Editing Windows XP Registry Without Logging In

windows xpwindows-registry

I've got a windows XP installation that has a corrupt registry. A worm (which was removed) had hijacked the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon entry (which should have a value of Userinit=C:\windows\system32\userinit.exe

When the worm was removed, the corrupt entry was deleted entirely, and now the system automatically logs off immediately after attempting to log in. Regardless of the user and boot mode, no accounts can be logged in to.

The only thing required to correct this behavior is to restore the registry key, but I cannot come up with any ways of editing the registry without logging in to an account. I tried remotely connecting to the registry but the required services aren't enabled on the machine.

I tried booting on the same machine using the BartPE boot CD but I could not find any way of editing the registry on the C:\Windows installation – running regedit only modifies the X:\I386\ registry in memory.

So, what can I use modify the registry of an un-login-able Windows XP instance so that I can log in again?

Thanks guys.

EDIT: The fix worked. The solution to the auto-logoff problem was, as hoped, to simply add the value mentioned above to the appropriate registry entry.

This can be done using the BartPE Boot CD, as described in the accepted answer below, but I used the Offline NT Registry Editor software mentioned in another answer. The steps were:

  1. Boot from the NT Registry Editor CD
  2. Follow the directions until the appropriate boot sector is loaded.
  3. Instead of using one of the default options for modifying passwords or user accounts, type "software" to edit that hive.
  4. Type '9' to enter the command line based registry editor.
  5. Type "cd Microsoft" (enter) "cd Windows NT" (enter) "cd CurrentVersion" (enter) "cd Winlogon" (enter)
  6. Type "nv 1 Userinit" to create a new value under the Winlogon key
  7. Type "ev Userinit" to edit the new value, and when prompted, type "C:\windows\system32\userinit.exe" (enter)
  8. Type 'q' to quit the registry editor, and as you back out of the system, follow directions to write the hive back to disk.
  9. Restart your computer and log in – problem solved.

(generic 'warning: back up your registry' disclaimer)

Best Answer

You should be able to load the registry hive from your BartPE boot CD. You can follow the instructions listed here:

To load a hive into the registry

  1. Open Registry Editor
  2. In the registry tree (on the left), click either the HKEY_USERS or HKEY_LOCAL_MACHINE keys
  3. On the File menu, click Load Hive.
  4. In Look in, click the drive, folder, or network computer and folder that contains the hive you want to load.
  5. Click Open.
  6. In Key Name, type the name that you want to assign to the hive, and then click OK.

Caution

  • Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.
Related Question