Poor Richard said:I have a need to use regedit on a registry that is on an external disk. Are
there options when starting regedit to direct it to another copy of a
registry file that is not in use on the computer? What are the file names
of the registry?
Richard
Poor said:I have a need to use regedit on a registry that is on an external disk. Are
there options when starting regedit to direct it to another copy of a
registry file that is not in use on the computer? What are the file names
of the registry?
Richard
The WinXP registry can be found in C:\Windows\System32\Config\.
It'll be divided into several data files, such as Security,
Software, and System. The user-specific portion of the registry is
stored in each user profile, in a file named NTUser.dat.
Within Regedit, click File > Load Hive, and then point to the
\Windows\System32\Config\ folder on the external drive.
Bruce said:The WinXP registry can be found in C:\Windows\System32\Config\.
It'll be divided into several data files, such as Security, Software,
and System. The user-specific portion of the registry is stored in
each user profile, in a file named NTUser.dat.
Within Regedit, click File > Load Hive, and then point to the
\Windows\System32\Config\ folder on the external drive.
Might there be other locations for other files, or is the ...\config
the entire contents of anything that is a file format? By process
of elimination I can probably answer that myself, but it you know
the answer it'd sure help.
I assume you're aware that only 2 of the Regedit roots can be
loaded, right? I thought your post sounded like it would open all of
them.
VanguardLH said:in message
There are only 2 real hives: local machine and users. All the others
are *copies* (partial) of those root hives; that is, there are 2 root
hives and the others are pseudo-hives. HKCU shows the entries under
the HKU hive but only for the currently logged on user. HKR shows a
mix of entries from HKLM and HKU for the currently logged on user.
The HKCFG hive is a mix of System (used for HKLM) and ntuser.dat info.
There are only 2 real hives. The others are compilations made up from
those 2 real hives.
The SAM, Security, Software, and System registry files are all part of
the HKLM hive. The HKU user hive is taken from the ntuser.dat file
user the currently logged on user's profile path. The HKCFG hive is
compiled from the System and ntuser .dat files.
http://www.bleepingcomputer.com/tutorials/tutorial74.html
http://support.microsoft.com/kb/256986
http://en.wikipedia.org/wiki/Windows_Registry
Poor said:Will this action, Load Hive, replace the current hive?
The "other" hives, partials of the two "real" ones: Are those
created/updated at boot time? e.g. if I make a change in local
machine, does it propogate to the relevant partial hives? Sorry,
I'm not useing names yet because I'd screw them up for sure<g>.
VanguardLH said:in message
There are no registry .dat files to record the values of the
pseudo-hives. There is no need. The values shown in those
pseudo-hives is taken from the HKLM and HKU hives. Those pseudo-hives
are generated when you login.
Obviously HKCU cannot be defined until a user actually logs in since
that pseudo-hive is supposed to contain entries for THAT logged in
user. HKR and HKCFG are also pseudo-hives built when you login.
Those pseudo-hives only exist in the memory copy of the registry (you
and the apps do not use the disk copy of the registry and instead
access is against the memory copy, but updates to the memory copy will
get written back into the .dat disk files).
There are no disk files for the pseudo-hives since there is no need to
duplicate their data that they got from the real hives.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.