How to Edit the Registry of an Offline Windows System

From time to time it is necessary to edit the registry for a Windows system that is not currently online. This can be accomplished from the recovery console using the following procedure. Note that you should know exactly what you are doing before you attempt to make any changes to the registry, regardless of whether it is for an online or offline system. Ensure that adequate system backups area available and make note of any changes in the event that they need to be reversed.

Boot off of the Windows installation media



Select Repair your computer,



Select the OS to mount for the recovery tools, this post demonstrates using Windows Server 2008 R2, but this should work for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.



Open a command prompt,



Launch regedit and click on the hive to modify, then click file -> Load Hive,



Navigate to the \Windows\system32\config directory of the system partition for the installation to modify and open the correct hive,

DEFAULT -> HKEY_USERS
SAM -> HKEY_LOCAL_MACHINE\SAM
SECURITY -> HKEY_LOCAL_MACHINE\Security
SOFTWARE -> HKEY_LOCAL_MACHINE\Software
SYSTEM -> HKEY_LOCAL_MACHINE\System

The ntuser.dat file in the user's profile directory holds the registry data loaded under HKEY_USERS\<sid> (HKEY_CURRENT_USER for the logged on user).

Select a name that makes sense, I use something like HKEY_RESCUED_SYSTEM,



The hive is now loaded and can be viewed/modified as needed,



HKEY_RESCUED_SYSTEM holds the HKEY_LOCAL_SYSTEM\System hive for the Windows installation that we are trying to work with.



See Also,
Windows Crash Dump Analysis
How to Perform an Offline System Integrity Verification
How To Rescue Files From a Damaged System