How to Edit the Registry Offline Using Windows Recovery Environment?

Windows Recovery Environment (Windows RE) is an extremely useful platform which provides various system recovery options to diagnose and repair an unbootable Windows installation. This post explains you in detail and with plenty of screenshots on how to perform a offline registry editing of your Windows installation, via Recovery Environment. The screenshots are from a Windows 10 computer.

Accessing the Recovery Environment

In Windows 8 and Windows 10, press WinKey+X to open the Power User menu. Click Shut down or sign out, press and hold the SHIFT key and click Restart. In Windows 10, you can also open Settings (WinKey + i), click Update and Security, click Recovery, and click the Restart Now button under Advanced startup.

If Windows doesn’t start, then boot the system using your Windows installation media to access the Recovery Options. Or you may use the Recovery drive if you’ve created one already.

In the Recovery Options, click Troubleshoot.

Click Advanced options

At this point, you’ll be offered various recovery options, such as:

  • System Restore

  • System Image Recovery

  • Startup Repair

  • Command Prompt

  • Startup Settings

  • Go back to the previous build

If a recent software installation or Malware attack has caused your system unbootable, a System Restore rollback would be an ideal option. On the other hand, if you want to fix a specific registry setting, or to delete a locked down file or registry key which you can’t otherwise modify when Windows is running, click Command Prompt.

Select your user account, type the password in the next screen, and click Continue.

Command Prompt window would now show up.

Next job is to find the drive-letter of your Windows installation, as seen from Windows RE. This can be done by running the BCDEDIT command.

In the BCDEDIT command output, look for the boot loader entries containing the fields namely, path (pointing to winload.exe) or osdevice or systemroot, and make a note of the drive-letter, which in this case is D:\

Edit Registry Offline Using Recovery Environment

In the Command Prompt window, type REGEDIT and press ENTER to launch the Registry Editor.

Select the HKEY_USERS hive, click the File menu and click Load Hive…

The Load Hive… option would be available if you’re currently in HKEY_USERS or HKEY_LOCAL_MACHINE. In this case, we select HKEY_USERS, and click the Load Hive.. option.

Browse or type the path to the SOFTWARE registry hive of your Windows installation, which is in D:\ drive in this example. The actual path to the SOFTWARE registry hive would be "d:\windows\system32\config\software". Type the path and click Open.

Mention a name for the loaded hive.. it can be anything.

The SOFTWARE registry key is now mounted to a branch named MyKey.

The loaded SOFTWARE hive (MyKey) is actually nothing but the following registry path of your Windows installation:


Fixing a Registry Key/Value

Let’s assume you want to fix the Userinit registry value which was modified by Malware, and you’re unable to logon to your profile. To fix the Userinit value, go to the following branch:

HKEY_USERS\MyKey\Microsoft\Windows NT\CurrentVersion\Winlogon

Double-click the Userinit value, and fix the path accordingly.

Note: You’ll need to use the actual path to your Windows installation (NOT D:\ as seen from Win RE). If Windows is installed in C:\ then the userinit registry value data should be:


(Include the trailing comma as well)

Related post: Here is a case where a malware had modified the Userinit value (and locked down the Task Manager in some systems), thus blocking the user from logging on to their user account. Check out the post Fix "Can not find script file C:\WINDOWS\run.vbs"  for more information.

Once the changes are made, it’s time to Unload the hive. To do so, go back to “MyKey” branch, click the File menu and choose Unload Hive…

That’s it! Type EXIT in the Command Prompt window and Turn off computer, or continue to Windows.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support, my reader. It won't take more than 10 seconds of your time. The share buttons are right below. :)

About the author

Ramesh Srinivasan founded back in 2005. He is passionate about Microsoft technologies and he has been a Microsoft Most Valuable Professional (MVP) for 10 consecutive years from 2003 to 2012.

20 thoughts on “How to Edit the Registry Offline Using Windows Recovery Environment?”

  1. You sir, have saved my PC. Thanks for the knowledge. I’m now trying to get AVG to remove the malware permanently and uninstalling all the malware affiliated software. Thank you sooo much

  2. Hi Ramesh. This is a fantastic tutorial, as are all your blog entries. When I was working this example, I performed “load hive” on the HKEY_LOCAL_MACHINE branch because I wanted to check out whether the CurrentControlSet subkey exists offline. As I suspected, it does not. Went I went to perform “unload hive” on the HKEY_LOCAL_MACHINE branch, that option was not available. However, it was available on “MyKey” so I unloaded that temp hive. I then performed the load hive on the HKEY_USERS branch and the same thing happened (unload hive option was only available on “MyKey”). Does this sound right?

  3. You saved my ars, and my gaming rig!!!

    For Info:
    Updated Win 10 to 19xx
    Steam does not start correct, always at 3 time!
    Disabled ram compression all ok

    regedit services ipxx and RT values to start 1 (instead of 2)
    Reboot loop

    Got ashen!

    started NB – searched google for “window 10 edit registry in restore mode
    clicked all the entries, till found your in place 5 (after all usless infos and ads)

    got ashen again at the point “load hive” is grayed! Paniced!
    googled again – found entry in superuser
    back to ur site, reread the part, face palm ! you had wrote it …

    loaded hive, reseted all the service remembered to start 2 or 3.
    Unloaded, restarted, took 10 seconds longer, ashed again at the blank screen!

    BAM login was there !

    Thank you, you made the job MS disabled:
    Registry auto backup and load last state!

  4. While loading hive, I am getting below error:

    Cannot Load X:\Windows\System32\config\SOFTWARE: The process cannot access the file because it is being used by another process.

    • @Nitin: Use the correct drive-letter. When you’re in WinRE X:\ will be drive-letter for WinRE environment, and not the drive-letter of your Windows installation. Use Bcdedit as mentioned in the article to find out the right drive-letter.

  5. You are my hero, thankyou now i can log in to windows, because i accidentally running chkdsk and somehow stuck at 10% and i followed loading hive as your instructions but in “system” hive and edit bootexecute for autochk as default and poof work as magic after hours


Leave a Comment