|Home │ Lock Reg Part I │ Merge Registry │ Reg.exe │|
This article applies to: Windows 2000/XP/Server 2003
Topics on this page:
You can access the registry of another computer on a network if you have the right credentials. This method of accessing the registry has been available in older versions of Windows and is usually reserved for system administrators. it is useful for troubleshooting if the registry is damaged or locked (see my tutorial on locking the registry).
The term remote registry and network registry is used interchangeably in Windows XP. The service is called Remote Registry service but in the registry editor it is called network registry.
It is still prudent to back up the registry regularly. Windows XP's own back up tool NTbackup is well equipped to do this.
You need to connect the remote computer on a network and both computers must be started and logged on.
The Remote Registry service in the remote computer needs to be running. If in doubt, go to:
Start > Run > services.msc
to verify its status. Unless you carry out remote registry editing, it is best to disable this service or at least leave it to Manual for security.
Caution: in Remote Registry Properties > Log On tab, do not change anything (i.e. leave Log on as: This account: NT AUTHORITY\localservice).
If you cannot connect, check the user account password and Remote Registry service. I find that first logging on to a network shared folder on the same computer enables remote registry connection to be made more quickly (using the same logon credentials); or start the TCP/IP NetBIOS Helper service (but it is not strictly essential).
Both Windows Firewall (SP2 version, Exceptions: File and Printer Sharing; Remote Desktop not needed) and Zone Alarm can be left enabled (Trusted Zone - Medium) with no extra configuration. It works with both wired and wireless LAN.
Run regedit in the client computer. Go to:
File > Connect Network Registry...
Type the correct computer name in the dialogue box (similar procedure as accessing a network shared folder).
If password authentication is required (as it should be for all shared resource), type the login User Name and Password in the fields. Click OK.
Once connected, the remote computer's registry hives
HKEY_LOCAL_MACHINE and HKEY_USERS
will appear at the bottom of the local computer's five registry hives under its computer name. Figure 1 shows an example in which a label "Remote Computer" has been used to identify the registry hive from the Remote Computer. In the real world, the remote computer's real computer name will be shown.
Fig. 1. Remote registry hive loaded
To edit the per user registry hive belonging to the currently logged on user on the remote computer, go to this subkey:
and navigate as if it is in the local computer.
You can see that what usually is the HKCU hive on the remote registry (it maps to the HKU hive in fact) appears under HKU and user SID S-1-5-21. Selecting S-1-5-21 will load the registry hive of the user who is currently logged on on the remote computer (the console user).
Fig. 2. SID S-1-5-21 on the remote registry hive.
Thus if the Administrator account is logged on on the remote computer then S-1-5-21 refers to this account. If another account is logged on, S-1-5-21 refers to that account instead. It is important to realise this.
To edit the per computer registry hive belonging to the remote computer, go to:
under the remote computer name.
You can only edit these two registry hives.
5. Disconnecting from the Network Registry
When you have finished editing, remember to go to:
File > Disconnect Network Registry...
Select the computer name (for the computer whose registry is to be disconnected) on the list in the dialogue box and click OK.
Do not shut down (or go to standby) the remote computer before disconnection; otherwise it may not able to access it again without reloading regedit.
Windows XP Registry in general
Honeycutt, Jerry, Microsoft Windows XP Registry Guide (Redmond: Microsoft Press, 2003)
Go to TOP
Copyright © 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author. All the products mentioned are trademarks of their respective companies.
DISCLAIMER: Edit the registry at your own risk. If possible use the Group Policy Editor. There is no undo in regedit. If you are inexperienced with regedit, when possible back up the whole registry or the key you are about to change first before modifying or deleting the key. Do not modify more than one key/name/value at a time. Re-logon or reboot and see what happens first.
Created 27 Mar 2005, last updated 4 April 2005