When your computer no longer boots up or you’re unable to login to Windows, a registry hack might fix your problem. To access the registry for an unbootable Windows installation, you should use a WinPE bootdisk. In this tutorial we’ll walk you through the steps to load / edit offline registry hive from WinPE.
Before get started, we need to know the locations of Windows registry hives:
HKEY_LOCAL_MACHINE\SYSTEM: %windir%\system32\config\SYSTEM
HKEY_LOCAL_MACHINE\SAM: %windir%\system32\config\SAM
HKEY_LOCAL_MACHINE\SECURITY: %windir%\system32\config\SECURITY
HKEY_LOCAL_MACHINE\SOFTWARE: %windir%\system32\config\SOFTWARE
HKEY_USERS\.DEFAULT: %windir%\system32\config\DEFAULT
How to Edit Offline Windows Registry from WinPE?
- Boot your computer into WinPE. Open a Command Prompt and run regedit.exe to open the Registry Editor.
- In the left pane of Registry Editor, highlight the HKEY_LOCAL_MACHINE hive (or HKEY_USERS).
- Click the File menu and select Load Hive.
- Browse to your Windows partition and select the registry hive which you wish to load. In my example, the registry hives are located in the directory D:\Windows\System32\Config.
- Type a key name whatever you like (e.g. “OfflineReg“) and click OK. The name will be used to create a new node in the tree so one can browser the offline registry.
- Now under the HKEY_LOCAL_MACHINE key, you should see a new key named after the name you typed previously.
- Expand the new key, browse to the desired key or value for editing. In my example, I browse to OfflineReg\Software\Microsoft\IdentityCRL\StoredIdentities and delete its subkey.
- When you finish with the modifications, highlight the key you created previously (e.g. “OfflineReg“). Click the File menu and select Unload Hive.
- This will unload the hive and all changes made will be saved to the offline registry.