4 Ways to Edit Registry Key Values Without Booting into Windows

Many years ago when I was still a novice in computers, I accidentally disabled userinit.exe from startup thinking that it was spyware using the SysInternals tool Autoruns. When I restarted the computer, I was unable to login to Windows. Whenever I select the user from the list, it logged in and automatic logged off. I had a really tough time trying to restore userinit.exe back to the Windows startup list as it wasn’t easy accessing and editing the registry when Windows is unbootable. Autoruns is much smarter now because when you uncheck userinit.exe from Logon, it will warn you that “disabling or deleting Userinit will prevent users from logging on”.

In the end I managed to fix the problem but couldn’t exactly remember how I did it because I tried many many ways and I got lucky. I eventually found a real solution on how to edit Windows registry key values without booting into Windows. This is also useful for editing malicious startup items such as rogueware and ransomware. If you have a similar situation as my previous case which requires you to edit the registry without Windows, then here is how to do it. Listed here are 4 methods to edit the Windows registry keys using a bootable CD. Although you are being shown how to repair the userinit registry key, these methods can obviously be used for any other keys in the registry that need to be edited.

Method One

This first method uses a great free tool called PC Regedit which lets you create, delete and edit Windows registry key values without Windows.

1. Download PC Regedit.

2. Burn the downloaded PCRegedit.iso to a CD. Refer to this guide on how to burn ISO images on a CD.

3. Boot up the computer with the PC Regedit disc and it will load up ISOLINUX.

4. When everything is loaded, you will see a MyFileChooser Title window. By default you are at the Config folder. Scroll down a little, select SOFTWARE and click OK.

Edit registry without booting windows

5. Navigate to Root -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon.

6. Look for the Userinit key and make sure that the value is set as:

C:\Windows\System32\Userinit.exe, (including the comma)

If the Userinit key is not there, you can add a new key by right clicking at the right pane and select Add Key.

EditDialog Title

You can use this method to load up other registry files and edit them. Here are the explanation of the 5 registry files for HKEY_LOCAL_MACHINE.

Registry Location: HKEY_LOCAL_MACHINE\SOFTWARE
File: SOFTWARE
Backup: SOFTWARE.LOG

Registry Location: HKEY_LOCAL_MACHINE\SECURITY
File: SECURITY
Backup: SECURITY.LOG

Registry Location: HKEY_LOCAL_MACHINE\SYSTEM
File: SYSTEM
Backup: SYSTEM.LOG

Registry Location: HKEY_LOCAL_MACHINE\SAM
File: SAM
Backup: SAM.LOG

Registry Location: HKEY_CURRENT_USER
File: NTUSER.DAT
Backup: ntuser.dat.LOG

Registry Location: HKEY_USERS\.DEFAULT
File: DEFAULT
Backup: DEFAULT.LOG

On Windows-NT based systems such as Windows NT, 2000, XP, Vista and 7, each user’s settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own Documents and Settings subfolder (or their own Users subfolder in Windows Vista or 7).

Method Two

This method involves using the popular Hiren’s Boot CD and its Mini Windows XP feature to edit the registry.

1. Download the Hiren’s Boot CD ISO.

2. Burn the downloaded Hirensbootcd.iso to a disc. Refer to this guide on how to burn ISO images on a CD.

3. Boot up the computer with the Hiren disc and and at the menu select “Mini Windows XP”.

4. When the Mini XP is loaded, click the Hiren menu icon in the tray -> Registry -> Registry Editor PE.

registry editor for PE

5. When asked to, set the remote Windows directory (usually C:\Windows) and press OK.

6. Click OK on each window to select the related registry hive. If you want to edit a registry value from HKEY_CURRENT_USER you will need to select Yes when asked if you want to load an NTUSER.DAT and locate the file in the user directory.

7. Expand HKEY_LOCAL_MACHINE and the hives will automatically load with the _REMOTE_ prefix. Navigate to _REMOTE_SOFTWARE -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon

remote registry

8. Double-click Userinit and set it’s value to “C:\Windows\System32\Userinit.exe,”. Make sure you include the comma at the end after Userinit.exe, it is there by default.

Restore userinit

8. Close the registry editor and the hives will be automatically unloaded.

The 3rd and 4th method can be found on page 2.

47 Comments - Write a Comment

  1. omar 2 months ago
  2. MF 12 months ago
  3. Alain 1 year ago
  4. Felipe 2 years ago
  5. Hacyran 2 years ago
    • Hacyran 2 years ago
  6. osm 2 years ago
  7. Krisaldo 3 years ago
  8. Biyen 3 years ago
  9. kopral 3 years ago
  10. Kimberley 3 years ago
  11. RN 4 years ago
  12. Joe 4 years ago
  13. Grateful 4 years ago
  14. evan 4 years ago
  15. Jamie 4 years ago
  16. Bob 5 years ago
  17. Greg A Bman 5 years ago
  18. Jim Budrakey 5 years ago
  19. yeah 5 years ago
  20. bob 6 years ago
  21. man 6 years ago
  22. Maurizio 6 years ago
  23. Pablo Hemingway 6 years ago
  24. Shea 7 years ago
  25. Cesar 7 years ago
  26. Mark S 7 years ago
  27. Steve 7 years ago
  28. Thom 7 years ago
  29. Aslam 7 years ago
  30. Computer Doc 7 years ago
  31. cangwadi 7 years ago
  32. Furqon 8 years ago
  33. leewind 8 years ago
  34. Richard McCready 8 years ago
  35. Erich Frerking 8 years ago
  36. Gjergji Kokushta 8 years ago
  37. Lucy 8 years ago
  38. mauricio 8 years ago
  39. clic 8 years ago
  40. Michael C. 8 years ago
  41. mbah gendeng 8 years ago
  42. Roy Raay 8 years ago
  43. Lilliput 8 years ago
  44. webcadre 8 years ago
  45. Ammar 8 years ago
  46. hardik 8 years ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please ask in our forum or contact us directly.