How to edit & modify the Windows Registry OFFLINE

If your system is no longer bootable due to a virus attack or for some other reason (e.g. after you change SATA controller mode in BIOS or Motherboard) then you have to use an offline registry editor to make the appropriate modifications in Windows registry in order to boot Windows normally. This article contains detailed instructions on how to load and edit Windows registry without booting to Windows (Unbootable Windows system).

How to modify Windows Registry OFFLINE

To modify Registry offline you need an OFFLINE registry Editor. For this task, I prefer to use two offline registry editors. One of them can be found in the Windows Recovery Environment on any Windows 7 or Windows Vista installation DVD and the other can be found on the Hiren's boot CD. So let's start.

• Method 1: Offline Modify Registry using Windows Installation DVD
• Method 2: Offline Modify Registry using Hiren's BOOTCD.

Method 1: Modify Registry OFFLINE using Windows Installation DVD.

1. Place the Windows Installation DVD on your CD/DVD drive and boot your computer from the Windows installation DVD.

Notice:  In order to boot from the DVD, you must set the CD/DVD device as the first boot device in BIOS settings. To do that:

1. Power On your computer and press "DEL" or "F1" or "F2" or "F10" to enter BIOS (CMOS) setup utility.
   (The way to enter into BIOS Settings depends on the computer manufacturer).
2. Inside BIOS menu, find the "Boot Order" setting.
   (This setting is commonly found inside "Advanced BIOS Features" menu).
3. At “Boot Order” setting, set the CD/DVDRW device as the first boot device.
4. Save and exit from BIOS settings.

2.  At the first screen press Next.

3. At the next screen, select "Repair your computer".

4. At System Recovery Options (1st screen) click Next.

5. At Choose a recovery tool screen, choose Command Prompt.

6. At command window, type "regedit" (without quotes) & press Enter.

In Registry Editor:

7. Highlight the HKEY_LOCAL_MACHINE key.

8. From File menu, select Load Hive to load the offline registry file you need.

HKEY_LOCAL_MACHINE \SAM >  %windir%\system32\config\SAM
HKEY_LOCAL_MACHINE \SYSTEM > %windir%/system32/config/system
[HKEY_LOCAL_MACHINE \SOFTWARE > %windir%/system32/config/software
HKEY_USERS \.Default] > %windir%/system32/config/default
HKEY_CURRENT_USER > %userprofile%/ntuser.dat

e.g. If you want to modify the SYSTEM registry database then navigate to the disk where Windows installed on (commonly on disk "C:") and open the system file found in "%Windir%\system32\config" directory. (e.g. "C:Windows\system32\config\system")

9. Then type a Key Name for the offline registry database (e.g. "Offline") and press OK.

10. Now under the HKEY_LOCAL_MACHINE key, you should have a new key, named after the name you typed previously (e.g. 'Offline" in this example).

11. Now perform all the modifications you want under this key. When you finish with the modifications, highlight the key you created previously (e.g. the "Offline"key ) and from the File menu, choose Unload Hive to write back the changes you made to the offline Registry.

12. Close the Registry editor, the Command prompt window and Restart the computer.

13. Remove the Windows Installation DVD from the CD/DVD drive and let Windows start normally.

Method 2: Modify Registry OFFLINE using Hiren's BOOTCD.

Step 1. Download Hiren’s BootCD

1. Download Hiren’s BootCD to your computer.*

* Hiren’s BootCD Official Download page: http://www.hirensbootcd.org/download/

Scroll the page down and click on “Hirens.BootCD.15.2.zip” )

2. When the Download is complete, right-click on “Hirens.BootCD.15.2.zip” file to extract it.

Step 2: Burn Hirens BootCD into an optical disk.

Note: If you don't have a CD/DVD drive on your computer (e.g. if you own a netbook) then follow this guide: How to put Hirens BootCD into a USB stick.

1. In “Hirens.BootCD.15.2” folder, find the “Hiren's.BootCD.15.2.ISO” disc Image file and burn it to a CD.

Step 3: Boot with Hirens.BootCD.

1. First, make sure that your DVD/CDROM Drive is selected as first boot device in BIOS (CMOS) Setup. To do that:

1. Power On your computer and press "DEL" or "F1" or "F2" or "F10" to enter BIOS (CMOS) setup utility.
   (The way to enter into BIOS Settings depends on the computer manufacturer).
2. Inside BIOS menu, find the "Boot Order" setting.
   (This setting is commonly found inside "Advanced BIOS Features" menu).
3. At “Boot Order” setting, set the CD-ROM drive as first boot device.
4. Save and exit from BIOS settings.

2. Put the Hirens Boot CD on the infected computer's CD/DVD drive in order to boot from it.

3. When the "Hiren’s BootCD” menu appears on your screen, use your keyboard arrows keys to highlight the “Mini Windows Xp” option and then press "ENTER"

Step 4. Modify Remote Registry.

1. From “Mini Windows XP” desktop, double-click at HBCD menu icon.

2. From Programs menu, select Registry > Registry Editor PE.

3. At Browse for folder screen, select the Windows directory where Windows are installed in (usually "C:\Windows") and choose OK.

4. Select the related registry hive in each window appears on the screen and then press Open. (You have to do that for all registry hives: SAM, SYSTEM, SOFTWARE & SECURITY).

e.g. to select the SAM hive select the "sam" file under "%windir%\system32\config\"directory and press Open. (e.g. C:\Windows\System32\config\sam)

5. If you want to edit a remote user profile (HKEY_CURRENT_USER) then you have to choose Yes at the following screen (otherwise select No).

6. Then select the NTUSER.DAT file found under the user profile directory (%userprofile%/ntuser.dat ) of the user that you want to edit. (Usually the full path is: C:\Users\%Username%\ntuser.dat in Windows 7 or C:\Documents and Settings\Username\ntuser.dat in Windows XP.)

7. If you want to select another remote profile to edit press Yes otherwise press No to continue.

8. At the Registry Editor PE's information window, press OK.

9. Double click to expand the HKEY_LOCAL_MACHINE key and you should see four (4) folders marked with the _REMOTE_ prefix on their name. These _REMOTE_ keys contains the remote registry settings so expand them and make all the modifications you want.

10. In the same way you can edit the remote user profile settings, found under HKEY_USERS key, with the prefix _REMOTE_.

11. Finally when you finish with the modifications, close the registry editor and the modifications will be uploaded automatically to the remote registry.

That's it!

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:

• Author
• Recent Posts

Konstantinos Tsoukalas

Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).

Latest posts by Konstantinos Tsoukalas (see all)

• FIX: Error 0x8007025d in Windows 10 Update. - April 22, 2024
• How to Disable Device Encryption in Windows 11/10. - April 17, 2024
• How to View Permissions on Shared Folders on Windows 10/11. - April 15, 2024