Sometimes, you may need to edit the Windows registry offline to rectify a situation where Windows doesn’t boot after modifying some settings recently. Windows Recovery Environment (WinRE) is a handy platform that provides various system recovery options to diagnose and repair an unbootable Windows installation.
This post explains how to edit the Windows registry offline via Recovery Environment. The screenshots are from a Windows 10 computer. The instructions apply to Windows 11 as well.
How to Edit Windows Registry Offline
Step 1: Accessing the Recovery Environment
Press WinKey+X. Click Shut down or sign out, press and hold the
SHIFT key and click Restart. In Windows 10, you can also open Settings (WinKey + i), click Update and Security, click Recovery, and click the Restart Now button under Advanced Startup.
To access Windows RE on an unbootable computer, boot the system using your Windows setup USB disk and access the Recovery Options. Or you may use the Recovery drive if you’ve created one already.
Have the BitLocker key ready if you’ve enabled BitLocker drive encryption on the OS drive.
In the Recovery Options, click Troubleshoot.
Click Advanced options
At this point, you’ll be offered various recovery options, such as:
- System Restore
- System Image Recovery
- Startup Repair
- Command Prompt
- Startup Settings
- Go back to the previous build
If a recent software installation or Malware attack has caused your system unbootable, a System Restore rollback would be ideal. On the other hand, if you want to fix a specific registry setting, or to delete a locked-down file or registry key that you can’t otherwise modify when Windows is running, click Command Prompt.
Note: If Windows RE is manually started from a repair disk, then the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
If your drive has been encrypted using BitLocker Drive Encryption, you’ll now see the recovery key prompt such as the one below:
If you’ve forgotten the BitLocker recovery key or lost the printout, you can view the key by signing into your Microsoft account (that’s not the only way, though) and going to this URL:
Microsoft account | BitLocker recovery keys: https://account.microsoft.com/devices/recoverykey Find my BitLocker recovery key: https://support.microsoft.com/en-us/windows/find-my-bitlocker-recovery-key-fd2b3501-a4b9-61e9-f5e6-2a545ad77b3e
Even if you launch Command Prompt using the Shift + F10 key combination (bypassing the BitLocker recovery screen) or clicking the “Skip this drive” option, you won’t be able to access the encrypted drive. You’ll be asked to unlock the drive via Control Panel.
In my case, I haven’t enabled BitLocker Drive Encryption. So, no BitLocker prompt appeared.
Select your Windows user account, type the password on the next screen, and click Continue.
(If you’ve booted into Windows RE using the Windows installation or repair disk, you wouldn’t see the password prompt below.)
Command Prompt window would now show up.
Step 2: Find your Windows drive letter (in Windows RE)
The next job is to find the drive letter of your Windows installation, as seen from Windows RE. This can be done by running the bcdedit /enum osloader command.
Important: If you’re accessing Windows RE using a bootable setup or recovery disk, run “bcdedit /enum osloader“. Else, running “bcdedit” should be sufficient.
In the BCDEDIT command output, look for the boot loader entries containing the fields, namely, path (mentioning
winload.efi) or osdevice or systemroot, and make a note of the drive-letter, which in this case, is
It doesn’t have to be
D:\ in every case; Depending upon the computer, the Windows drive letter (as seen from Windows RE) may be
C:\ itself. It’s advisable to run
bcdedit /enum osloader anyway.
Step 3: Edit the Windows Registry Offline via WinRE
(As per the output in Step 2 above, your Windows installation is in D: drive in this example.)
In the Command Prompt window, type REGEDIT and press Enter to launch the Registry Editor.
In the Registry Editor, select the HKEY_USERS hive.
Click the File menu, and click Load Hive…
The Load Hive… option would be available if you’re currently in HKEY_USERS or HKEY_LOCAL_MACHINE. In this case, we select HKEY_USERS and click the Load Hive.. option.
INFO: Registry hives list
Registry hives are database files that store data. Here is the list of common registry hives and their description.
|Registry Hive Filename
|Registry Key Location (in your Windows installation)
|Stores the local user account info and passwords.
|Contains services/devices/LKG configuration, etc.
|Contains entries added by programs, Product keys.
|Profile used by the Local System account
|User registry hive. Stores per-user settings.
|User registry hive. Stores per-user file association settings.
(In our case, we need to load the
SOFTWARE registry hive and edit the
UserInit registry value. However, if you need to modify the services configuration or startup type, you need to load the
SYSTEM registry hive instead of
Browse or type the path to the
SOFTWARE registry hive of your Windows installation, which is in D:\ drive in this example, as per the output in “Step 2“.
The path to the
SOFTWARE registry hive of your Windows installation (when seen from Windows RE) would be “
d:\windows\system32\config\software“. Type the path and click Open.
Mention a name for the loaded hive.. it can be anything.
The SOFTWARE registry key is now mounted to a branch named
The loaded SOFTWARE hive (MyKey) is nothing but the following registry path of your Windows installation:
Fixing a Registry Key/Value
Let’s assume you want to fix the
Userinit registry value, which was modified by malware, and you cannot log on to your profile. To fix the
Userinit value, go to the following branch:
Double-click the Userinit value, and fix the path accordingly.
Note: You’ll need to use the actual path to your Windows installation (NOT the Win RE assigned drive letter D:). If Windows is installed in C:\, then the
Userinit registry value data should be:
(You must include the trailing comma as well)
Related post: Here is a case where malware had modified the Userinit value (and locked down the Task Manager in some systems), thus blocking the user from logging on to their user account. Check out the article Fix “Can not find script file C:\WINDOWS\run.vbs” for more information.
Once the changes are made, it’s time to Unload the hive. To do so, go back to the “
MyKey” branch, click the File menu, and choose Unload Hive…
That’s it! Type EXIT in the Command Prompt window. Continue to Windows.
Optionally, once you’re successfully logged on to your user account, load the Registry Editor, and you’ll see that the value you modified offline is reflected there.
The above step is not needed anyway. It’s just in case you’re curious if the offline registry editing has worked.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!