Edit Registry Without Booting In Windows

How To Edit Registry Key Values without Booting in Windows

Many years ago when I was still a novice in computers, I accidentally disabled userinit.exe from startup thinking that it was spyware using the SysInternals tool Autoruns. When I restart my computer, I was unable to login to Windows. Whenever I select the user from the list, it logs in and automatic logs off. I had a really tough time trying to restore userinit.exe back to Windows startup list as it wasn’t easy accessing and editing the registry when Windows is unbootable. Autoruns is much smarter now because when you uncheck userinit.exe from Logon, it will warn you that “disabling or deleting Userinit will prevent users from logging on”.

In the end I managed to fix the problem but I couldn’t exactly remember how I did it because I tried many many ways and I got lucky. Recently I found a real solution on how to edit Windows registry key values without booting into Windows. If you have a similar situation as my previous case which requires you to edit the registry without Windows, then here is how to do it.
 
Listed here are 3 methods to edit the Windows registry keys using a bootable CD. The first 2 are the easier ways and the last way is a longer and more troublesome process. Although I am showing you how to repair the userinit registry key, these methods can obviously be used for any other keys in the registry that need to be edited.

Method One

This first method uses a great free tool called PC Regedit which lets you create, delete and edit Windows registry key values without Windows.

1. Download PC Regedit (Google it)

2. Burn the downloaded PCRegedit.iso to a disc.

3. Boot up the computer with the PC Regedit disc and it will load up ISOLINUX.

4. When everything is loaded, you will see a MyFileChoose Title window. By default you are at                     config folder. Scroll down a little, select SOFTWARE and click OK.

5. Navigate to root -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon.

6. Look for the Userinit key and make sure that the value is set as                                                                 C:\Windows\System32\Userinit.exe, (including the comma). If the Userinit key is not there, you can     add a new key by right clicking at the right pane and select Add Key.

You can use this method to load up other registry files and edit them. Here are the explanation of the 5 registry files for HKEY_LOCAL_MACHINE.

Registry Location: HKEY_LOCAL_MACHINE\SOFTWARE
File: SOFTWARE
Backup: SOFTWARE.LOG

Registry Location: HKEY_LOCAL_MACHINE\SECURITY
File: SECURITY
Backup: SECURITY.LOG

Registry Location: HKEY_LOCAL_MACHINE\SYSTEM
File: SYSTEM
Backup: SYSTEM.LOG

Registry Location: HKEY_LOCAL_MACHINE\SAM
File: SAM
Backup: SAM.LOG

Registry Location: HKEY_CURRENT_USER
File: NTUSER.DAT
Backup: ntuser.dat.LOG

Registry Location: HKEY_USERS\.DEFAULT
File: DEFAULT
Backup: DEFAULT.LOG

On Windows-NT based systems such as Windows NT, 2000, XP, Vista and 7, each user’s settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own Documents and Settings subfolder (or their own Users subfolder in Windows Vista or 7). For example, C:\Documents and Settings\Raymond\NTUSER.DAT.

Method Two

This method involves using the popular Hiren’s Boot CD and its Mini XP feature to edit the registry.

1. Download the Hiren ISO.

2. Burn the downloaded Hirensbootcd.iso to a disc.

3. Boot up the computer with the Hiren disc and and at the menu select “Mini XP”.

4. When the Mini XP is loaded, click the Hiren menu icon in the tray -> Registry -> Registry Editor PE.

5. When asked to, set the remote Windows directory (usually C:\Windows) and press OK.

6. Click OK on each window to select the related registry hive. If you want to edit a registry value from         HKEY_CURRENT_USER you will need to select Yes when asked if you want to load an NTUSER.DAT     and locate the file in the user directory.

7. Expand HKEY_LOCAL_MACHINE and the hives will automatically load with the _REMOTE_ prefix.           Navigate to _REMOTE_SOFTWARE -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon

8. Double-click Userinit and set it’s value correctly such asC:\Windows\System32\Userinit.exe,

Important Note: Make sure you include the comma at the end after Userinit.exe. It is there by default.

9. Close the registry editor and the hives will be unloaded.

Method Three

This will explain the tougher method on how to access registry without booting in to Windows using UBCD4Win. Once you have the CD created, just follow the few simple steps below.

1. Boot up computer with UBCD4Win.

2. Once Ultimate Boot CD 4 Windows is fully loaded, click Start -> Programs -> Registry Tools ->                 RegEdit

3. Select HKEY_USERS

4. Click File from menu bar and select Load Hive

5. Browse to C:\Windows\System32\Config\ and select SOFTWARE. Make sure that it is C:\ and not X:\

    drive, otherwise you’ll be loading the CD’s registry.

6. Enter the Key Name as NEWHIVE.

7. Expand HKEY_USERS and you’ll see a newly created NEWHIVE in the list. Expand the NEWHIVE and     locate the following location. HKEY_USERS -> NEWHIVE -> Microsoft -> Windows NT ->                           CurrentVersion -> Winlogon

8. Double-click Userinit and set it’s value correctly such asC:\Windows\System32\Userinit.exe,

Important Note: Make sure you include the comma at the end after Userinit.exe. It is there by default.

9  . Go back to HKEY_USERS and select NEWHIVE.

10. Click File from menu bar and select Unload Hive. Click Yes when asked if you are sure you want to unload the current key and all of its subkeys.

If you already have UBCD4Win created, the whole process is much faster. However, I understand that not everyone has a Windows XP install disc on hand.