Subscribe via e-mail: If a computer no longer boots up, often a rogue Registry setting is the culprit. In these cases you need an offline Registry editor, that is you have to edit the Registry from a second installation. Although there are third party offline Registry editors, you can use regedit as an offline Registry editor. The procedure described here also works with Windows PE (Windows Preinstallation Environment) or Windows RE (Windows Recovery Environment).
Prepare Windows RE or Windows PE
- Windows RE: You only need a Windows 7 or Windows Vista installation DVD. After you boot from the DVD, click “Next,” then click “Repair your computer,” then click “Next” (Use recovery tools), and then “Command Prompt.”
- Windows PE: You can also use Windows PE to launch an offline Registry editor. Check out my article about creating a bootable WinPE USB flash drive for more information.
Use regedit as offline Registry editor
- Launch regedit on the command prompt.
- Click HKEY_LOCAL_MACHINE.
- In the File menu, click “Load Hive.”
- Open the database file that contains the Registry hive you need:
- HKEY_LOCAL_MACHINE \SAM = %windir%\system32\config\SAM
- HKEY_LOCAL_MACHINE \SYSTEM = %windir%\system32\config\SYSTEM
- HKEY_LOCAL_MACHINE \SOFTWARE = %windir%\system32\config\SOFTWARE
- HKEY_USERS \.Default = %windir%\system32\config\DEFAULT
- HKEY_CURRENT_USER = %userprofile%\ntuser.dat
- Enter an arbitrary key name when prompted. A new node with your key name appears under HKEY_LOCAL_MACHINE.
- Edit the Registry entries in the new node.
- Click the root folder of your node, and then click “Unload hive” in the File menu. Your changes will be written to the offline Registry.
Note that you can import and export .reg files to the offline Registry edtior. This allows you to use Registry settings from another machine for troubleshooting purposes.
Also note that this procedure can be used to edit the settings of a user profile without logging on with the corresponding user account. In one of my next posts, I will show you how you can—through offline Registry editor—access a computer where you have forgotten the administrator password, without requiring third-party software.
step 4: how to open the database file?
which of the five is correct?
i clicked on file, load hive i got the look in with all names and dll but nothing that looks like step4
david, it depends on which Registry hive you want to edit. If you want to edit the Software hive you have to open C:\system32\config\SOFTWARE.
Can’t do it
Nice article.
I discovered that you can change the account type of (yourself) to a non privileged account without any admin account be enabled. This leaves the machine with no admin abilities. Can’t uninstall, install. Personally I think this should not be allowed for machines that aren’t members of a domain. It requires a trick like this to regain control of the machine. This tip absolutely works. Here is an idea for the next time you are bored, write an article on how to change your local account from standard use back to admin from an offline registry editing session such as this. (what value equals admin account on a users account) Anyway, than for the article. it’s the only one that exactly answered my unique problem. I was going to just to an offline restore, to regain control. This is cleaner in my opinion.
After step 3, a SOURCES dialog opens up with some folders and many .dll files. There is nowhere to click on a system32/config/SAM database or anything like that in the SOURCES dialog. It gives a box to enter a name. So you are stuck there – you can’t go anywhere else but that dialog unless you type in a name or close it. So it is a circular problem.
This was for the SAM option, on Vista Business edition.
Any advice?
You just need to navigate to the file using the explorer window you’re talking about that pops up. Example: C:\windows\system32\config\SAM and double click it. Nice a simple!
I am trying to fix win7 Black Screen issues.
tried Prevx fixes but I could not get the Task Manager.
So, I am trying to manually fix the registry WINLOGON under local machine in Registry. But every time I change the Shell Value to explorer.exe. it does not show any error. But when I restart the changes never takes place.
Please help
lease email me if you wish to…
Thanks alot! Solve problem with trojan.
It Worked! you are the Man!
my employer put industrial computers in the equipment we sell, and the filesystems of the disks often crash. i have used other tools to peruse the registry files of such machines, but had little luck exporting regkeys to files for recovery. this is *exactly* what i was looking for. and what better way to work in the registry than with the official tool?
thx!
Wonderful article indeed, but what if you get this message when you try to hiv the reg.
cannot load x:\WINDOWS32\CONFIG\SAM: The process cannot access the file because it is being used by another process.
I went through the forum but got no answer to this question, i guess someone asked the same in short, he also left without answer till now, any help will be appriciated.
Thank you
I figured it out, this is because the system was not in C: drive it was on d so i had to locate manually where the directory is then the rest continued smothly,
Thank you.
I still haven’t gotten past the error. It appears that the registry loads the same no matter where I run it from. My system drive is D as well, I just get a slew of new errors.
I figured out that I needed to reboot before trying the registry from a different location. Go figure, the most obvisous solution is so often over looked. However, my registry shows 10 in the place where I am supposed to place 10, so back to the drawing board.
Oh good grief, chalk it up to frustration and having EVP’s breathing down your neck. I got it, for anyone else who leaps before you look, stick with it, this is a great solution to a most frustrating problem.
Thanks for this nice. Made my day