problem.

  16. Ulrich says:

    Thanks for this nice. Made my day ;)

  17. mikoy says:

    Hi sir, my problem is my system is in d drive but still i cant load the hive i want sam and software.. im trying to recover my password manually w/out installing a fresh copy of windows 7..

  18. mikoy says:

    btw the error is always cannot load d:\windir\system32\config\sam or software: the process is used blah blah blah…

  19. Bernard says:

    Thanks a lot! You saved me…

    I infortunately have blocked the system, masking the administrative account with a stupid advice using regedit (HKEY_LOCAL_MACHINE\SOFTWARE\…\Winlogon\SpecialAccounts) loosing the power user account…

    The only thing not to forget is to point correctly the drive C when entering the path at “Loading hive”.

    Great !!!

  20. Robert says:

    same query was doing work on about 16 pc’s only one would load the hive the rest stated as a few did above like Mikoy who stated ”
    btw the error is always cannot load d:\windir\system32\config\sam or software: the process is used blah blah blah…”

    even got this on a clean install pc’ so I am scratching my head looking for advice

  21. steve says:

    I have a dual-boot XP machine where kaspersky has disabled the XP64 mouse and keyboard at login page. I can still get into the xp32 side, and see all the 32 and 64 files on both drives. When I load the system recovery part of the Xp64 install, I get into the C:/WINDOWS prompt ok, and DIR shows regedit, but when I try and run it I get unrecognised command error. Could you clarify line 1 of the instructions ‘launch regedit on the command line prompt’. What exactly is the syntax you have to type at the prompt? Thsnks

  22. buckya says:

    Thanks !!! This is what I was looking for a long time.
    I’m guessing that the “regedit.exe” starts from “boot-dvd” with a certain parameter, which allows to load/save hive files.
    Is it possible to run regedit.exe on any computer with Windows XP/Vista/7, with this parameter ? Or maybe in mini WinXP from hiren`s bootCD ?

  23. Peter Pansen says:

    Thank you it saved our live.

  24. Constance Stephens says:

    My son changed himself to administrator and he forgot his password so now when I get on my account, I can’t do nothing. It keeps wanting his password so I can’t even get on Internet.

===Leave a Comment===

Login

Lost your password?