Hi all, here's the situation... I have a ghost image of XP that i want to restore to a different partition (multi-boot)... but i need to delete some registry entries from it before i can restore and boot from it...

How can i do it, how can i edit the registry without the OS booted up, can it be done?

There are ways around this by restoring the image, deleting the keys and re-imaging, but i don't really want to do this if there's another way to do this with the OS offline by editing the image with ghost explorer.

Any ideas would be much appreciated, i've been searching all over the net and can't find any hints or anything telling me where the registry files are in XP or how to edit them???

TIA... Regards :)

Here's the Win 2000 Registry Reference, which should apply equally to XP:

http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp

thanx SuperSparks, good link but it may be that i'm not using the right words to search it, i can't seem to find anything that even says it possible to edit the registry of an Offline (non-booted) OS like XP.

I'm sure this could be done with Win9X because the registry was just a file(s) on the drive, maybe i'm wrong, but it shouldn't be asking to much to edit it if it's just another file in a ghost image...

What i'm hoping to do is find the registry file within my ghost image, open it up in some sort of registry editor, delete some keys and put the pre-edited registry file back in the image replacing the old registry file... Then i can use this ghost image on any other partition...

I've got to admit that I've never heard of anyone trying to do what you want. I think even if you could find the files you'd need a hex editor to modify them anyway. Assuming they might still have the file extension .dat like in 9x I tried searching, but there are hundreds in XP.

I'll carry on looking, though, you've got me intrigued as to where the registry files do live now.

OK, with a little help from "Windows XP Inside Out", you can find where the registry files live with Regedit. Go to HK_Local_Machine\System\CurrentControlSet\Control\hivelist. Apparently \Registry\Machine\Hardware doesn't live on the HD but is created in RAM each time the machine is booted, so you can ignore that one.

Yup i know what u mean about a rare question, but i thought i'd try :)

I've just found THIS LINK (http://www.jsiinc.com/SUBK/tip5300/rh5364.htm) which has other info relating to what u just posted, some interesting new stuff... Thx for the info u gave, i'm now quite sure-ish i know which file to edit:

The keys i need to delete are all under the following branch:
[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]

So i guess i'd need to edit the Reg file: SYSTEM
Which is in directory: C:\WINDOWS\system32\config\

OK, i'm now gunna dig that SYSTEM file out of my ghost image and see what i can make of it, it's a step in the right direction, but i'm not sure i'll know what to do with it, :D i'll look...

Regards :)

I know I don't need to tell you this Lotus, but make sure you back it up first. From everything I've ever read, fiddling with the registry without using Regedit is considered just about the most dangerous thing you can do. About akin to BASE jumping or free rock-climbing without any ropes or other aids :D

I agree, nothing like a good ghost image to fall back on :) as extra security i'll also pull out my removable data/backup drive too when i try and boot this image, should be safe enough then :)

Right, i've extracted this SYSTEM file from my Ghost Image, i took a look at it with UltraEdit, but that means absolutely nothing to me... :D so i tried notepad :D and things do look more familiar and i can find references to the said Branch of the Registry but it's not a very user friendly format... and not what i hoped for...

...i need to find some other way of editing these files, i need a program like REGEDIT with an option to load in a registry file and edit it in the familiar way, then save the file when i'm done, that would be cool... ???

With Windows 98 there was a DOS version of Regedit that would allow exporting and importing entries. I don't know if it will do what you want, or if it will work on the registry files for 2000 or XP, but you could experiment with that on copies of the files (copied to a FAT32 file system).

to my knowledge there is no command line support of the registry for windows xp.
Which isn't good because the registry can become corrupted without knowing.

But you can use the REG command from within windows
you can

REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?

I think you should look into loading hive files with REG then editing them with regedit then unloading them back.

But I doubt if you can load the plain registry files
only ones exported with the REG command.
but there may be a work around

K guys, i'm gunna look into both suggestions now, thx for the advice... lets see if i can work this out...

Hmmm, can't make head nore tail of it so far, every time i open REGEDIT (even the 98 version from within XP) it still defaults to opening the registry thats's in use by the booted OS, so i can't seem to edit these relevant registry hives as fresh separate files, well, i can't work it out anyway :)

Looks like recreating a ghost image my be my only way to delete these keys... unless anyone got any other pointers/ideas for me to try?

In the mean time i'll be back to searchin' and readin' while awaiting any info u may have...

Thx again :)

After running regedit (regedt32 in Win2k), you need to select HKEY_LOCAL_MACHINE and "Load Hive..." from the File menu. See 811408 (http://support.microsoft.com/?kbid=811408) (method 2) for details.

Thx Mulder, now that does look very promising and easy to follow, i'll give it a go and post back...

fingerz crossed :)

Gees,
why the heck have been wasting my time with loading with REG.
Cool,

thx Mulder

Nice one Mulder, your suggestion worked just as i hoped for, it was exactly what i needed... Thx v much!

...the PC booted up sweet 1st time with the newly edited registry in place... and yup, was nice n easy to do so i'm very happy with it.

Thx again to everyone else... all good information that helped lead to the final solution, u guys r great...

Regards :)