- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
If a computer no longer boots up, often a rogue Registry setting is the culprit. In these cases you need an offline Registry editor, that is you have to edit the Registry from a second installation. Although there are third party offline Registry editors, you can use regedit as an offline Registry editor. The procedure described here also works with Windows PE (Windows Preinstallation Environment) or Windows RE (Windows Recovery Environment).
Prepare Windows RE or Windows PE
- Windows RE: You only need a Windows 7 or Windows Vista installation DVD. After you boot from the DVD, click "Next," then click "Repair your computer," then click "Next" (Use recovery tools), and then "Command Prompt."
- Windows PE: You can also use Windows PE to launch an offline Registry editor. Check out my article about creating a bootable WinPE USB flash drive for more information.
Use regedit as offline Registry editor
- Launch regedit on the command prompt.
- Click HKEY_LOCAL_MACHINE.
- In the File menu, click "Load Hive."
- Open the database file that contains the Registry hive you need:
- HKEY_LOCAL_MACHINE \SAM = %windir%\system32\config\SAM
- HKEY_LOCAL_MACHINE \SYSTEM = %windir%\system32\config\SYSTEM
- HKEY_LOCAL_MACHINE \SOFTWARE = %windir%\system32\config\SOFTWARE
- HKEY_USERS \.Default = %windir%\system32\config\DEFAULT
- HKEY_CURRENT_USER = %userprofile%\ntuser.dat
- Enter an arbitrary key name when prompted. A new node with your key name appears under HKEY_LOCAL_MACHINE.
- Edit the Registry entries in the new node.
- Click the root folder of your node, and then click "Unload hive" in the File menu. Your changes will be written to the offline Registry.
Note that you can import and export .reg files to the offline Registry edtior. This allows you to use Registry settings from another machine for troubleshooting purposes.
Also note that this procedure can be used to edit the settings of a user profile without logging on with the corresponding user account. In one of my next posts, I will show you how you can—through offline Registry editor—access a computer where you have forgotten the administrator password, without requiring third-party software.
step 4: how to open the database file?
which of the five is correct?
i clicked on file, load hive i got the look in with all names and dll but nothing that looks like step4
david, it depends on which Registry hive you want to edit. If you want to edit the Software hive you have to open C:\system32\config\SOFTWARE.
Can’t do it
Nice article.
I discovered that you can change the account type of (yourself) to a non privileged account without any admin account be enabled. This leaves the machine with no admin abilities. Can’t uninstall, install. Personally I think this should not be allowed for machines that aren’t members of a domain. It requires a trick like this to regain control of the machine. This tip absolutely works. Here is an idea for the next time you are bored, write an article on how to change your local account from standard use back to admin from an offline registry editing session such as this. (what value equals admin account on a users account) Anyway, than for the article. it’s the only one that exactly answered my unique problem. I was going to just to an offline restore, to regain control. This is cleaner in my opinion.
After step 3, a SOURCES dialog opens up with some folders and many .dll files. There is nowhere to click on a system32/config/SAM database or anything like that in the SOURCES dialog. It gives a box to enter a name. So you are stuck there – you can’t go anywhere else but that dialog unless you type in a name or close it. So it is a circular problem.
This was for the SAM option, on Vista Business edition.
Any advice?
You just need to navigate to the file using the explorer window you’re talking about that pops up. Example: C:\windows\system32\config\SAM and double click it. Nice a simple!
I am trying to fix win7 Black Screen issues.
tried Prevx fixes but I could not get the Task Manager.
So, I am trying to manually fix the registry WINLOGON under local machine in Registry. But every time I change the Shell Value to explorer.exe. it does not show any error. But when I restart the changes never takes place.
Please help
lease email me if you wish to…
Thanks alot! Solve problem with trojan.
It Worked! you are the Man!
my employer put industrial computers in the equipment we sell, and the filesystems of the disks often crash. i have used other tools to peruse the registry files of such machines, but had little luck exporting regkeys to files for recovery. this is *exactly* what i was looking for. and what better way to work in the registry than with the official tool?
thx!
Wonderful article indeed, but what if you get this message when you try to hiv the reg.
cannot load x:\WINDOWS32\CONFIG\SAM: The process cannot access the file because it is being used by another process.
I went through the forum but got no answer to this question, i guess someone asked the same in short, he also left without answer till now, any help will be appriciated.
Thank you
I figured it out, this is because the system was not in C: drive it was on d so i had to locate manually where the directory is then the rest continued smothly,
Thank you.
I still haven’t gotten past the error. It appears that the registry loads the same no matter where I run it from. My system drive is D as well, I just get a slew of new errors.
I figured out that I needed to reboot before trying the registry from a different location. Go figure, the most obvisous solution is so often over looked. However, my registry shows 10 in the place where I am supposed to place 10, so back to the drawing board.
Oh good grief, chalk it up to frustration and having EVP’s breathing down your neck. I got it, for anyone else who leaps before you look, stick with it, this is a great solution to a most frustrating problem.
Thanks for this nice. Made my day 😉
Hi sir, my problem is my system is in d drive but still i cant load the hive i want sam and software.. im trying to recover my password manually w/out installing a fresh copy of windows 7..
btw the error is always cannot load d:\windir\system32\config\sam or software: the process is used blah blah blah…
Thanks a lot! You saved me…
I infortunately have blocked the system, masking the administrative account with a stupid advice using regedit (HKEY_LOCAL_MACHINE\SOFTWARE\…\Winlogon\SpecialAccounts) loosing the power user account…
The only thing not to forget is to point correctly the drive C when entering the path at “Loading hive”.
Great !!!
same query was doing work on about 16 pc’s only one would load the hive the rest stated as a few did above like Mikoy who stated ”
btw the error is always cannot load d:\windir\system32\config\sam or software: the process is used blah blah blah…”
even got this on a clean install pc’ so I am scratching my head looking for advice
I have a dual-boot XP machine where kaspersky has disabled the XP64 mouse and keyboard at login page. I can still get into the xp32 side, and see all the 32 and 64 files on both drives. When I load the system recovery part of the Xp64 install, I get into the C:/WINDOWS prompt ok, and DIR shows regedit, but when I try and run it I get unrecognised command error. Could you clarify line 1 of the instructions ‘launch regedit on the command line prompt’. What exactly is the syntax you have to type at the prompt? Thsnks
Thanks !!! This is what I was looking for a long time.
I’m guessing that the “regedit.exe” starts from “boot-dvd” with a certain parameter, which allows to load/save hive files.
Is it possible to run regedit.exe on any computer with Windows XP/Vista/7, with this parameter ? Or maybe in mini WinXP from hiren`s bootCD ?
Thank you it saved our live.
My son changed himself to administrator and he forgot his password so now when I get on my account, I can’t do nothing. It keeps wanting his password so I can’t even get on Internet.
The correct path is not C:\system32\config\SOFTWARE but C:\Windows\system32\config\SOFTWARE.
(It is unlikely, but if -STILL- using Windows 2000 (any version), the \Windows\ part, in the path above, needs to be replaced with \WINNT\