Open Windows registry offline


The Windows Registry is a central database of Windows settings. The registry consists of several files (=hives). With exception to the user-specific settings the Windows Registry files are under: %Systemroot%\System32\config (thus usually under: c:\windows\system32\config).

Open Windows Registry

The registry can be opened using the command "regedit" in the search box

Hives of the registry

The HKEY_LOCAL_MACHINE (HKLM) hive contains computer specific settings.
HKLM consists of the following files:

File in the file system Branch in the registry:
%Systemroot%\System32\config\SAM HKEY_LOCAL_MACHINE\SAM
%Systemroot%\System32\config\SYSTEM HKEY_LOCAL_MACHINE\SYSTEM
%Systemroot%\System32\config\DEFAULT HKEY_USERS\DEFAULT


HKCU contains settings for the currently logged on user and is located in the following file in the file system: %Userprofile%\ntuser.dat
Hive in the registry: HKEY_CURRENT_USER


HKU contains settings for all users who have logged on to the computer once.
Database files: the respective ntuser.dat of the user profiles, and for the branch HKEY_USERS\Default the corresponding file: %Systemroot%\System32\config\DEFAULT


contains, for example, the mapping of file extensions to programs, context menus, class identifiers, and Windows mappings
This key is stored in HKEY_LOCAL_MACHINE and in HKEY_CURRENT_USER and therefore does not have its own database file.
HKEY_LOCAL_MACHINE\Software\Classes contains settings for all users
HKEY_CURRENT_USER\Software\Classes contains settings that override the settings for all users and apply only to the interactive user.
HKEY_CLASSES_ROOT combines information from both sources.


Information about the hardware profile that the computer uses at startup (=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current) also does not have its own database file.

Open Windows registry offline

to load the Windows registry from a non-booted operating system (for example a 2nd Windows installation on another drive letter, using BartPE, backup files of the registry, ...)

reg load HKLM\myofflineReg PathtoRegistrationFile
then use regedit to edit the registry
(located using the example under: HKLM\myofflineReg )
to save:
reg unload

